It takes a lot more than a static analysis tool, a web scanning service, and a few paid hackers to make your mobile development lifecycle, team, and eventually, your applications secure. Finding flaws in an individual mobile application is easy (assuming you have the right technical skill set). What is a lot harder is actually stopping the creation of mobile application security flaws in the first place.
To achieve the lofty goal of a truly secure mobile application development program takes a rethinking of how we have traditionally secured our applications in the past. Mobile development brings many changes to enterprise engineering teams including additional new device sensors, privacy impacting behaviors that cross the security chasm between consumer and enterprise isolation, and even faster release cycles on the order of days instead of months. Smaller teams with little to no experience in security are cranking out mobile applications at a fevered pace. The result is an accumulation of security debt that will eventually be paid by the enterprises and consumers that use these applications.