Why doesn't SAST have better Framework support (for example Spring MVC)?

I received this question today, and before I answered it, I was wondering if you guys wanted to have a go at it first: 

"...I was reading over some of your blog entries, that made me thinks about the current state of SAST regarding the current frameworks.

I've been aware for a long time that SAST do not handle properly framework-level information. In the case of Spring MVC, the tools just don't get the data flow, etc.

Since you worked at Ounce before, do you know any particular reason why they didn't want to fo into that direction? I mean, this is a solvable problem (you somewhat show how to do that in O2). Even if they would need to implement new front-ends, this is still a very important task to be done if they wanted to compete directly with Fortify (especially since F. doesn't get it either)....

For reference here are some of my previous Framework (i.e.Spring MVC) related posts:

• Current O2 support for analyzing Spring MVC 
• What needs to be done to map Static Analysis Traces from Controllers and Views 
• http://o2platform.wordpress.com/category/java/spring-mvc/ (numbers of code samples at O2's blog)
• In this (longish presentation) I also talk about some of the challenges that we have in supporting frameworks:  http://www.slideshare.net/DinisCruz/owasp-o2-platform-november-2010 

What do you think?

[Update blog post: What does SAST mean? And where does it come from?]