Great blog post by john Carmack on using Static Code Analysis as part of good development processes. While the article is visual studio C++ specific -the points made are not and are very worth noting. Note If you are working on open source code then tools like Sonar and Cppcheck should be high on your list of tools integrated with your development environment. IF you are doing web development then its worth looking into owasp.org. Click on the image or title to learn more.