Good day everyone.
I am thinking of performing a static code analysis of the source code for possible security and code problems before every release. I think this will help to enhance the software quality.
I wish to see static source code analysis to be an integral part of the Bitcoin development process. I am not sure if the present code was checked for possible buffer overflow attacks or null pointer dereferencing problems or other critical code problems.
Any suggestions in these lines are welcome.
1) Which static code analsysis should we prefer or any good new static code analysis tools you are aware of which is FREE?
2) How can we ensure every developer is forced to make this a mandatory step in the development process?