If you consider yourself a good programmer or at least you think your level is above average, I do not recommend reading this article. This article is meant for the managers of software projects. I would like to discuss here quite important, but very boring issues (for programmers), related to the methodology of static code analysis.
I hope, this introduction has stopped some programmers from reading. Someone may still continue reading, but this is the free will. We are going to speak about things that aren't much pleasant for the programmers.
Our company develops a static code analyzer PVS-Studio, meant to look for errors in the code of programs, written in C, C++ and C#. The idea is simple: we run the analyzer and examine those code fragments that seemed suspicious to it. In general, this is some kind of automatic code-review.