With all the attention given Team Foundation Server lately, I haven’t spent much time keeping up with Team Suite and its constituent features. This article on developer.com by Nick Wienholt takes a brief look at the C/C++ native code analysis tools found in Team Suite and Team Edition for Developers.
The key to real security is to have multiple layers of defense. Relying solely on runtime library improvements to guard against coding patterns that can lead to buffer overruns and other security vulnerabilities is not sufficient. This article examines the Static Code Analyzer that ships with Visual Studio Team System (VSTS), Developer Edition, and explains how it can detect common security issues in native C/C++ code.