"Hi, Bryan here. Michael wrote last week on static analysis for native
C/C++ code, and this week I’ll be following up by covering the tools we
use for managed static analysis. The SDL requires teams writing managed
code to use two static analysis tools: FxCop and CAT.NET. Both of these
tools are freely available to the public, and both tools also integrate
very nicely into Visual Studio. If you’re not already using these tools
in your development process, I highly recommend downloading and
evaluating them, but first let’s take a quick look at each of them."
Read more: http://blogs.msdn.com/sdl/archive/2009/07/06/static-analysis-tools-and-the-sdl-part-two.aspx