In response to Jason’s post about false positives. First of all there is a general misconception of false positives. Modern static source code analysis tools have changed the game. It is not the Lint tool of the past, a focus with deep inter-procedural technology has placed the requirement that static tools today produce more real issues than false reports.
With that said, Jason is right, large code bases never running static analysis will produce a large number of issues no matter how accurate it is. Even though static analysis tools do provide a number of ways to manage this (and Jason talks about one) it does make sense to put this in your code reviews. You are looking at legacy code but if you are doing code reviews then you must have changed something with that legacy code. Therefore having those bugs visible to you during the code review could suddenly now apply.