This will be very useful as long as it finds confirmed bugs. Otherwise it will be more like an unasked-for code style check (For example, one can argue using functions like strcpy are unsafe, but unless it's really possible to get too many characters in the buffer, it's not a bug)