Michael Howard blogs about using the Standard Annotation Language to improve static code analysis and find more bugs (including security bugs) in your C and C++ source code. I’ve filed a bug to see if these annotations can be added to the Mozilla source code.