Reconsidering ffmpeg in Debian

Coverity requires you to advertise for it and to not publish their detailed findings at their discretion (last time I've looked into their terms of service). This may be the reason I haven't found studies that compares it to other services. It would not be allowed right away. Also Coverity gets access to your evaluation of seriousness of security defects on their machines (located in the US I presume).
Those are significant drawbacks.

Made me look into stand-a-lone Free Software security checking tools like cppcheck, flawfinder or ASan/TSan/MSan.