SCARE (Source Code Analysis Risk Evaluation) analyzes source code and provides a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited, nor does it do a static analysis for known limitations like vulnerabilities. However, it will flag code for a particular interaction type or control and allow the developer to understand which operational security (OpSec) holes are not protected even if it can't say the effectiveness of that protection at this time.
ccglue is a complementary tool to cscope and ctags. The tool builds a cross-reference symbol database from cscope (and ctags) databases that can be used to display dependency-graphs (aka call-trees, code flow). Visualization can be done with the Vim CCTree plugin or the built-in stand-alone command-line tracer.