I believe ECG is a solid product. The report is clear, easy to read, well organized and without any show stopping grammar/spelling issues. Having the line numbers of where the issue occurs is very valuable.
We are a leading developer company for TCL and related Open ACS technologies, we commonly perform code reviews which often include external security audits. Until now we were unable to use static code analyzers to assess our code base. ECG adds great value because it allows us to quickly detect vulnerabilities and address the detected issues.