...
Fortify SCA Version 5.0 is able to detect violations of this rule, but will return false positives if the initialization was done in another function.
Compass/Rose ROSE automatically detects simple violations of this rule, although it may return some false positives. It may not catch more complex violations, such as initialization within functions taking arguments to uninitialized variables. It does catch the second non-compliant code example, and can be extended to catch the first as well.
...