Hi, like in https://developer.apple.com/forums/thread/658048?answerId=629026022#629026022 we got a report from a pentest that we use unsecure functions like _memcpy, _fopen, _malloc or strcpy. The recommendation is to replace these with their secure counterpart (e.g. calloc, memcpy_s). We do not use direct C calls in our code - so we cannot replace them. But even frameworks written in Swift which are only importing LocalAuthentication, CommonCrypto and Foundation as dependencies were flagged unsecure. During my research I encountered that SecRandomCopyBytes might be responsible: https://opensource.apple.com/source/Security/Security-55471/sec/Security/SecFramework.c.auto.html. I have three questions regarding this issue: Is the implementation in SecFramework.c the current one? Can you give assurance that the usage in Apple implementations are secure? I believe the pentester ran a grep command to find which binaries are possibly affected. But that approach doesn't help me in this case. Is there a way how I can find out which dependencies use these C functions? Cheers