Veracode scan identified multiple security flaws

[bchornii]

Our team is using MailKit & MimeKit libraries to send emails, but they in turn depend on Portable.BouncyCastle 1.9.0 which shows under dependencies bouncycastle.crypto.dll. Veracode scan identified several security flaws inside of it and it would be great if you can comment on them: shall we treat them as false positives or it's something you're working on to fix ?

3823	medium	Likely	73  External Control of File Name or Path	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void Main(string[]): 18%	1 Path	Open	None
3826	medium	Unlikely	331  Insufficient Entropy	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(int, System.Random): 54%	1 Path	Open	None
3829	medium	Likely	259  Use of Hard-coded Password	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !cctor(): 45%	1 Path	Open	None
3828	medium	Unlikely	331  Insufficient Entropy	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(int, int, System.Random): 46%	1 Path	Open	None
3827	medium	Unlikely	331  Insufficient Entropy	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(int, int, System.Random): 20%	1 Path	Open	None
3824	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(Cms.CmsSignedData): 34%	1 Path	Open	None
3825	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void Encode(System.IO.Stream): 16%	1 Path	Open	None
3830	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	Builder SetServerExtensions(System.Collections.IDictionary): 43%	1 Path	Open	None
3831	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void HandleHandshakeMessage(short, HandshakeMessageInput): 40%	1 Path	Open	None
3832	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	TlsAuthentication ReceiveServerCertificate(TlsClientContext, TlsClient, System.IO.MemoryStream): 20%	1 Path	Open	None
3833	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(Engines.IesEngine): 15%	1 Path	Open	None
3834	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void Encode(System.IO.Stream): 16%	1 Path	Open	None
3835	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	Builder SetServerExtensions(System.Collections.IDictionary): 30%	1 Path	Open	None
3836	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void WriteExtensions(System.IO.Stream, System.Collections.IDictionary): 0%	1 Path	Open	None
3837	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(IBlockCipher): 6%	1 Path	Open	None
3838	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(IBlockCipher): 17%	1 Path	Open	None
3839	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	string EncodeData(byte[]): 35%	1 Path	Open	None
3840	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(): 33%	1 Path	Open	None
3841	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(BcpgInputStream): 92%	1 Path	Open	None
3842	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(BcpgInputStream): 13%	1 Path	Open	None
3843	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(PgpPrivateKey, PgpPublicKey, SymmetricKeyAlgorithmTag, byte[], bool, bool, Security.SecureRandom, bool): 39%	1 Path	Open	None
3844	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	PgpSignature Generate(): 20%	1 Path	Open	None
3845	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(int, Asn1EncodableVector): 20%	1 Path	Open	None
3846	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void Encode(Asn1OutputStream, bool): 0%	1 Path	Open	None
3847	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void Encode(Asn1OutputStream, bool): 26%	1 Path	Open	None
3848	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(System.IO.Stream): 31%	1 Path	Open	None
3849	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(System.IO.Stream, int, bool): 28%	1 Path	Open	None
3850	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void Encode(Asn1OutputStream, bool): 26%	1 Path	Open	None
3851	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(System.IO.Stream): 31%	1 Path	Open	None
3852	informational	Neutral	404  Improper Resource Shutdown or Release	3/13/2023 9:14 AM EDT	bouncycastle.crypto.dll	void !ctor(System.IO.Stream, int, bool): 28%	1 Path	Open	None