It would be really interesting to run this over the apps. Maybe reach out to the author for help with that?
From: Dmitry Belyavsky <beld...@gmail.com> Date: Sunday, May 31, 2020 at 5:44 AM To: "openssl-project@openssl.org" <openssl-project@openssl.org> Subject: Detecting Bad OpenSSL Usage Hello, Here is a nice article about a tool desired to catch misuse of the OpenSSL API. https://blog.trailofbits.com/2020/05/29/detecting-bad-openssl-usage/<https://urldefense.proofpoint.com/v2/url?u=https-3A__blog.trailofbits.com_2020_05_29_detecting-2Dbad-2Dopenssl-2Dusage_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=umc-9fW6eYwZuJa_RJ7Qh_tR1Zs7MzCSarQ3YgyEe2w&s=284ow8SPuGpA6WJ-uDXnpJnBJEJ0SRXklOQAgRmqMTk&e=> I'm not sure whether it's worth using by the team but maybe it's worth mentioning in OpenSSL Wiki. -- SY, Dmitry Belyavsky