Thanks for the reply. Just to add some context to this....
WinSCP is used by a very large amount of Sys Admins. These guys have root access to huge amounts of systems.
WinSCP would be / is a prime target for exploitation, like the Solar Winds attack.
For example, if you sub contract code work out to third parties, and they get compromised, what happened with Solar Winds could happen to WinSCP.
Of course many in the IT ecosphere will be in this position too.
Maybe you only use libraries from OpenSSL, and PuTTY, and Microsoft DLL's etc, which would be quite safe.
It's an emerging threat that all software developers should be aware of.
WinSCP is a fantastic project, it would be a tragedy if something bad happened
Hope that makes sense