Not to mention that you cannot, theoretically, declare any potential NULL dereference pointer found in a static analysis of source code a "security issue". At most, it is a potential one.