From: ansgar@debian.org
Hi,
please seehttps://www.debian.org/consultants/for a list of
consultants who can help you if you cannot gather the information
yourself.
You also need to establish a process to end of life dates for software
you use given the version number you mention.
Ansgar
On Mon, 2025-08-11 at 10:56 +0000, KATARE, SAURABH [EMR/MSOL/PUNE]
wrote:
>
> Hello,
>
>
>
>
> I hope this message finds you well.
>
>
>
> As part of our ongoing efforts to comply with theEU Cyber Resilience
> Act (CRA), we are currently conducting a cybersecurity risk
> assessment of third-party software vendors whose products or
> components are integrated into our systems.
>
> To support this initiative, we kindly request your input on the
> following questions related to your software product
> "debianutils"with version4.9.1Please provide your responses
> directly in the table below and do reply to all added in this email,
>
>
>
> Additional Information:
> *
> Purpose:This security assessment is part of our due diligence and
> regulatory compliance obligations under the EU CRA.
> *
> Confidentiality:All information shared will be treated as
> confidential and used solely for the purpose of this assessment.
> *
> Contact:Should you have any questions or need further
> clarification, please feel free to reach out by replying directly to
> this email.
>
>
>
> We kindly request your response byMonday, August 25, 2025,to ensure
> timely completion of our assessment process. Thank you for your
> cooperation and continued partnership in maintaining a secure and
> resilient digital environment.
>
>
>
>
>
>
>
> Sr. No.
>
>
> Queries to Vendor
>
>
> Response from Vendor (Yes/No)
>
>
> Additional Remarks from Vendor
>
>
>
>
>
> 1
>
>
> Is Secure Software Development Lifecycle followed for developing this
> component?
>
>
>
>
>
>
>
>
>
>
>
> 2
>
>
> Do you provide regular security updates for "debianutils"?
>
>
>
>
>
>
>
>
>
>
>
> 3
>
>
> Is there any discontinuation/End of life for the latest version of
> "debianutils"in near future?
>
>
>
>
>
>
>
>
>
>
>
> 4
>
>
> Do you have Long Term support for "debianutils"? If yes please
> mention the version in Remark column
>
>
>
>
>
>
>
>
>
>
>
> 5
>
>
> Is appropriate cybersecurity testing followed? If yes, is any
> specific standard for testing used?
>
>
>
>
>
>
>
>
>
>
>
> 6
>
>
> Are there any vulnerabilities in the latest version which are not
> disclosed publicly? If yes, when will it be fixed and released?
> please mention in Remark column.
>
>
>
>
>
>
>
>
>
>
>
> 7
>
>
> Is the vulnerability handing procedure available for "debianutils"?
> if yes mention the procedure in the Remark column.
>
>
>
>
>
>
>
>
>
>
>
> 8
>
>
> Do you comply with EU-CRA requirements?
>
>
>
>
>
>
>
>
>
>
>
> 9
>
>
> Do you provide proof of conformity regarding adherence to EU-CRA? If
> yes please mention details in Remark column
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best regards,
>
>
> Saurabh.
>
>
>
>
> Saurabh Katare|Engineer, Software Development
>
> Emerson| Plot no 23, Rajiv Gandhi InfoTech Park | Phase
> II,Hinjawadi| Pune | Maharashtra | 411057 | India
>
> saurabh.katare@emerson.com
>
>
>
>
>
>
Hi,
please see https://www.debian.or
/consultants/ for a list of consultants who can help you if you
cannot gather the information yourself.
You also need to establish a process to end of life dates
for software you use given the version number you mention.
div>
Ansgar
On
Mon, 2025-08-11 at 10:56 +0000,
KATARE, SAURABH [EMR/MSOL/PUNE] wrote:
Hello,
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
