Hello,
I hope this message finds you well. As part of our ongoing efforts to comply with the EU Cyber Resilience Act (CRA), we are currently conducting a cybersecurity risk assessment of third-party software vendors whose products or components are integrated into our systems. To support this initiative, we kindly request your input on the following questions related to your software product "elfutils" with version 0.178 Please provide your responses directly in the table below and do reply to all added in this email, Additional Information: * Purpose: This security assessment is part of our due diligence and regulatory compliance obligations under the EU CRA. * Confidentiality: All information shared will be treated as confidential and used solely for the purpose of this assessment. * Contact: Should you have any questions or need further clarification, please feel free to reach out by replying directly to this email. We kindly request your response by Monday, August 25, 2025, to ensure timely completion of our assessment process. Thank you for your cooperation and continued partnership in maintaining a secure and resilient digital environment. Sr. No. Queries to Vendor Response from Vendor (Yes/No) Additional Remarks from Vendor 1 Is Secure Software Development Lifecycle followed for developing this component? 2 Do you provide regular security updates for "elfutils" ? 3 Is there any discontinuation/End of life for the latest version of "elfutils" in near future? 4 Do you have Long Term support for "elfutils"? If yes please mention the version in Remark column 5 Is appropriate cybersecurity testing followed? If yes, is any specific standard for testing used? 6 Are there any vulnerabilities in the latest version which are not disclosed publicly? If yes, when will it be fixed and released? please mention in Remark column. 7 Is the vulnerability handing procedure available for "elfutils"? if yes mention the procedure in the Remark column. 8 Do you comply with EU-CRA requirements? 9 Do you provide proof of conformity regarding adherence to EU-CRA? If yes please mention details in Remark column Best regards, Saurabh. Saurabh Katare | Engineer, Software Development Emerson | Plot no 23, Rajiv Gandhi InfoTech Park | Phase II , Hinjawadi | Pune | Maharashtra | 411057 | India saurabh.kat...@emerson.com
