On Mon, 11 Aug 2025, 13:24 KATARE, SAURABH [EMR/MSOL/PUNE] via Gcc-help, < gcc-help@xxxxxxxxxxx> wrote: > Hello, > > > > I hope this message finds you well. > > > > As part of our ongoing efforts to comply with the EU Cyber Resilience Act > (CRA), we are currently conducting a cybersecurity risk assessment of > third-party software vendors whose products or components are integrated > into our systems. > > To support this initiative, we kindly request your input on the following > questions related to your software product "GNU Compiler Collection" with > version 9.3.0 Please provide your responses directly in the table below and > do reply to all added in this email, > GCC 9.3.0 had been end-of-life for several years and receives no updates from the GCC project. > > > Additional Information: > > * Purpose: This security assessment is part of our due diligence and > regulatory compliance obligations under the EU CRA. > * Confidentiality: All information shared will be treated as > confidential and used solely for the purpose of this assessment. > * Contact: Should you have any questions or need further > clarification, please feel free to reach out by replying directly to this > email. > > > > We kindly request your response by Monday, August 25, 2025, to ensure > timely completion of our assessment process. Thank you for your cooperation > and continued partnership in maintaining a secure and resilient digital > environment. > > > > Sr. No. > > Queries to Vendor > > Response from Vendor (Yes/No) > > Additional Remarks from Vendor > > 1 > > Is Secure Software Development Lifecycle followed for developing this > component? > > > > > > 2 > > Do you provide regular security updates for "GCC" ? > > > > > > 3 > > Is there any discontinuation/End of life for the latest version of "GCC" > in near future? > > > > > > 4 > > Do you have Long Term support for "GCC"? If yes please mention the version > in Remark column > > > > > > 5 > > Is appropriate cybersecurity testing followed? If yes, is any specific > standard for testing used? > > > > > > 6 > > Are there any vulnerabilities in the latest version which are not > disclosed publicly? If yes, when will it be fixed and released? please > mention in Remark column. > > > > > > 7 > > Is the vulnerability handing procedure available for "GCC"? if yes mention > the procedure in the Remark column. > > > > > > 8 > > Do you comply with EU-CRA requirements? > > > > > > 9 > > Do you provide proof of conformity regarding adherence to EU-CRA? If yes > please mention details in Remark column > > > > > > > > Best regards, > > Saurabh. > > > Saurabh Katare | Engineer, Software Development > > Emerson | Plot no 23, Rajiv Gandhi InfoTech Park | Phase II , Hinjawadi | > Pune | Maharashtra | 411057 | India > > saurabh.katare@xxxxxxxxxxx > >
