Can someone in this group assist with these questions? My company requires these answered before allowing this install.

1.

In order to assess any potential risk, provide a list of all required pre-requisite software (e.g., SQL Express, Visual Basic. In addition to providing a list of pre-requisite software, provide confirmation from the vendor via email that the product does not contain vulnerable third-party applications including but not limited to Log4J or MSXML for risk assessment purposes.

2.

Please contact the vendor and request a Software Bill of Materials (SBOMs) in SPDX format.

The Software Bill of Materials is a list of all of the components in a piece of software. Nowadays, it is quite common for software vendors to create products by assembling open source and commercial software components.

For this reason, SBOMs are created to provide transparency and identify all of the risk-prone components. This information is needed in order to conduct the security review for all software.