Hi Eric,
it looks like you’re trying to get Inkscape through your company’s software approval process.
We’re an open source project, not a company/vendor. Nobody here will give you any assurances of any kind because we simply can’t. Let me refer you to the license, especially the „NO WARRANTY“ section at the end: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
Our source code and build process can be reviewed by anybody, but they will have to do it themselves.
I know that’s not the answer you’re looking for, but that’s just how it is.
René
Am 20.03.2024 um 17:04 schrieb Eric F eazyes@gmail.com:
Can someone in this group assist with these questions? My company requires these answered before allowing this install.
In order to assess any potential risk, provide a list of all required pre-requisite software (e.g., SQL Express, Visual Basic. In addition to providing a list of pre-requisite software, provide confirmation from the vendor via email that the product does not contain vulnerable third-party applications including but not limited to Log4J or MSXML for risk assessment purposes. 2. Please contact the vendor and request a Software Bill of Materials (SBOMs) in SPDX format. The Software Bill of Materials is a list of all of the components in a piece of software. Nowadays, it is quite common for software vendors to create products by assembling open source and commercial software components. For this reason, SBOMs are created to provide transparency and identify all of the risk-prone components. This information is needed in order to conduct the security review for all software. _______________________________________________ Inkscape Devel mailing list -- inkscape-devel@lists.inkscape.org To unsubscribe send an email to inkscape-devel-leave@lists.inkscape.org