The cart is empty

Software Bill of Materials (SBOM)

As part of our commitment to software transparency and compliance with the EU Cyber Resilience Act, ITVDesk maintains a detailed Software Bill of Materials (SBOM) for every released version.

About SBOM

The SBOM lists all open-source and third-party components used within the software, along with their versions and licenses. It allows partners and customers to verify the security posture of the product and track component-level vulnerabilities.

Public Summary

For transparency purposes, we provide a signed summary of the current release SBOM:

Full SBOM Access

The full, detailed SBOM (including all dependencies and license data) is maintained internally and available to regulatory authorities, integrators, and enterprise partners upon request.

To request the full SBOM for compliance verification, contact us at:
πŸ“§ This email address is being protected from spambots. You need JavaScript enabled to view it.

Last updated: October 2025

πŸ›‘οΈ EU CRA READY – Certified Software
Declaration of Conformity – October 2025

Security Contact

If you need to contact our security team directly, please use the following email address:

πŸ“§ This email address is being protected from spambots. You need JavaScript enabled to view it.

You can reach out for:

  • Reporting security vulnerabilities
  • Verifying software authenticity
  • EU CRA compliance inquiries

We aim to respond to all security-related communications within 72 hours.

ITVDesk Security Team

πŸ›‘οΈ EU CRA READY – Certified Software

Software Update & Patch Policy

ITVDesk provides secure and verified updates to ensure reliability, security, and compliance of the software.

  • βœ… Manual Updates Only: Updates are performed exclusively by the user by downloading the latest version from the official website.
  • βœ… Secure Installation: The user performs the replacement manually to ensure full control and installation safety.
  • βœ… Digitally Signed: All installers and update packages are signed with our EV Code Signing Certificate.
  • βœ… Integrity Verification: Each release includes SHA-256 checksum and signature files for verification.

All official updates are available only through the ITVDesk Downloads page and are distributed over HTTPS for authenticity and tamper protection.

Software Integrity & Protection

All ITVDesk binaries are digitally signed using an EV Code Signing Certificate to ensure authenticity and trust.

  • βœ” Integrity Verification: Application components are verified during execution to ensure they have not been modified.
  • βœ” Tamper Detection: Any unauthorized modification of binary files may result in integrity validation failure and restricted application functionality.
  • βœ” Trusted Distribution: Only officially signed and verified builds are supported and recommended for use.

Last updated: April 2026
Designed in accordance with EU Cyber Resilience Act (CRA) principles.

βœ” Secure Distribution: All downloads are served over HTTPS from official sources only - Downloads

EU Declaration of Conformity

Manufacturer:
IT vl. Mile Brkanović
54. Ulica 20
20271 Blato, Croatia
VAT: HR86858304503
https://www.itvdesk.eu
This email address is being protected from spambots. You need JavaScript enabled to view it.

Product name: ITVDesk – Virtual IP Camera & Streaming Software
Model / Edition: ITVDesk
Version: 8.6
Type: Software application

Conforms to the following EU legislation

  • Regulation (EU) 2024/XXXX β€” Cyber Resilience Act
  • Directive 2014/53/EU β€” Radio Equipment Directive (Article 3(3), applicable for connected software)
  • Regulation (EU) 2023/988 β€” General Product Safety Regulation

Harmonized standards and technical specifications applied

  • EN ISO/IEC 27001:2022 β€” Information security management
  • EN 303 645 v2.1.1 β€” Cyber security for consumer internet-connected products
  • EN 301 489-1 β€” EMC compatibility (where applicable)
  • CycloneDX SBOM specification v1.6 β€” Software component transparency and vulnerability tracking

Supporting documents

  • Technical documentation and risk assessment file (ITVDesk_TechFile.pdf)
  • Software Bill of Materials (itvdesk_sbom.json)
  • Security changelog and Vulnerability Disclosure Policy (https://www.itvdesk.eu)

Place and date of issue: Blato, Croatia β€” 11 October 2025

Signed for and on behalf of:
Mile Brkanović
CEO, IT vl. Mile Brkanović

Vulnerability Disclosure Policy (VDP)

ITVDesk values the contributions of the security community. If you find a security issue, please report it responsibly.

How to Report

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

  • Include a detailed description of the issue
  • Provide steps to reproduce (if possible)
  • Report privately and allow time for us to fix it

Response Commitment

  • Acknowledgment within 72 hours
  • Status update within 7 business days
  • Credit for responsible disclosure (optional)

Legal Safe Harbor

If you follow this policy in good faith, ITVDesk will not pursue legal action against you for your testing activities.

Last updated: October 2025

Security Changelog

This log lists important security-related changes and fixes in ITVDesk releases.

  • v8.6 β€“ October 2025 – Added CRA compliance, Watcher integrity verification, and signed update validation
    Added RTSP over HTTPS and improved certificate validation.
    Added RTSPS support.
    Added ITVDeskWatcher servise for protect ITVDesk in case of a crash or hang it safely restarts the app and restores all previously in case of a crash or hang it safely restarts the app and restores all previously  configured streams (desktop, camera, audio), keeping transmissions online with no manual intervention.
  • v8.5 β€“ September 2025 – SRTP (Secure Real-Time Transport Protocol) support added for IP camera streams.
  • v8.4 – July 2025 – Fixed potential buffer overflow in encoder video handling

Older versions change look link or upon request: This email address is being protected from spambots. You need JavaScript enabled to view it.

πŸ›‘οΈ EU CRA READY – Certified Software

# ITVDesk Vulnerability Disclosure Policy (VDP)

## 1. Purpose ITVDesk is committed to maintaining the highest security standards for our software products and services. We recognize the valuable role that independent security researchers play in helping us achieve this goal.

## 2. Scope
This policy applies to all ITVDesk software products and services, including:
- ITVDesk desktop applications (Windows, macOS, Linux)
- ITVDeskWatcher background service
- ITVDesk licensing and update systems
- itvdesk.eu domain and subdomains


## 3. Reporting a Vulnerability
If you discover a potential vulnerability, please notify us by email:


πŸ“§ **This email address is being protected from spambots. You need JavaScript enabled to view it.**

Please include:
- a detailed description of the issue
- steps to reproduce (if possible)
- affected version(s) or platform(s)


### Do’s
βœ… Provide a clear, technical description
βœ… Report privately and responsibly
βœ… Allow us reasonable time to fix the issue before disclosure


### Don’ts
🚫 No denial-of-service (DoS) testing
🚫 No data extraction or access to user data
🚫 No attacks against live customer systems


## 4. Our Commitment
- We will acknowledge your report within **72 hours**
- We will provide a status update within **7 business days**
- We may publicly credit responsible disclosures (with your consent)


## 5. Legal Safe Harbor
If you follow this policy in good faith, ITVDesk will not pursue legal action against you for your testing activities.


_Last updated: October 2025_