Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Tracking EoL Software - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Tracking EoL Software
Several of the organizations I support have a need to track and preemptively upgrade/remove software before it becomes unsupported by the vendor (and thus lacking in security updates). As opposed to using vulnerability scanners that typically only notify you once software is already end of life, I created a list of software that was common to us with their upcoming EoL dates and applicable versions.

In an effort to give back a bit to the community, I'm making that data public at the site below. If you have suggestions for software, please use the suggestions page on the site.

2 Posts

All too often organizations are surprised to learn they need to plan and budget for platform upgrades. Your website helps shine a light on the risk of unsupported software. As I am sure you know, some regulatory bodies specify that unsupported software can not be used and your website can help articulate that nicely.

Thanks for supporting the ISC!

100 Posts
ISC Handler
This is an excellent resource!
I sincerely hope it can be maintained indefinitely.
I have added it to my shortlist favorites bar simply because this site can provide a common piece of information I am regularly looking for when conducting security risk assessments.
5-Stars!!! Two Thumbs up!!! Standing Applause and Appreciation!!!

If there is one thing I would recommend, it would be thinking about building the dark sister to the EOL database:
A database of software that is already at EOL or out of support
Basically a "walking dead" list of software that is no longer supported by vendors. (NOTE: if there is a such a resource out there already, please share)

No doubt developing and maintaining that kind of resource would be a much larger undertaking, but often it is difficult to find information about software that is no longer supported, including when support ended. I have found situations where software was 10 years old and all documentation has evaporated from the net.
Such a solution may need a vetting element to it to ensure the information provided is as accurate as possible.

30 Posts

Sign Up for Free or Log In to start participating in the conversation!