EoL security notice standards advanced by tech vendor coalition

SecurityWeek reports that global open standards consortium OASIS had its OpenEoX Technical Committee, composed of Microsoft, Cisco, Oracle, IBM, Dell, and RedHat, issue a draft framework pursuing the standardization of end-of-life security notices for software and hardware offerings amid mounting security risks stemming from outdated systems. Such a framework seeks to address inconsistent wording and tracking challenges by establishing a shared data format that could be used in security advisories and software bill of materials, ensuring proper management of systems across their lifecycles. Adapting the model to artificial intelligence models is also possible, according to the OpenEoX whitepaper authors, who are now seeking public feedback prior to its implementation as an OASIS standard. "Knowing when software and hardware support ends shouldn't be a guessing game. Managing product lifecycles effectively requires collaboration across the entire ecosystem, from commercial vendors to open-source maintainers," said OpenEoX co-Chair and Cisco software engineer Omar Santos.