A group of major technology companies has introduced a draft framework called OpenEoX, aimed at standardizing how end-of-life (EoL) information is communicated, SecurityWeek reports. The effort is being led through the OASIS standards body and includes support from Cisco, Microsoft, IBM, Dell, Oracle, and Red Hat. The goal is to bring consistency and machine-readability to lifecycle data, particularly around when products stop receiving security patches and other forms of vendor support.Today, EoL notices are often inconsistently formatted and difficult to find, creating security blind spots for organizations that rely on outdated or unsupported systems. These legacy assets, especially when embedded deep within software supply chains or industrial control systems, can silently increase an organization’s exposure to vulnerabilities. Without a structured method to identify lifecycle status, security teams may lack the visibility needed to make informed risk decisions.OpenEoX addresses this by proposing a common data format that integrates with existing tools such as Software Bills of Materials (SBOMs) and security advisories. The framework outlines four key lifecycle checkpoints—General Availability, End of Sales, End of Security Support, and End of Life—each with a machine-readable timestamp. This approach aims to make it easier for users, regulators, and auditors to track support status and automate compliance workflows.The coalition behind OpenEoX is inviting feedback on the draft before it is submitted as a full OASIS standard. While the initial focus is on software and hardware, the framework could also be extended to AI models and other digital assets. With broader industry participation, the effort may help build a more predictable and transparent ecosystem for managing product support and security over time.
Cybersecurity daily news, Channel technologies
Tech Vendors Push for Standardize End-of-Life Security Disclosures
You can skip this ad in 5 seconds