Summary: A coalition of major tech companies has introduced the ‘OpenEoX’ framework to standardize product end-of-life notices, improving transparency around the cessation of security support. The initiative aims to mitigate cybersecurity risks linked to outdated systems by providing a consistent, machine-readable format for lifecycle checkpoints. The framework is open for public feedback and aims for broader adoption within the industry.
Affected: Tech Companies, Security Teams, Software and Hardware Users
Keypoints :
- Draft released by a coalition including Cisco, Microsoft, and IBM through OASIS.
- Four key lifecycle checkpoints defined: General Availability, End of Sales, End of Security Support, and End of Life.
- Framework seeks to integrate with existing systems like Software Bill of Materials to enhance tracking and risk management.
- Public feedback is being solicited for the framework to become a full OASIS standard.
- Future expansion of the model could include AI models as well.
Source: https://www.securityweek.com/tech-giants-propose-standard-for-end-of-life-security-disclosures/