Tech Giants Propose Standard For End-of-Life Security Disclosures

A coalition of big tech vendors, including Cisco, Microsoft, Dell, IBM, Oracle, and Red Hat has published a draft ‘OpenEoX’ framework to standardise the way companies announce when products will stop receiving security patches or any other form of support.

The draft standard, released through the OASIS standards body, argues that today’s end-of-life (EoL) notices are scattered, inconsistently worded and hard to track, causing major problems for organizations running obsolete software or hardware without understanding the expanded security risk.

The push comes amid widespread concern that outdated or unsupported systems have quietly compounded cybersecurity risks inside organizations, particularly when those end-of-life systems are embedded in complex software supply chains or industrial infrastructure.

Without a standardized way to track support timelines, security teams often struggle to maintain visibility into which systems still receive critical patches, the coalition noted.

Published by the OpenEoX Technical Committee, a 29-page white paper documents the ...