highlight end-of-life software | Voters

highlight end-of-life software

under review

DataLink

Would it be possible to highlight somewhere in the portal (patch management, software inventory, vulnerability management, reports) the software that has reached the end of life of updates, (ex: Office 2013,etc) ? So that we can make offers to customers for software upgrades.

September 28, 2023

Robin

marked this post as

under review

Looking at EOL lists and access to them

Robin

EOL of software is not an easy one.
The vulnerability scanner uses CVE sources like Microsoft and NVD; but this only contains a list of security issues for certain versions as well as the patches or upgrades needed to solve them.
Looking around there are no official central lists for data on software EOL, but I can see a couple well run community places which are: -
https://endoflife.software/
https://endoflife.date/
The 2nd link has an API, so there is potential we could do something with this.

DataLink

Robin: Great! It woud be also useful during vulnerability assessment of a new client, although an open set of standards such as for CVSS would be desirable in my opinion.

NCT

Robin, would the Vulnerability Management feature of the platform be able to show this?

DataLink

NCT: and maybe also in the software inventory report as requested by myr here https://feedback.itarian.com/customers-requests/p/ita-325-custom-reporting-to-add-software-inventory-data