highlight end-of-life software
under review
R
Robin
under review
Looking at EOL lists and access to them
R
Robin
EOL of software is not an easy one.
The vulnerability scanner uses CVE sources like Microsoft and NVD; but this only contains a list of security issues for certain versions as well as the patches or upgrades needed to solve them.
Looking around there are no official central lists for data on software EOL, but I can see a couple well run community places which are: -
The 2nd link has an API, so there is potential we could do something with this.
DataLink
Robin: Great! It woud be also useful during vulnerability assessment of a new client, although an open set of standards such as for CVSS would be desirable in my opinion.
N
NCT
Robin, would the Vulnerability Management feature of the platform be able to show this?
DataLink
NCT: and maybe also in the software inventory report as requested by myr here https://feedback.itarian.com/customers-requests/p/ita-325-custom-reporting-to-add-software-inventory-data