Press Release

OASIS Members Publish White Paper to Advance Global Framework for Coordinated Product End-of-Life Security Disclosures

Cisco, Dell Technologies, IBM, Microsoft, Oracle, Red Hat, and Others Support New Guidance to Effectively Manage Product Lifecycles Across the Software Supply Chain

Boston, MA USA; 29 April 2025 — As organizations grapple with increasing cybersecurity risks linked to unsupported software and hardware, the need for timely, standardized End-of-Life (EoL) and End-of-Support (EoS) information is more critical than ever. In response, OASIS Open, the global open source and standards consortium, announced the publication of the OpenEoX White Paper. Developed by the OpenEoX Technical Committee (TC), the paper identifies major use cases for EoL security data, outlines current industry pain points, and introduces a roadmap for a standardized, machine-readable format for EoL disclosures. 

“Knowing when software and hardware support ends shouldn’t be a guessing game. Managing product lifecycles effectively requires collaboration across the entire ecosystem, from commercial vendors to open-source maintainers,” said Omar Santos, OpenEoX co-chair and Cisco Distinguished Engineer. “OpenEoX introduces a much-needed, unified framework designed to streamline the exchange of End-of-Life (EoL) and End-of-Security-Support (EoSSec) data that enables transparency and efficiency.”

Developed by a global coalition of cybersecurity leaders from organizations including Cisco, Dell Technologies, IBM, Microsoft, Oracle, Red Hat, and others, the white paper defines the scope and architecture for an OpenEoX data model and lays the foundation for future technical specifications. These will support integration with the Common Security Advisory Framework (CSAF), Software Bill of Materials (SBOMs), and other widely adopted cybersecurity standards.

“Standardizing how end of life, end of security support, and end of sales is handled for hardware and software makes the software supply chain more secure and efficient. This is especially important for developing and deploying AI systems securely,” said Brendan Burns, Microsoft Corporate Vice President and General Manager, Azure Cloud Native and Management Platform. “We’re pleased to contribute to this effort, increasing transparency, efficiency, and trust through better-informed consumers.”

The OpenEoX TC aims to standardize and promote OpenEoX, a unified, machine-readable approach to managing and sharing EoL/EoS information for both commercial and open source software and hardware. This approach helps vendors, consumers, and the broader security ecosystem reduce risks and improve operational resilience.

The TC encourages participation from product vendors, open source communities, security researchers, government agencies, and any organization managing EoL products. New members are welcome and participation in the TC is open to all through membership in OASIS

Media Inquiries:
communications@oasis-open.org

The work of OASIS is supported by organizations from around the world. Members include:

View all our members