The Server Software, Desktop Software, and Mobile Software risk vectors provide analytics that help track security holes and liabilities introduced by software that are no longer supported by software vendors and have become out-of-date (unsupported).
Supported
Software vendors typically issue new versions of their software that addresses a number of bugs, vulnerabilities, or feature requests. Supported software versions receive attention from the development team and vendor when bugs or vulnerabilities are discovered.
There may be several concurrently supported versions for any server software. This is the typical process since customers and users may have operational requirements that prevent them from upgrading to the most recent version.
Example: Ubuntu Linux generally maintains multiple releases simultaneously. These releases often use different versions of the same software package.
The supported versions depend on the operating system in the server that’s currently in use. Some operating system distributions may also have their own customized versions of popular server software.
Support Extensions
The general support life cycle of some software products are split into two periods – the first half with “mainstream support,” followed by the second half with “extended support.” After the extended support period, “Extended Security Updates (ESU)” might be offered [1].
Extended support and ESU are taken into consideration when determining if software is supported.
Unsupported
Unsupported software versions are marked by Bitsight when they have been replaced by newer versions and are stated by the software vendor as deprecated or obsolete.
- July 9, 2020: Support extension information, including mainstream support, extended support, and extended security updates (ESU).
Feedback
0 comments
Please sign in to leave a comment.