PR.PS-02.243

Does your organization have a process to identify and replace end-of-life software and services with supported versions?

Explanation

Using outdated or unsupported software exposes organizations to security vulnerabilities that will no longer receive patches or updates from vendors. This includes operating systems, applications, libraries, frameworks, and cloud services that have reached their end-of-support dates. Organizations should maintain an inventory of all software assets with their version information and support timelines. Evidence could include a software asset inventory with version and end-of-life dates, a documented process for monitoring vendor support announcements, and records of software upgrade/replacement projects completed within the past year.

Implementation Example

Replace end-of-life software and service versions with supported, maintained versions

ID: PR.PS-02.243

Context

Function: PR: PROTECT
Category: PR.PS: Platform Security
Sub-Category: Software is maintained, replaced, and removed commensurate with risk

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub