End of Life Definition - Application / Software

Bryant · 7 July 2021 13:19

I’d like to poll my peers here to hear back your definition for Application / Software end of life (EOL). I’m crafting a more complete and comprehensive definition that will be introduced into my company’s global standards. Appreciate any sharing what you crafted or provide feedback. Before you respond consider the following

Application / Software seen separately in my environment. Application is the business application having multiple components. Software can be one of other software or components making up application. For this discussion I’m focused on the publisher software
EOS, EEOS I don’t see same as end of life. That is a publisher’s decision to no longer provide support, however the software may still offer business value that offsets risk, etc beyond EOS, EEOS
Software Publisher EOL I don’t see same as end of life. Again for the same reasons. They may no longer produce the product doesn’t mean it no longer provides business value for the company
Overall I see Software EOL from a business perspective when the software no longer serves a business value and should be decommissioned/retired and removed from the environment. Triggers that might prompt EOL are introduction of newer software releases adopted by the company, risks or vulnerability that outweigh the business benefit. Has business value but not supported by current technologies, OS, etc.

Thanks in advance for your feedback,

Bryant

kristopher.j.wong · 7 July 2021 15:30

@Bryant

My suggestion would be to adopt the publishers definitions. Your organization does not need to abide by EOS/EOL dates but it will need to accept the RISKS of running the software without formal support.

EOS/EOL dates from the publisher are their way of trying to keep organizations on a constant treadmill of new features, capabilities, etc. They influence that adoption via the ability to access patches, call support, and/or get critical vulnerabilities corrected. It is a strategy at the end of the day.

Even if SW is EOS/EOL you are possibly able to get 3rd party support which maybe a good idea if it is a application/system/sw that is critical to your operations. Additionally, I would suggest discussing this with your CISO as they have a vested interest in understanding this and accepting or remediating IT risk.

-Kris

Bryant · 13 July 2021 12:28

Thanks Kris, appreciate the opinions

anon89506075 · 16 July 2021 16:01

@Bryant I second @kristopher.j.wong Kris’ statements. End of life consideration for me is crucial for managing risks to resilience and operational stability for those applications that are critical for business delivery. Whilst in reality the risk of an incident may be low, the appetite for risk depends on the criticality of the business application that the software supports.

Topic		Replies	Views
A couple of basic SAM questions Software Asset Management	2	414	18 November 2022
Ask the vendor how to license a scenario - would you? (Is asking a publisher licensing questions an audit trigger?) Software Audits	9	694	18 February 2021
Info on precedence in Software License Agreements Software Licensing	1	272	9 August 2022
Publisher Focus...Tier 1,2 Software Licensing	3	1177	7 May 2021
SAM team - how to divide/ assign vendors Software Asset Management	3	288	7 February 2023

End of Life Definition - Application / Software

Related Topics