Most products and software that are used in day-to-day operations have a lifecycle. Vendors feature type updates for their products before they discontinue patching for critical security problems, but not all of them follow the same process. There are different lifecycle programs for both major software vendors and hardware vendors.
Microsoft, which produces software that is widely used as server and desktop operating systems, has a lifecycle that has two phases. This lifecycle lasts about 10 years and is split between Mainstream Support and Extended Support.
The first phase, Mainstream Support, is typically in effect for the first five years of the product's life.
During this phase, Microsoft provides new releases, updates, services packs, builds, fixes and patches in order to enhance a product’s security and reliability, close vulnerabilities, and fix software problems.
Microsoft also provides non-security updates that enhance a product's design or functionality and also accepts requests from users for feature or design changes.
Extended Support is typically in effect for five years after the end of Mainstream Support.
Users of any software or hardware should be very careful to understand and monitor the End of Life (EOL) schedule for software and hardware they are using. If EOL hardware is left in place, it can and has been used to penetrate and cause havoc on business networks.
During Extended Support, Microsoft will continue to provide security and reliability updates, and fix bugs.
Non-security updates are not provided without a paid support agreement with Microsoft.
During Extended Support, Microsoft does not accept requests for new features or product design changes. They also will not accept any warranty claims for the product.
After Extended Support, Microsoft’s products are considered End Of Life, or EOL. Once a product enters the EOL phase, patching of critical vulnerabilities are not provided making EOL software a big security problem if a business chooses to continue to run software in this phase of its lifecycle.
The chart on this page shows a few major Microsoft products that will be or have recently gone past Extended support.
Other vendors, may have a product for which a complex lifecycle is devised for both the software and the hardware used by its product.
For example, Fortinet, developer of popular hardware firewalls, has a rather intricate schedule of lifecycles for both its hardware and software.
Users of any software or hardware should be very careful to understand and monitor the EOL schedule for software and hardware they are using. If EOL hardware is left in place, it can and has been used to penetrate and cause havoc on business networks.
Businesses should have someone take charge of understanding, monitoring and managing these lifecycles to ensure that a business remains up-to-date and protected.
This monitoring is especially important not only because of the complexity of the lifecycles but because vendors often re-adjust or radically change them.
Constant vigilance is a necessity.
Aaron Lahm is president of Amplitel Technologies.