Open Source Summit Europe 2024

The ambiguity surrounding terminology and general uncertainty amplifies the end-of-life/end-of-support problem: What is end-of-life? How is end-of-life different from end-of-support? How does this affect supply chain and operational security? This presentation will begin with an overview of the EOL/EOS problem and suggest definitions for key terms to the discussion. Creating shared terminology can support the community in facilitating discussions around EOL/EOS and generating solutions. This presentation will map the EOL/EOS problem to other ongoing discussions including software naming and versioning, acknowledging that this is not a new problem and it is unlikely there is one singular solution. The presentation will also include discussion of the potential role of existing software transparency and supply chain security efforts, such as SBOM, VEX, and CSAF, may play in managing EOL/EOS. We will highlight the OpenEoX efforts from the OASIS community seeking to develop an open source, standardized method to ascertain the EOL/EOS status of products, as well as other ongoing policy efforts. The presentation will close with time for feedback on the presentation and discussion.