End of Life of Software: Can expired milk become a security breach?

Transcript

1. © Okta and/or its affiliates. All rights reserved. © Okta

   and/or its affiliates. All rights reserved. End of Life of Software: Can expired milk become a security breach? Øredev 2025 Malmö - Sverige (he/him) José Carlos Chávez Security Software Engineer

2. © Okta and/or its affiliates. All rights reserved. José Carlos

   Chávez Security Software Engineer - Okta • Open Source contributor and maintainer for 10+ years • OWASP Coraza WAF co-leader • Loving father of 2 • Mathematician in quarantine

3. © Okta and/or its affiliates. All rights reserved. What happens

   if you drink milk?

4. © Okta and/or its affiliates. All rights reserved. Why do

   people drink milk? • Due to its proteins, vitamins and minerals • Several probable health reasons • It is sold everywhere • It is tasty :yummy:

5. © Okta and/or its affiliates. All rights reserved.

6. © Okta and/or its affiliates. All rights reserved.

7. © Okta and/or its affiliates. All rights reserved. What is

   wrong with spoiled milk? • Bad taste • Abdominal pain • Nausea & Vomiting • Diarrhea

8. © Okta and/or its affiliates. All rights reserved. Often, these

   symptoms will alleviate themselves within 12-24 hours If you STOP drinking the spoiled milk!

9. © Okta and/or its affiliates. All rights reserved. In software

   things are a bit different

10. © Okta and/or its affiliates. All rights reserved.

11. © Okta and/or its affiliates. All rights reserved. What are

    the risks os using expired software • Compromised security: unknown risks, CVEs • Increased maintenance cost • Lack of technical support • Compliance challenges: Regulatory vendors, contractual risks • Incompatibility with current solutions, high migration costs EXPIRY DATE 14/08/2005

12. © Okta and/or its affiliates. All rights reserved. For sure,

    these symptoms will NOT go away on their own Nor within a reasonable SLA

13. © Okta and/or its affiliates. All rights reserved. EoL Software

    Lifecycle Product Version 1 GA date End of sales End of support End of ext. End of life support Product Version 2 GA date End of sales End of support End of ext. End of life support Product Version 3 GA date End of sales End of support End of ext. End of life support

14. © Okta and/or its affiliates. All rights reserved. Why do

    businesses ‘keep’ expired software • Priorities/Roadmap • Migration costs • Lack of Inventory, Ownership and Awareness • Quantification of the Return on Investment (ROI)

15. © Okta and/or its affiliates. All rights reserved. Source: https://www.chainguard.dev/unchained/why-end-of-life-software-means-400-cves-per-year

    Organizations that ‘got food poisoning’

16. © Okta and/or its affiliates. All rights reserved.

17. © Okta and/or its affiliates. All rights reserved.

18. © Okta and/or its affiliates. All rights reserved. Healthy software

    maintenance practices • Reduce the risk surface • Effectively manage your entire software asset inventory • Detect approaching End-of-Life for software early • Implement regular updates and security patching routines • Embrace ownership

19. © Okta and/or its affiliates. All rights reserved. How we

    solved it @Okta

20. © Okta and/or its affiliates. All rights reserved. Conclusions 1.

    Security shall be a first class concern among engineering 2. Upgrade often and early to make it a fluid process 3. Actively monitor EoL life of components 4. Well defined ownership is crucial to plan and execute upgrades 5. Automate 2, 3 & 4 as much as possible

21. © Okta and/or its affiliates. All rights reserved. Thank you!

    © Okta and/or its affiliates. All rights reserved.