Session
Do End of Life Projects Dream of Security Patches?
Open source software rarely disappears when it reaches end of life. Instead, it continues to run, deep inside production systems, supply chains, and critical infrastructure, without maintainers, without patches, and without a clear security signal to its consumers.
This talk explores a fundamental question: is end of life status itself a vulnerability?
I will walk through the real world incident in which a CVE was issued for an end of life Node.js version and later revoked
Marco Ippolito
Senior Security Engineer @HeroDevs | Node.js TSC
Milan, Italy
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top