In this episode, Open Source Security chats with Aaron Frost, CEO of Hero Devs about the world of maintaining end-of-life open source software. Aaron explains how EOL versions of open source work and how backporting security fixes can help maintaining compliance. In the discussion we cover the "just upgrade" mentality, how backporting works, why it's hard, and why it matters. We also cover some oddities the world of CVE brings to the discussion.
The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-02-patching_EOL_OSS_aaron_frost/