Very recently the Node.js project filed a few CVE IDs for end of life products. For vulnerability nerds this is exciting because historically EOL things didn’t get CVE IDs just for being EOL. And as one would expect, there are plenty of folks who think this is the best idea ever, and a bunch worried this will be the event that destroys modern civilized society. Today there’s not really a good place to track what is or isn’t end of life software. There are some datasets being worked on b...
