All Policies
End-of-Life Software Management Policy
Effective Date: April 23, 2026
1. Purpose
This policy ensures that VaultKeeper monitors, tracks, and manages software components approaching or past end-of-life (EOL) to minimize security risks from unsupported software.
2. Scope
This policy covers all software components used in VaultKeeper:
- Client-side libraries (Firebase SDK, Plaid Link, Teller Connect)
- Server-side runtime (Cloudflare Workers)
- Development tools and build dependencies
- Third-party services and APIs
- Operating systems and platforms (iOS SDK targets)
3. Current Software Inventory
| Component | Version | EOL Status |
|---|
| Firebase Compat SDK | v10.12.0 | Active |
| Cloudflare Workers Runtime | Current | Managed by Cloudflare |
| Plaid Link | v2 (latest) | Active |
| Teller Connect | Current | Active |
| iOS Target | iOS 17+ | Active |
| Swift / SwiftUI | Current | Active |
4. Monitoring Procedures
- Software component versions are reviewed quarterly
- EOL announcements from vendors (Google, Cloudflare, Plaid, Teller, Apple) are monitored
- Dependency versions are checked for known vulnerabilities
- SDK deprecation notices are tracked and acted upon before EOL dates
5. EOL Response
When a software component is identified as approaching EOL:
- 6+ months before EOL: Begin planning migration to supported alternative
- 3 months before EOL: Migration should be in progress or completed
- At EOL: Component must be replaced or upgraded. No EOL software is permitted in production.
6. Exceptions
If a component cannot be replaced before EOL due to technical constraints, a documented exception must include:
- Risk assessment of continued use
- Compensating security controls
- Planned migration timeline
7. Policy Review
This policy and the software inventory are reviewed at least quarterly.