Auditing Business risk of outdated and unsupported software

 I came across two instances recently, the first was a former colleague had an unscheduled week of pain when one of his customers, the only one who bother with compliance, but are very good at it, did one of their regular audits and discovered that .Net Maui was going (has by now) replaced Xamarin as Microsoft's supported mobile framework. This in the short term would have been no big deal, but in the medium term, the customer are correct. I encountered the opposite level of vigilance myself in the last couple of days, I came across and open source (or rather abandoned source) project which uses Visual Basic 6, it really dates back to the 1990s and while the program itself would still be perfectly up to date, it depends on some ancient OCX controls from a variety of different manufacturers, all of whom have either gone out of business or been taken over at least once, and none of whom still offer their original product in VB6 friendly format. There is no great harm done here, but for a commercial product this happened quite a lot when Microsoft abandoned Visual Basic 6 and went to C# and VB.Net. Many of the software development companies that supplied third-party controls to other Visual Basic developers either went out of business or switched to .Net or Web controls, and anybody who didn't deal with the situation at the time found themselves in an increasingly impossible situation over the years. So your ten year old business PC succumbs to old age -- no problem, you install all the software systems. Except Maybe they no longer install or work on Windows 8, or Windows 10 or Windows 11, and you cant get a licence for Windows 7 or XP. Big Ooops. Similar or even worse trouble if you are a company who partially moved on but foolishly decided to support and fix old versions of your software -- the build computer dies of old age and that's the one with the licences ActiveX controls from 1999 on it, and somebody threw out the CDs 12 years ago and its 2024 and you have *no* idea what to do next.  Bigger customers have or used to be able to force Microsoft to offer some sort of support, but the myriad of little companies who used to form an ecosystem around this have mostly disappeared and you are on your own. The same issue is present to a lesser extent with Java, Python, and other programming languages and frameworks. It is as well to be aware of this and factor it into business planning, where software risk often seems to get overlooked