Does Apple have a policy regarding how long they will continue to release and support security fixes for each OS X release? I've looked around the Internet, and found some forum posts that claim "only for the current, and most recent previous, versions" but none appear to have an official reference. Further confounding the issue are some relatively recent posts claiming they still receive security updates for versions as old as 10.2.
My concern here is primarily from a security standpoint. The National Institute of Standards and Technology of the Department of Commerce of the United States of America states in this document: NIST SP 800-53, control SI-02 (Flaw Remediation) that there are requirements that (among other things) "The organization … identifies, reports, and corrects information system flaws". For systems running OS's that are beyond their support lifecycle, we cannot be reliably expected to correct discovered vulnerabilities because the vendor will no longer supply patches. So, knowing a product's expected support lifecycle (and, especially, if it has already expired) is critical to continuing to maintain compliance with this control.
Does Apple provide this information anywhere online for the general public? What versions are currently supported (current version being Lion), and how long (presuming no change to the policy) will they continue to be supported?
Best Answer
I'm sure Apple has a policy, but it's clearly not released to the public and probably gets re-evaluated constantly based on many factors.
Whenever I need to know what's supported now, I go to the index of what Apple Care covers (since AppleCare is the support wing that maintains knowledge base articles, answers questions, etc...)
You can of course see the latest updates for all OSX OS at their respective support pages, even past the time when they are "actively in support"
I don't think Apple publishes a hard and fast policy. My experience is that the current and past two versions have always been supported. There are times when more than three versions are supported, so you may get to see this when 10.8 gets released. It also might be more tied to hardware that was sold. Apple generally bases support on US sales dates with a 5 year window for hardware support after a model is discontinued for sale. I would also expect that large institutional orders (education, government) will tend to keep older hardware and software in support due to contractual agreements or the local law.(Examples for that are anything sold in California or Turkey, government contracts in Virginia and still different regulations in France.)
If you have a business relationship with Apple due to being certified as a technician or have help desk level support in place, then you will get pre-announcements of which products and software are announced to go into non-support before the time arrives.
Basically, if you need to know this sort of non-public information ahead of time, you can become certified (cheaper, takes more time and knowledge) or pay for this level of support and have access to information that looks forward so you can plan for change and know you are supported by Apple. As you can see, there are several factors that seem to play into the length a support window stays open and there are several free options to help you guess the timing if you don't need to pay for this information.