{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T15:53:05Z","timestamp":1776354785596,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,27]]},"DOI":"10.1145\/3803525.3804984","type":"proceedings-article","created":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T14:54:47Z","timestamp":1776351287000},"page":"60-66","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["The Last of the Apaches: Investigating the State of Internet-facing End-of-Life Software"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-7995-9108","authenticated-orcid":false,"given":"Ioannis","family":"Arakas","sequence":"first","affiliation":[{"name":"FORTH-ICS and University of Crete, Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6759-0235","authenticated-orcid":false,"given":"Panagiotis","family":"Pallis","sequence":"additional","affiliation":[{"name":"FORTH-ICS and University of Crete, Heraklion, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3563-7733","authenticated-orcid":false,"given":"Evangelos","family":"Markatos","sequence":"additional","affiliation":[{"name":"FORTH-ICS and University of Crete, Heraklion, Greece"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4127-3617","authenticated-orcid":false,"given":"Georgios","family":"Smaragdakis","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2026,4,26]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"8th USENIX Workshop on Offensive Technologies (WOOT 14)","author":"Adrian David","year":"2014","unstructured":"David Adrian, Zakir Durumeric, Gulshan Singh, and J Alex Halderman. 2014. Zippier ZMap: Internet-wide Scanning at 10 Gbps. In 8th USENIX Workshop on Offensive Technologies (WOOT 14)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Aniket Anand Michalis Kallitsis Jackson Sippe and Alberto Dainotti. 2023. Aggressive Internet-wide Scanners: Network Impact and Longitudinal Characterization. In ACM CoNEXT.","DOI":"10.1145\/3624354.3630583"},{"key":"e_1_3_2_1_3_1","unstructured":"John Arakas and Panagiotis Palis. 2026. The Last of the Apaches. https:\/\/github.com\/johnarakas\/The-Last-of-the-Apaches. GitHub repository accessed 2026-03-23."},{"key":"e_1_3_2_1_4_1","unstructured":"Censys. 2024. Opt Out of Data Collection. https:\/\/support.censys.io\/hc\/en-us\/articles\/360043177092-Opt-Out-of-Data-Collection."},{"key":"e_1_3_2_1_5_1","unstructured":"Censys. 2024. The Censys Platform. https:\/\/censys.com\/."},{"key":"e_1_3_2_1_6_1","volume-title":"Proceedings of the Internet Measurement Conference.","author":"Chung Taejoong","year":"2016","unstructured":"Taejoong Chung, Yabing Liu, David Choffnes, Dave Levin, Bruce MacDowell Maggs, Alan Mislove, and Christo Wilson. 2016. Measuring and Applying Invalid SSL Certificates: The Silent Majority. In Proceedings of the Internet Measurement Conference."},{"key":"e_1_3_2_1_7_1","unstructured":"CVE Details. 2026. CVE Details: Vulnerability Statistics and Information. https:\/\/www.cvedetails.com\/. https:\/\/www.cvedetails.com\/ Accessed: 2026-01-29."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Zakir Durumeric David Adrian Ariana Mirian Michael Bailey and J. Alex Halderman. 2015. A Search Engine Backed by Internet-Wide Scanning. In CCS.","DOI":"10.1145\/2810103.2813703"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the Internet Measurement Conference.","author":"Durumeric Zakir","year":"2024","unstructured":"Zakir Durumeric, David Adrian, Phillip Stephens, Eric Wustrow, and J Alex Halderman. 2024. Ten Years of ZMap. In Proceedings of the Internet Measurement Conference."},{"key":"e_1_3_2_1_10_1","volume-title":"23rd USENIX Security Symposium.","author":"Durumeric Zakir","year":"2014","unstructured":"Zakir Durumeric, Michael Bailey, and J Alex Halderman. 2014. An Internet-Wide view of Internet-Wide Scanning. In 23rd USENIX Security Symposium."},{"key":"e_1_3_2_1_11_1","volume-title":"Censys: A Map of Internet Hosts and Services. In ACM SIGCOMM.","author":"Durumeric Zakir","year":"2025","unstructured":"Zakir Durumeric, Hudson Clark, Jeff Cody, Elliot Cubit, Matt Ellison, Liz Izhikevich, and Ariana Mirian. 2025. Censys: A Map of Internet Hosts and Services. In ACM SIGCOMM."},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the Internet Measurement Conference.","author":"Durumeric Zakir","year":"2014","unstructured":"Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, et al. 2014. The Matter of Heartbleed. In Proceedings of the Internet Measurement Conference."},{"key":"e_1_3_2_1_13_1","volume-title":"USENIX Security Symposium.","author":"Durumeric Zakir","unstructured":"Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2013. ZMap: Fast Internet-Wide Scanning and its Security Applications. In USENIX Security Symposium."},{"key":"e_1_3_2_1_14_1","unstructured":"Endoflife.date. 2024. Endoflife.date Website. https:\/\/endoflife.date\/."},{"key":"e_1_3_2_1_15_1","unstructured":"European Commission. 2024. EU Cyber Resilience Act. https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/cyber-resilience-act."},{"key":"e_1_3_2_1_16_1","volume-title":"Landscape Report","author":"European Union Agency for Cybersecurity (ENISA). 2023.","year":"2023","unstructured":"European Union Agency for Cybersecurity (ENISA). 2023. Threat Landscape Report 2023. https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-2023."},{"key":"e_1_3_2_1_17_1","unstructured":"Github. 2023. 100 million developers and counting. https:\/\/github.blog\/2023-01-25-100-million-developers-and-counting\/."},{"key":"e_1_3_2_1_18_1","volume-title":"MASSCAN: Mass IP port scanner. URL: https:\/\/github.com\/robertdavidgraham\/masscan","author":"Graham Robert David","year":"2014","unstructured":"Robert David Graham. 2014. MASSCAN: Mass IP port scanner. URL: https:\/\/github.com\/robertdavidgraham\/masscan (2014)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3646547.3688409"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24355"},{"key":"e_1_3_2_1_21_1","volume-title":"USENIX Security Symposium","author":"Huang Szu-Chun","unstructured":"Szu-Chun Huang, Harm Griffioen, Max van der Horst, Georgios Smaragdakis, Michel van Eeten, and Yury Zhauniarovich.2025. Trust but Verify: An Assessment of Vulnerability Tagging Services. In USENIX Security Symposium. Seattle, WA."},{"key":"e_1_3_2_1_22_1","volume-title":"LZR: Identifying Unexpected Internet Services. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Izhikevich Liz","year":"2021","unstructured":"Liz Izhikevich, Renata Teixeira, and Zakir Durumeric. 2021. LZR: Identifying Unexpected Internet Services. In 30th USENIX Security Symposium (USENIX Security 21)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3544216.3544249"},{"key":"e_1_3_2_1_24_1","volume-title":"Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918","author":"Lauinger Tobias","year":"2018","unstructured":"Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson, and Engin Kirda. 2018. Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. arXiv preprint arXiv:1811.00918 (2018)."},{"key":"e_1_3_2_1_25_1","volume-title":"Proceedings of the Internet Measurement Conference.","author":"Ma Zane","year":"2023","unstructured":"Zane Ma, Aaron Faulkenberry, Thomas Papastergiou, Zakir Durumeric, Michael D Bailey, Angelos D Keromytis, Fabian Monrose, and Manos Antonakakis. 2023. Stale TLS Certificates: Investigating Precarious Third-party Access to valid TLS keys. In Proceedings of the Internet Measurement Conference."},{"key":"e_1_3_2_1_26_1","unstructured":"MITRE. 2024. MITRE Common Vulnerabilities and Exposures database. https:\/\/cve.mitre.org\/."},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the IEEE European Symposium on Security and Privacy (EuroSP).","author":"Mladenov Martin","year":"2025","unstructured":"Martin Mladenov, Laszlo Erdodi, and Georgios Smaragdakis. 2025. Uncovering Exposed Industrial Control Systems and Honeypots. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroSP)."},{"key":"e_1_3_2_1_28_1","volume-title":"Managing Information","author":"National Institute of Standards and Technology.","year":"2011","unstructured":"National Institute of Standards and Technology. 2011. Managing Information: Security Risk Organization, Mission, and Information System View. https:\/\/nvlpubs.nist.gov\/nistpubs\/legacy\/sp\/nistspecialpublication800-39.pdf."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103123"},{"key":"e_1_3_2_1_30_1","unstructured":"Precedence Research. 2022. Software Market Forecast 2023-2032. https:\/\/www.precedenceresearch.com\/software-market."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355595"},{"key":"e_1_3_2_1_32_1","unstructured":"Shodan. 2024. Search Engine for the Internet of Everything. https:\/\/www.shodan.io\/."},{"key":"e_1_3_2_1_33_1","unstructured":"U.S. Cybersecurity and Infrastructure Security Agency (CISA). 2023. Understanding Patches and Software Updates. https:\/\/www.cisa.gov\/news-events\/news\/understanding-patches-and-software-updates."},{"key":"e_1_3_2_1_34_1","unstructured":"U.S. Cybersecurity and Infrastructure Security Agency (CISA). 2024. Protect Your Business by Updating Your Software. https:\/\/www.cisa.gov\/news-events\/news\/understanding-patches-and-software-updates."},{"key":"e_1_3_2_1_35_1","volume-title":"A measurement study on the (in) security of end-of-life (eol) embedded devices. arXiv preprint arXiv:2105.14298","author":"Wang Dingding","year":"2021","unstructured":"Dingding Wang, Muhui Jiang, Rui Chang, Yajin Zhou, Baolei Hou, Xiapu Luo, Lei Wu, and Kui Ren. 2021. A measurement study on the (in) security of end-of-life (eol) embedded devices. arXiv preprint arXiv:2105.14298 (2021)."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3334017"},{"key":"e_1_3_2_1_37_1","volume-title":"On the Mismanagement and Maliciousness of Networks. In Network and Distributed System Security Symposium.","author":"Zhang Jing","year":"2014","unstructured":"Jing Zhang, Zakir Durumeric, Michael D Bailey, Mingyan Liu, and Manish Karir. 2014. On the Mismanagement and Maliciousness of Networks. In Network and Distributed System Security Symposium."}],"event":{"name":"EuroSys '26: 21st European Conference on Computer Systems","location":"Edinburgh Scotland Uk","acronym":"EuroSec '26","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the 19th European Workshop on Systems Security"],"original-title":[],"deposited":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T14:55:20Z","timestamp":1776351320000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3803525.3804984"}},"subtitle":["Investigating the State of Internet-facing End-of-Life Software"],"short-title":[],"issued":{"date-parts":[[2026,4,26]]},"references-count":37,"alternative-id":["10.1145\/3803525.3804984","10.1145\/3803525"],"URL":"https:\/\/doi.org\/10.1145\/3803525.3804984","relation":{},"subject":[],"published":{"date-parts":[[2026,4,26]]},"assertion":[{"value":"2026-04-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}