What is Apple's policy for supporting security updates on older versions of OS X?
Solution 1:
I'm sure Apple has a policy, but it's clearly not released to the public and probably gets re-evaluated constantly based on many factors.
Whenever I need to know what's supported now, I go to the index of what Apple Care covers (since AppleCare is the support wing that maintains knowledge base articles, answers questions, etc...)
- The Apple Support Sitemap - This answers your question about the definitive list of actively supported OS. As of May 2012, this includes three major versions. 10.5, 10.6, 10.7 As of September 2012 (after Mountain Lion has been out for more than a month), the support for 10.5 isn't yet removed from the Support Sitemap so we are in a window where four major versions of the OS are still supported.
You can of course see the latest updates for all OSX OS at their respective support pages, even past the time when they are "actively in support"
- Lion Support
- Snow Leopard Support
- Leopard Support
- Tiger Support
- Panther Support
- Jaguar and Earlier Support which presumably covers Puma and Cheetah but not Kodiak.
I don't think Apple publishes a hard and fast policy. My experience is that the current and past two versions have always been supported. There are times when more than three versions are supported, so you may get to see this when 10.8 gets released. It also might be more tied to hardware that was sold. Apple generally bases support on US sales dates with a 5 year window for hardware support after a model is discontinued for sale. I would also expect that large institutional orders (education, government) will tend to keep older hardware and software in support due to contractual agreements or the local law.(Examples for that are anything sold in California or Turkey, government contracts in Virginia and still different regulations in France.)
If you have a business relationship with Apple due to being certified as a technician or have help desk level support in place, then you will get pre-announcements of which products and software are announced to go into non-support before the time arrives.
Basically, if you need to know this sort of non-public information ahead of time, you can become certified (cheaper, takes more time and knowledge) or pay for this level of support and have access to information that looks forward so you can plan for change and know you are supported by Apple. As you can see, there are several factors that seem to play into the length a support window stays open and there are several free options to help you guess the timing if you don't need to pay for this information.
Solution 2:
Remember that Apple views itself as a hardware company. They don't sell operating systems, they sell Macs. They don't worry about security updates for any specific OS; rather, they focus on security updates for all currently-supported Macs.
First, let's define currently-supported. Apple supports all Macs that aren't yet vintage or obsolete. In practical terms, that covers every current Mac (of course), as well as all Macs discontinued less than seven years ago.
Consider the iMac models released in October of 2009. They were discontinued in July of 2010, so (by Apple's definition) they aren't yet obsolete. They shipped with Mac OS X 10.6.1 Snow Leopard. And while it's true that Apple no longer offers updates for Snow Leopard, it's also true that those late 2009 iMacs can be upgraded to Sierra.
So (from Apple's perspective), those they do offer current security updates. If you have a late 2009 iMac, update to macOS 10.12 Sierra, and you'll be secure.
All this is inference on my part; I don't think Apple has ever stated an official policy regarding security updates. But my inferences are (so far as I can tell) consistent with the facts.
Solution 3:
I haven't seen any official Apple policy for OS X, but there is a KB entry for hardware: Vintage and obsolete products (most of these are PPC, but Intel ones are starting to appear). As for what actually happens -- as you've already found it is the current and previous versions only. You could check that by going to Mac OS and Software downloads section of the Apple Support site (alternatively Downloads, then choosing Mac OS and Software and then Mac OS), choosing Leopard (or searching for an older version) and comparing the date of last Security update with the release of the the that version +0.2 (Lion in that example). Of course, due to the lack of stated policy, there isn't any guarantee that this would continue.
Solution 4:
support lasts approximately 40 months.
OSX 10.9 is no longer receiving security updates: support.apple.com/en-us/HT201222
http://www.computerworld.com/article/2950580/operating-systems/the-end-is-near-for-os-x-mountain-lion-support.html