An example is SSL root certificates, which expire by design. Also ABI. But if you use containers or virtual machines you can basically have a program run forever.
You can, but you shouldn't, because at some point you should patch the vulnerabilities you inevitably find on any non-trivial piece of code after a while.
Certain code can run with bugs forever, even vulnerabilities, because it will never interact with anything (see the famous "the missile" bug - a counter would overflow at some point, but by then the warhead would have detonated, so who cares?).
