TagVault.org is a non-profit organization formed under the structure of IEEE-ISTO. It is a registration and certification authority for software identification tags (SWID tags) based on the ISO/IEC 19770-2:2009 standard. TagVault is a member-driven organization that provides a forum for sharing information and resources about software tags among software publishers, tool providers and SAM practitioners. TagVault provides a shared library of technical knowledge and software tools including consistent cross-vendor, cross-platform APIs.

2012 Software Identification Summit - a Huge Success!

The 2012 Software Identification Summit was held on May 2nd and the responses received from attendees were extremely positive.  The event allowed attendees to network with other organizations in the software ecosystem who focus on accurate and consistent software identification data.  Attendees to the summit left with new contacts and a significant amount of information about the current and near term status of SWID tags.  

Slides from the sessions may be accessed through the link below.  Videos of the sessions will be available from the TagVault.org website in the near future.
 

Sign the Open Letter to Software Publishers

Cicala and Associates published an open letter to software publishers.  This letter allows individuals and organizations to make a clear statement to their software vendors the vendors need to work together as a community to make it easier to identify and track software for any product from any vendor on any platform in a consistent and accurate manner.  

Background information on Pat and this effort is provided below.  

Take a moment of time to read the letter and provide an indication of support by filling out the survey.  It’s critical for the software licensing ecosystem to speak up about this issue and this is an ideal way to do just that!

Announcements Usher in a New Era of Software Management

 Microsoft announced support for SWID Tags

 

 
Recent announcements regarding software identification tags provide the necessary support for software purchasing organizations to make new requirements to their software vendors:
What do these two things have in common? In short, they are ushering in a new era of software management and defining a new set of expectations for software buyers. By the end of 2012, software buyers will include requirements for SWID tag support as part of their software purchasing process.
 

Consumers Win with WiX

The WiX development team removes the last excuse for windows software publishers to support standardized software identification (SWID) tags.  This is a win for the consumer who will start to see better, more accurate and less-expensive technology for software logistics, security and compliance activities.

 
Hot off the press – the WiX installer team announced that WiX supports 19770-2 SWID tags.  With this announcement, all three major Windows installation tools – Advanced Installer, Installshield and now WiX – provide native support for the creation and installation of SWID tags.  WiX is an open source installation utility used by small and large organizations.  WiX is in use by many enterprise focused software development organizations because it supports a number of capabilities that make it ideally suited to the installation requirements of more complex software products.
 
To learn more about this and other advancements in the software identification market, sign up for the TagVault.org Software Identification summit on May 2nd.  For deeper knowledge on implementation of SWID tags, sign up for the Publisher Integration of Certified SWID Tags course on May 3rd – both events will be held in Campbell, CA.
 
Sign up now, space for the summit and training is limited.

Software Discovery Tool Analysis

Identifying which software products are installed on a computing device is similar to an archeological dig (i.e. trying to determine which software titles are installed based on various artifacts discovered on the device) and regularly results in incomplete and incorrect results. Unfortunately, compliance, logistics and security processes and procedures rely on this discovery data to manage an organization’s infrastructure.


Incorrect data from software discovery utilities can and does result in:

Automation of CPE Names Using Certified SWID Tags

 

NOTE:  Document Update - now distributing V2 of this document.
 
This article and the referenced document is provided primarily for individuals working within the US Government or related organizations and have an interest in the overall Security Content Automation Protocol (SCAP) standards and processes. There will be many commercial organizations that will benefit from these efforts in the short term and many more that will benefit in the medium term, however this document does not attempt to provide an education on what SCAP is, or how the integration from a certified SWID Tag to a CPE name will benefit the overall capabilities of SCAP.
 
This paper describes how software identification (SWID) tags for identifying software installed on computing assets can integrate with and  automate the creation of  Common Platform Enumeration (CPE) names, which provide hardware and software information about computing assets.
 
The CPE name is designed to provide the following (from the CPE 2.3 Naming Specification Standard):

 

You've got questions, we've got answers - let's see if they match...

TagVault.org will be participating in a Panel discussion on the 19770-2 standard at Flexera's SoftSummit conference in San Jose, CA from Oct 24 - 26.  David Wright, CTO of Veritag, John Richardson, Director Licensing Technology for Symantec and Steve Klos, Executive Director of TagVault.org will be on the panel and we are ready for your questions - please send them to us!

Flexera recently announced that InstallShield 2012 creates and installs SWID tags by default as part of the software installation process on Windows devices.  This removes even the slightest barrier for a huge number of ISV's who may otherwise gloss over the fact that their customers are spending significant money and resources trying to make their best guess about what software is installed on a device. 

2011 IAITAM Conference Promotes ISO SAM Standards

As usual, the 2011 IAITAM conference was very well attended and the only complaint I heard was the problem of having too many interesting speakers presenting at the same time (6 different tracks over a period of 3 days provides a lot to choose from)!
 
IAITAM has played a very active role in the effort to create and promote SAM standards to the community.  IAITAM is a Category C Liasion to Working Group 21 (WG21) which is the group focused on developing SAM standards.  IAITAM clearly sees the ISO SAM standards as a benefit for the whole community and is working hard to ensure the message is distributed as far and wide as possible.  The entire ISO team would like to thank IAITAM for this on-going and very active support!
Syndicate content

Software Publishers

By providing the information your customers need to more effectively manage their licenses, the cost of compliance is lowered for everyone.

SAM Tool Vendors

A standardized, publisher-defined method to identify software allows you to focus on helping users maximize their software asset utilization.

SAM Practitioners

Accurate software inventory is critical to managing software assets and eases compliance with purchase contracts.