The software supply chain is a complete mess!

Pat Cicala(1)The software supply chain and management process is a complete mess and the situation will get worse with the addition of new computing platforms and alternative licensing requirements for virtual and cloud based environments. Unless there is a change in the status quo, everyone in the software ecosystem will end up spending more on management and less on development equating to higher overhead for everyone!

There is a better way and it starts with a very simple expectation that software should automatically and consistently provide authoritative identification information for every single title by every publisher across every platform in a consistent fashion. Does authoritative software identification solve the whole problem – no! However, it does fix numerous problems in the supply and management chain that cost excessive money, time and resources today and enables better solutions across the whole industry in the future.

Keynote for the SWID Summit

Pat gave the keynote for the SWID Summit that was held in May of 2011. She did a fantastic job of summarizing the problems that are occurring throughout the supply chain and the implications of these problems to the market as a whole. Pat’s wealth of experience and clarity of presentation resonated with the audience and she received quite a few compliments as well as being inundated with people asking questions throughout the day. Watch and listen to her keynote presentation to understand the problem from a different perspective.

Quotable Quotes from the Video:

  • “I believe that if tagging works and this industry adopts tagging, it will change the face of how we distribute, how we buy and how we manage software in the future.
  • “I believe that what they are doing will change the face of the supply chain for the future if it is adopted and if it works.”

Note that Pat has been in this business for a while – she includes the caveats, “if it works” and “if it’s adopted”. SWID tags have already been shown to work effectively. One example, Adobe products can have different entries in the add/remove programs as well as application executable files installed on a device, yet have a different product that is actually installed (this will cause identification errors in > 80% of the application recognition libraries). The only way to accurately identify situation – decode the product key (which Adobe keeps guarded), or read the SWID tag which is always accurate for the installed product. There may be some rare cases where SWID tags need to be extended, but that can be accommodated by the publisher directly, or by if the issue goes across multiple members. Any extensions that go through and are appropriate to roll back into the standard will be rolled in as time and resources permit.

As for SWID tags being adopted, that will depend on end-users. If end-users want to see solutions to the problem of inaccurate software identification, they will start to require SWID tags from their publishers. If end-users are happy with the current inaccurate and incomplete information, they won’t push on this issue with their suppliers. Current market pressures are indicating that very large enterprise organizations (especially those that thought they had tools and processes in place to manage their software effectively, yet still weee hit with a large audit finding), are pushing their software suppliers to include certified SWID tags.

Article  Demystifying the Software Supply Chain

Pat has successfully helped many organizations with their management of the software supply chain. She knows her way through contract negotiations, supplier management and issues and concerns an organization should factor into their decision making process. Read the article she wrote that was published in IAITAM’s ITAK magazine in the August issue that had a focus on Financial Management (note, this article is only available to IAITAM members).

The introduction of the article is provided below:

“It’s time to remove the mystery from the software supply chain, a critical component of long overdue industry change.

 For more than 20 years, the software life cycle has been fraught with mystery and intrigue. Both primary and secondary participants in the supply chain have been operating with virtual blindfolds while engaging in many of their business activities. This is primarily the reason for the current and continued confusion from the software requisition to retirement process”

 Additional Materials useful to making SWID tags successful in the market