Clean File Metadata eXchange (CMX) use of SWID tag data

Anti-Malware Support Services (AMSS) is developing the Clean File Metadata eXchange (CMX) to identify files that are from commercially defined and deployed software.  The CMX repository is designed to help security companies keep up with the ever changing landscape of commercially published and known files to differentiate them from a potential malware threat.

The CMX repository provides one component of the data provided by SWID tags – the payload, or file manifest as many might call it.  By working together, Publishers who provide a file payload in their SWID tags and digitally sign those tags can automate the data population of the CMX repository in a secure and efficient manner.

More information about AMSS is here:

More information about CMX is available here: