Posts By: tagvaultadmin

More Tool Vendors Supporting ISO SAM Standards

Yet another tool vendor has added support for the ISO SAM Standards.  The Sassafras K2 product has added support for 19770-2 (SWID) and 19770-3 (Entitlement)  standards.  See more about their announcement here –

IAITAM Reference Material – 2017

SWID Tag Signing Guidelines (Public Review) SWID Tags are more authoritative if they cannot be modified – that requires that the tag is signed.  A working group has specified how SWID tags need to be signed.  The working group consisted of members from MITRE, NIST, Microsoft and IBM to ensure that the signing approach… Read more »

NIST Publishes Interoperable SWID Tag Guidelines!

NIST-IR 8060 is final and published! The NIST-IR 8060 document was published on Friday, April 22, 2016. NIST, MITRE and the Dept of Homeland Security have worked together to create a set of guidelines that specify the data requirements for SWID tags from commercial software providers that will enable a number of use cases in… Read more »

SAVE THE DATE – April 26-27 – SWID Tag Implementation Workshop!

The National Institute of Standards and Technology (NIST) is pleased to announce a workshop on Software Identification (SWID) Tag Implementation and Use. This event will be held from 9:00 a.m. to 5:00 p.m. on 26 April and 9:00 a.m. to 3:00 p.m. on 27 April at the National Cybersecurity Center of Excellence (NCCoE), 9700 Great Seneca Highway, Rockville, MD.

19770-3 is approved to move to publication!

The Final Draft of the international standard, ISO/IEC 19770-3 was approved by the International Community in February of 2016.  This means that the standard moves to an ISO editorial process to ensure it meets all formatting, editorial and other documentation requirements.  The standard will be published soon When published, the front matter of the standard… Read more »

SWID Tag Signing Working Group

If you’re interested in participating in the SWID tag signing working group, login to your members page and add your name to the working group there.  If you need details on how to get to the members area, let Jane, or Steve know and we’ll be happy to provide the information you need.  If you… Read more »

The US Department of Homeland Security (DHS) Joins the Board of Directors

The US Department of Homeland Security (DHS) recently joined as a board member.  This allows the DHS to be engaged with commercial providers such as Microsoft, IBM and Symantec to determine how can best support the wider software community in its efforts to evangelize SWID tags. The reason the DHS joined the board… Read more »

NIST creating document detailing Government use SWID tags

The US National Institute of Standards and Technology (NIST) is working on an internal report (NIST-IR) that lays out the specific guidelines for how the US Government expects to use the data form SWID tags.  This publication includes details on how data will be used from an operational perspective and provides a number of use-cases… Read more »

Clean File Metadata eXchange (CMX) use of SWID tag data

Anti-Malware Support Services (AMSS) is developing the Clean File Metadata eXchange (CMX) to identify files that are from commercially defined and deployed software.  The CMX repository is designed to help security companies keep up with the ever changing landscape of commercially published and known files to differentiate them from a potential malware threat. The CMX repository provides one… Read more »

WiX is the first Windows installer to support the latest revision of the SWID standard

The installation toolkit WiX (supported by FireGiant) is the first Windows installer toolkit to support the latest revision of the SWID Tagging Standard (19770-2:2015).  FireGiant provides dedicated support to the WiX open source toolkit and they’ve recognized the importance of accurate software identification when it comes to licensing and security!  As an open source tool,… Read more »