Companies Supporting SWID Tags

Tool vendors are joining because they recognize that their application recognition libraries will never be completely accurate.  There are too many software publishers, too many releases and too many platforms for any tool vendor to even have a chance of getting to a reasonable level of accuracy.

HP, IBM, Microsoft Symantec are all members of – these are all organizations with the ability to fund the development of an identification library, but they are supportive of SWID tags – why is that?  The reason seems clear – if you expect your identification data to be accurate, you need to get that data directly from the publisher, not from a “best guess” from someone who is trying to second guess what the publisher has released.

Imagine a security system that attempts to patch the wrong product, or that reports a different version, edition or service pack for a product – could you trust that your approach to security in depth was done properly – no.  The same is true for software asset management (SAM) and any other IT tool that requires discovery data.

The vendors below are working with to make IT management easier, faster and less expensive for their user community.  Anyone who may be looking for a SAM or discovery tool would benefit from working with the organizations listed below!





Gothaer Systems GmbH


Hewlett Packard Corporation


IBM Corporation



Microsoft SAM



Scalable Software, Inc.






Scalable Software

 Scalable Software, Inc.




Overview of Company and Product

Scalable Software, founded in 2008 provides, a unified, customizable product-set that aggregates information from a variety of sources to present a coherent view of an organizations investment in IT; including actionable intelligence, supported by industry expertise, to optimize that investment.

Hundreds of enterprise-class organizations worldwide rely on Scalable Software to optimize IT expenditure. Our customers’ changing needs inspire and challenge us; our employees’ and partners’ agility in meeting those needs is unparalleled.

Category of Software Supporting SWID Tags

Software Tools that create, manage and use SWID Tags

  • Inventory and discovery tools


Product Name:  Asset Vision


Systems Supported

Server Operating Systems

  • Windows
  • OS X
  • Linux
  • ESX
  • AIX
  • Solaris
  • HP-UX

Databases Supported

  • SQL Server
  • Oracle

Client Operating Systems

  • iOS
  • Windows
  • OS X
  • Linux

Databases Supported

  • SQL Server, Oracle
  • Client Operating Systems
  • iOS, Windows, OS X, Linux

High Level Overview of Product

Asset Vision is purpose-built to help customers meet the cost optimization challenges of next-generation IT asset management, which stretch from mobile devices to the Cloud. Asset Vision is a tightly integrated modular SaaS products-suite, with integrated Business Intelligence capability, which focuses on measurable outcomes.  Information is enriched with such data elements as location data and end of life dates, and backed by a team of Scalable data researchers who ensure unprecedented data quality.

Asset Vision® Registry™ is designed to be the single source of truth for IT Assets. Integrate data from common sources of information such as SCCM, AD and ILMT and Asset Vision’s own integrated, class-leading discovery capabilities. Easily correlate the discovered information with imported procurement data such as Warranties, and Invoices.

Asset Vision® License Manager™ enables IT to prepare an accurate picture of license complianceAsset Vision License Manager maintains license information imported from many sources. An upgrade-processing engine ensures all entitlements and use rights are correctly captured to ensure the maximum license position is used as the basis of license allocation and compliance reporting.

Asset Vision® – Optimize™ is the ultimate in software usage metering technology. It offers forensic-level usage analysis of traditional and virtual applications, virtual desktops, web/SaaS applications, and high-value server resources such as Oracle and SQL Server databases. Asset Vision Optimize can dramatically drive down IT costs by rapidly identifying those hardware and software assets that can be reconfigured, recycled, or retired.

US Government Security Automation Conference Update

A number of US Government agencies  held a security automation conference in August to work through a variety of issues that are limiting the ability for agencies to track and compare how well they are handling security issues.  The minutes from this meeting, though long, are worth a read as they detail quite a few areas where SWID tags will help support security automation efforts.  Download the minutes and have a read.

Open Source SWID Tag Generator for Linux

Open Source SWID Tag generator created for Linux platforms. Automatically create SWID tags from package management systems such as dpkg, rpm or pacman. See – for more information.

Thanks to for the information!

19770-2 Revision sent to WG21 for review

The latest update of the ISO/IEC 19770-2 revision was sent to WG21 on May 18th for review at the ISO Plenary meeting in June in Sydney, Australia.

There are a few known issues in this version of the document and we will be ensuring we address these issues at the Plenary session.  A member discussion group has been setup so you can list any other concerns you may have, or highlight items that are particularly important to your organization.

Please note – you must be logged in to access the links below.  Also, if you are a member of and have a userID that is not yet elevated to a member level, please use the contact us form to let us know your e-mail address and we will resolve that issue quickly.



IBM – A Publisher Perspective on SWID Tags – Recorded Webinar

SAM Discovery/Inventory Automation with SWID Tags

A Publisher Perspective by IBM

Abstract:, the leading industry trade organization promoting leading standards in Software ID information is presenting the webinar “SAM Discovery/Inventory Automation with SWID Tags” a Software Publisher perspective on SWID tagging.

In this webinar, attendees will learn about the issues encountered by Software Publishers and their end user customers in identifying software and how specifically, SWID tags address those issues.  IBM’s implementation provides more effective compliance for Software Reconciliation of software.

People who should attend this webinar include any end user customer who uses IBM software and would like to hear about the IBM solution, as well as any software user interested in learning about how software publishers are approaching the issue of SWID tags

Speaker Bio:


Brian TurnerBrian Turner, Program Manager for Software Asset Management Tools and Compliance Readiness team, part of Cloud and Smarter Infrastructure Development, Software Group IBM. Brian has been with IBM for 15 years in a number of product development roles across the C&SI and Security divisions. He is currently the IBM representative to the ISO SC7 Workgroup 21 on Software Asset Management process and software ID tags.

Brian has a degree in Electrical Engineering and has spent his career solving complex problems for customers in the networking, security and endpoint management space. He enjoys working with global teams, customers and the odd bit of international travel. In his spare time Brian is an avid sailor and spends many weekends on his boat in and around San Francisco bay.

View the pre-recorded webinar and hear how SWID tags help the entire software ecosystem!

Now Available: Pre-recorded webinar on Overview of SWID Requirements

Why Software Identification is Critical for Software Automation – A Webinar Series

webinar banner

Everyone today struggles with their software portfolio. Organizations must deal with shifting priorities, ever changing organizational structures, and changing platform requirements while being attentive to security, compliance and logistics management to support the organization. This can make IT Management difficult and costly.

For your software portfolio, the solution is for authoritative and standardized self-identifying data to be provided to IT groups for all software titles and tools that manage the portfolio. The benefit to your software portfolio is that it is easier to manage across the board, saving an organization time and money allowing management to better support IT staff on prioritize core IT operations.

This webinar will explore the value of a standards-based approach to improve software identification and outline industry efforts to align on a consistent implementation of standards to accelerate the benefits to the market.  These efforts will increase the automation capabilities for security, compliance, and logistics requirements, among other IT operations and how it benefits your organization. If you work as a software publisher, reseller, tool provider, or are in an IT position where software management and IT automation is important, this webinar is meaningful to you. Don’t miss out on this important global effort to ensure all products and publishers are providing SWID tags for all platforms including virtual and cloud-based environments and why you should get in at the ground floor.

To watch the replay of the webinar, click here.

 FAQ’s from the Webinar:


1)  The standards was released in 2009, why has it taken so long to have tags start to make inroads with these large publishers?

There is always a chicken and egg problem with standards that are followed by one organization and utilized by another – who takes the first step? In this case, quite a few tool providers realized that SWID tags would improve their accuracy as well as lower their resource costs as they attempt to keep their catalogs up-to-date.

Once the tools provided support for SWID tags, software publishers needed to understand the value to them for implementation. Some vendors heard from their customers that support for SWID tags is a necessity, some looked in-house and were able to justify the change due to the fact that it would actually save them money.

Many large software publishers seem to have unlimited resources when viewed from the outside in. The reality is that large publishers have a tremendous number of items on the priority list that must be scheduled into their development cycles. Those items with the highest priority based on customer need, ability to sell more product, ability to sell into different markets, etc are the items that end up above the cut-off line for development. It has taken take time and a lot of energy to help publishers understand the cost/benefit of SWID tags, then see the hero’s in those publishers work with management to effect change in the organization. The more information software publishers have from customers saying that this type of authoritative data is required for them to do an effective job of managing software, the higher the priority for inclusion into the publishers work stream.

2)  When do you expect certification requirements for SWID tags to be in place?

The expectation from is that we’ll have a document specifying the SWID Tag Interoperability Requirements (basically, the certification guide) completed by the time the revision to the 19770-2 standard is published.  Since will be working with other organizations such as member organization AnglePoint, to provide the certification process, the implementation of certification procedures are likely to be finalized by April of 2015.  However, once the Interoperability Requirements document is complete, customers can use that as a requirement for their publishers to follow when creating and managing SWID tags for delivery with their products.

3)  What is the governments interest in tags and why are they involved?

The US Government has an even more difficult time with software management than commercial industries do. This is because each and every separate government agency is effectively its own business with its own processes and tool implementations that are unique to that agency. Further, many of the tools purchased by the Federal Government are purchased based on a set of requirements specified with the purchased tool being the lowest cost bidder. This results in numerous tools being used throughout the wide scope of the government and no ability to reconcile the data coming from all the tools since each tool reports software discovery data slightly differently and with a variable results.

Adding to the system challenges the US Government has, the security requirements and the attack surface they need to keep secure are simply a daunting task and likely much more difficult to manage than commercial organizations, simply due to the variety of approaches used in the different agencies.

Basically, the US Government has recognized that they absolutely require automation of their IT management systems if they are going to lower their IT costs and keep their systems secure. The first step in this process is to know exactly what software is installed on devices and work with software producers to get them to support real-time and active communications that allow for automated validation of issues such as patch installation.

Finally, the US Government has a tremendous amount of data available on configuration issues that cause software to be vulnerable to attack (the details are held in the security content automation protocol databases – SCAP for short). This data is extremely useful to improve the security posture for both governmental and commercial organizations, however, it cannot easily be linked to software discovered on devices since there is no existing standard that ensures that authoritative data is coming from publishers and that the data is normalized. With SWID tags, the data from any discovery engine can be linked to information found in the SCAP databases to allow both government and commercial organizations to increase security without a huge increase in IT resource costs.

4)  How long will it take for tool vendors to recognize the needs for using SWID tags?

They already have and most Tier 2 vendors already support the tags in some form or fashion.  Many Tier 1 vendors like HP, Microsoft and IBM either already support SWID tags, or will in the near future.

5)  Which IT management tools support SWID tags today?

Let’s leave this one off for the time being…  I think we’ll work some marketing $’s around these efforts instead of giving the information out for free.  Ideas being developed now, will get you some details in a couple of weeks.