It’s clear that authoritative software identification is critical to any cybersecurity efforts – after all, an organization cannot positively secure any system that has unknown applications or utilities installed. Today’s software discovery and identification tools use algorithmic “best guesses” for the identification of applications installed on a device and these identification tools vary significantly in their accuracy and consistency and they fail miserably when data needs to be reconciled between tools.
TagVault.org, the registration and certification authority for ISO/IEC 19770-2:2009 Software Identification (SWID) tags, today announced that it is simplifying its membership model, expanding the number of board seats, and lowering the cost of membership. These changes are based on the interests of both commercial and governmental organizations that have recognized that a better approach to accurate and authoritative software identification can save money and lower risk for every organization engaged in software creation, purchasing or management.
To read the details, click here.
iQuate Joins TagVault.org
Today iQuate, the automated IT discovery, inventory and measurement specialists for large enterprises, announced its support of Tagvault.org and the organizational benefits enabled by ISO/IEC 19770-2:2009 Software ID (SWID) tags.
The movement toward industry-wide adoption of software identification (SWID) tags promises to facilitate clarity and cost savings in managing enterprise IT inventory. SWID tags are simple XML files placed on machines hard disks by supporting software, and provide a universal method for tracking and managing the software applications running in an IT estate.
To read the full press release, click here.
Cicala and Associates published an open letter to software publishers. This letter allows individuals and organizations to make a clear statement to their software vendors the vendors need to work together as a community to make it easier to identify and track software for any product from any vendor on any platform in a consistent and accurate manner.
Microsoft Announces Support for SWID Tags
Recent announcements regarding software identification tags provide the necessary support for software purchasing organizations to make new requirements to their software vendors:
- Microsoft announced support for ISO 19770-2 software identification (SWID) tags for the tools and software products Microsoft develops.
- TagVault.org is working with many other organizations including MITRE to improve the software identification capabilities for the security content automation protocol (SCAP) processes that are in use today and are designed to lower vulnerabilities and risk levels.
What do these two things have in common? In short, they are ushering in a new era of software management and defining a new set of expectations for software buyers. By the end of 2012, software buyers will include requirements for SWID tag support as part of their software purchasing process.
NOTE: Document Update – now distributing V2 of this document.
This article and the referenced document is provided primarily for individuals working within the US Government or related organizations and have an interest in the overall Security Content Automation Protocol (SCAP) standards and processes. There will be many commercial organizations that will benefit from these efforts in the short term and many more that will benefit in the medium term, however this document does not attempt to provide an education on what SCAP is, or how the integration from a certified SWID Tag to a CPE name will benefit the overall capabilities of SCAP. (more…)
The WiX development team removes the last excuse for windows software publishers to support standardized software identification (SWID) tags. This is a win for the consumer who will start to see better, more accurate and less-expensive technology for software logistics, security and compliance activities.
Hot off the press – the WiX installer team announced that WiX supports 19770-2 SWID tags. With this announcement, all three major Windows installation tools – Advanced Installer, Installshield and now WiX – provide native support for the creation and installation of SWID tags. (more…)
The software supply chain and management process is a complete mess and the situation will get worse with the addition of new computing platforms and alternative licensing requirements for virtual and cloud based environments. Unless there is a change in the status quo, everyone in the software ecosystem will end up spending more on management and less on development equating to higher overhead for everyone!
There is a better way and it starts with a very simple expectation that software should automatically and consistently provide authoritative identification information for every single title by every publisher across every platform in a consistent fashion. Does authoritative software identification solve the whole problem – no! However, it does fix numerous problems in the supply and management chain that cost excessive money, time and resources today and enables better solutions across the whole industry in the future. (more…)
To help companies meet today’s evolving industry standards; ModusLink supports ISO/IEC 19770-2 software identification tags (SWID tags) which provide identifying information for software. The standard simplifies and standardizes software identification processes. Using SWID tags allows software purchasers to reliably and accurately track its software within their organization.
The ISO/IEC JTC1 SC7 WG21 Working Group responsible for the 19770 group of SAM standards has recognized TagVault.org as a Platinum Contributor to the development of software asset management standards and the practical implementation of software tagging as defined in ISO/IEC 19770-2:2009.