TagVault.org is a non-profit organization formed under the structure of IEEE-ISTO. It is a registration and certification authority for software identification tags (SWID tags) based on the ISO/IEC 19770-2:2009 standard. TagVault is a member-driven organization that provides a forum for sharing information and resources about software tags among software publishers, tool providers and SAM practitioners. TagVault provides a shared library of technical knowledge and software tools including consistent cross-vendor, cross-platform APIs.

2012 Software Identification Summit

Save the date! 

Date:  May 2, 2012

Cost:  $100 Facilities Fee

Location:  Campbell, CA (close to the San Jose International Airport - SJC)
 

Breaking through the fog of misinformation!

This year’s summit focuses on software security and software publisher benefits of TagVault.org certified software identification (SWID) tags. Industry experts will give detailed presentations on the issues and risks related to software assurance, and how certified ISO SWID tags can be used to improve the ability for consumers to mitigate these issues and risks. We will also go into detail about how software publishers benefit by including TagVault.org certified SWID tags with their software products.

Automation of CPE Names Using Certified SWID Tags

 

This article and the referenced document is likely to be of primary interest to individuals working within the US Government or related organizations and have an interest in the overall Security Content Automation Protocol (SCAP) standards and processes.
 
This paper describes how software identification (SWID) tags for identifying software installed on computing assets can integrate with and potentially automate the creation of  Common Platform Enumeration (CPE) names, which provide hardware and software information about computing assets.
 
The CPE name is designed to provide the following (from the CPE 2.3 Naming Specification Standard):

 

You've got questions, we've got answers - let's see if they match...

TagVault.org will be participating in a Panel discussion on the 19770-2 standard at Flexera's SoftSummit conference in San Jose, CA from Oct 24 - 26.  David Wright, CTO of Veritag, John Richardson, Director Licensing Technology for Symantec and Steve Klos, Executive Director of TagVault.org will be on the panel and we are ready for your questions - please send them to us!

Flexera recently announced that InstallShield 2012 creates and installs SWID tags by default as part of the software installation process on Windows devices.  This removes even the slightest barrier for a huge number of ISV's who may otherwise gloss over the fact that their customers are spending significant money and resources trying to make their best guess about what software is installed on a device. 

2011 IAITAM Conference Promotes ISO SAM Standards

As usual, the 2011 IAITAM conference was very well attended and the only complaint I heard was the problem of having too many interesting speakers presenting at the same time (6 different tracks over a period of 3 days provides a lot to choose from)!
 
IAITAM has played a very active role in the effort to create and promote SAM standards to the community.  IAITAM is a Category C Liasion to Working Group 21 (WG21) which is the group focused on developing SAM standards.  IAITAM clearly sees the ISO SAM standards as a benefit for the whole community and is working hard to ensure the message is distributed as far and wide as possible.  The entire ISO team would like to thank IAITAM for this on-going and very active support!

TagVault.org Industry Focused Activities

In addition hosting the the annual software identification summit (next summit - early May 2012), TagVault.org participates in many conferences and other industry related activities throughout the year. Since the program is a non-profit organization, we attempt to keep our costs down and travel only when necessary. If we are at a conference or meeting near you and you want to setup a meeting, please let us know via the contact form on this website and we would be happy to setup some time to meet face to face.
 
Meetings and Activities currently on the calendar for the latter half of 2011 include:

Resounding Approval for the 2011 Software Identification Summit

On May 4th, in the Washington DC area, the first annual software identification summit was held to provide a forum for all software ecosystem members to discuss the future of software identification.    The summit was attended by a number of governmental agencies, software publishers, tool providers as well as software procurement and management teams. 
 
The summit provided detailed explanation and examples of how tags work, expanded the general understanding and comprehension of the Tag standard and provided the foundations of how the market needs to implement the standard to ensure authoritative and consistent software discovery and identification processes for any product, publisher or platform.  The summit provided a strong foundation for the software community to further the discussions on how important software tagging is to the industry.

The software supply chain and management process is a complete mess!

 
The software supply chain and management process is a complete mess and the situation will get worse with the addition of new computing platforms and alternative licensing requirements for virtual and cloud based environments. Unless there is a change in the status quo, everyone in the software ecosystem will end up spending more on management and less on development equating to higher overhead for everyone!
 
There is a better way and it starts with a very simple expectation that software should automatically and consistently provide authoritative identification information for every single title by every publisher across every platform in a consistent fashion. Does authoritative software identification solve the whole problem – no! However, it does fix numerous problems in the supply and management chain that cost excessive money, time and resources today and enables better solutions across the whole industry in the future.
 
Read more about Pat's perspective!

Asking for a Signature Improves IT Security

Do you trust the vendors that supply software to your organization? In most cases, the answer to that question is very likely “yes” – at least in terms of the fact that the software will not purposefully cause harm to your organization’s infrastructure or data. How about the delivery people who handle the shipments – do you trust them? How about all the various systems on the Internet that your electronic distributions travel through – are all your transfers secured using encrypted communications? Is there any way for your organization to know if installation media delivered through any means to your IT group has exactly the files that the publisher created?

Syndicate content

Software Publishers

By providing the information your customers need to more effectively manage their licenses, the cost of compliance is lowered for everyone.

SAM Tool Vendors

A standardized, publisher-defined method to identify software allows you to focus on helping users maximize their software asset utilization.

SAM Practitioners

Accurate software inventory is critical to managing software assets and eases compliance with purchase contracts.