2012 Software Identification Summit - a Huge Success!

The 2012 Software Identification Summit was held on May 2nd and the responses received from attendees were extremely positive.  The event allowed attendees to network with other organizations in the software ecosystem who focus on accurate and consistent software identification data.  Attendees to the summit left with new contacts and a significant amount of information about the current and near term status of SWID tags.  

Slides from the sessions may be accessed through the link below.  Videos of the sessions will be available from the TagVault.org website in the near future.
 

Three particular presentations highlighted the issue from the perspective of customer demand and publisher provisioning:

• Richard Struse, from the Department of Homeland Security, detailed why having SWID tags certified at the secure asset management level are critical to the needs of organizations that care about security both inside the government as well as in commercial organizations.  Richard also provided 3 key areas for how the federal government can help foster SWID tag support:
  
  
  • development of a whitepaper in consultation with the private sector
  • promote adoption through procurement requirements
  • integrate SWID tag data with the SCAP infrastructure

Richard also detailed 3 areas where the private sector can promote SWID tags:

• Publishers: include (certified) SWID tags in products
• Consumer: define procurement requirements that include SWID tags
• Everyone: provide input to the Federal Government on the development of the SWID whitepaper
   
• John Richardson, from Symantec, detailed the specifics for the digitally-signed, certified ISO 19770-2:2009 SWID tags Symantec has been shipping since Feb 2010:
  • Initial approach, low impact, only impacts installer, tags for apps, components, and patches, as little as one week to integrate tags
  • Tags provided in the following products
    • Symantec Endpoint Protection
    • Symantec Enterprise Vault
    • Symantec NetBackup
    • Symantec Control Compliance Suite

John's presentation also goes into detail on Symantec's implementation efforts around tagging and Symantec’s unwavering view that authoritative software identification is a problem the whole software industry needs to come together to solve with a unified approach that works for software purchasers, tool providers and software publishers.

• Heather Young, from Microsoft, detailed the reasons why Microsoft announced support for SWID tags, then surprised everyone by announcing that Microsoft is going to be joining as a member of TagVault.org.  Microsoft’s interests are to help define and encourage requirements around software ID Tags that provide for the security capabilities required by the Federal Government as well as to lower the costs of license management and other IT operations for commercial organizations.
   

You may also want to review the materials from Steve Klos , Scott Lemm and/or John Tomeny.  Every speaker focused on a particular concept for SWID tags and this material will likely be useful for you to build a business case towards the support for tags.