TagVault.org is a non-profit organization formed under the structure of IEEE-ISTO. It is a registration and certification authority for software identification tags (SWID tags) based on the ISO/IEC 19770-2:2009 standard. TagVault is a member-driven organization that provides a forum for sharing information and resources about software tags among software publishers, tool providers and SAM practitioners. TagVault provides a shared library of technical knowledge and software tools including consistent cross-vendor, cross-platform APIs.
Do you trust the vendors that supply software to your organization? In most cases, the answer to that question is very likely “yes” – at least in terms of the fact that the software will not purposefully cause harm to your organization’s infrastructure or data. How about the delivery people who handle the shipments – do you trust them? How about all the various systems on the Internet that your electronic distributions travel through – are all your transfers secured using encrypted communications? Is there any way for your organization to know if installation media delivered through any means to your IT group has exactly the files that the publisher created?
Tired of the software identification mess? Software purchasers can make a difference today!
Anyone who tells you that they know exactly what software they have installed, and that they have it all under control, is deceiving someone – themselves or you – or they are spending far too much money doing what they are doing. Software discovery tools have to make educated guesses and generalizations about much of what they find. The tools are much better than nothing – like a horse and cart are better than walking. But they are imperfect, because the publishers do not make it easy to determine exactly what is installed and needs to be paid for. So what happens when you get audited by the software publishers? They find copies, and versions, and violations of licensing terms and conditions which you did not expect, and you have to pay the price of not being able to control the software you have purchased when the publishers have not given you the necessary means for control.
TagVault.org has released two tools to production that help with the creation and validation of certified Software Identification (SWID) tags. TagVault.org is the registration and certification authority for SWID tags based on the ISO/IEC 19770-2:2009 standard. The tools allow software publishers and purchasers to: