TagVault.org's Anniversary

By Howard Hastings -  Chairman of the Board of TagVault.org

TagVault's anniverary: a New Year, a New Decade, a New Era for Software Management!

As most of you know, our community has been working for many years to establish a standardized means to identify software accurately and consistently. Well, all of that diligence finally paid off when ISO/IEC 19770-2 was approved and published last November, 2009.  

Obviously, those of us involved with bringing TagVault.org into being on February 28, 2009 felt the time was right and necessary for creation of an independent organization to certify 19770-2 software identification (SWID) tags and act as a single voice of the community to fuel adoption of the standard.

For the first time we have the means to accurately and consistently identify the software products installed on our computing systems. Beyond giving us the visibility for IT management we always desired (and assumed should be there all along), we’ll finally be able to confidently monitor our licensing situation.

However, there remains one huge challenge: “convincing” the software publishers that they MUST adopt the standard. The plain fact of the matter is that most software publishers seem to put more value on new wiz bang features than on software manageability that would make it easier for their customers to track and manage their software assets. Publishers appear as if they want to keep their customers in the dark about the details essential to proper management of license management.

This has always puzzled me, since it seems obvious that happy customers that can easily and effectively manage their own software licenses would represent loyal, repeat business revenue with the least cost to obtain and support. These very same software publishers talk about being “partners” with their customers by establishing a mutually beneficial relationship:

”…working together to navigate the treacherous waters of today’s volatile and highly competitive market!” 

But, how can a customer truly trust a vendor that on one hand “hides” the complete truth about their product’s licensing while on the other hand expects to retain the right to audit their customers’ use of those same software products? 

So, how do we get those software publishers to get on board? By leveraging our buying power!

The bottom line is that each and every organization that purchases software MUST now REQUIRE software vendors’ products to conform to providing certified SWID tags based on the ISO/IEC 19770-2:2009 standard. And we MUST act TODAY! Sure, it will take some time for those software publishers to make the necessary changes. However, we’re certainly not talking about rocket science since they have 100% of ALL the information they need to accomplish the task (the required details come from their own products and licensing models after all!). And, we’re not about a very costly modification to their application code – it’s merely an XML file created during installation by their product install function.

What about software publishers that refuse to conform to ISO/IEC 19770-2:2009? Fine…but, in turn, our Legal and Contracts departments should simply refuse to allow those vendors to include ANY verbiage about auditing or compliance in the license agreements. That’s fair, right? If the software publisher won’t give you what you need to easily and effectively manage your licenses then they shouldn’t expect to be able to audit you!

For those skeptics among you, I can already hear the grumbling…”who does he think he is?”, and “where does he get off making statements like that?”

Well, one glance at my bio and you’ll find that I’ve been on all sides of the software licensing snafu:

  • As a buyer I was personally responsible for my organization’s license compliance.

  • As a publisher I had to ensure our customers could properly understand their licensing needs and obligations.

  • As a consultant I advised buyers on how to manage software, optimize licenses , and defended / negotiated on their behalf during external audits.

  • As an instructor I teach the basics of copyright law, how it applies to software, and how to prepare for and conduct a “cooperative audit” with software associations and vendors.

  • I helped to create the original draft of what has become the ISO/IEC 19770-2:2009 standard.

So, I think I’m representing a reasonable view of the situation. That said, let’s stop talking and start working together to make this standard a reality. Believe me, it will beat hands down the one-sided “partnership” we’ve been forced to live with since the first commercial software product was created and sold! The Air Force has already published the first RFP to require SWID tags. The HP DDMI product manager is promoting the concept of software purchasing entities putting themselves in the driver’s seat to (two blog posts – one giving an overview of SWID tags, the other detailing how SWID tags resolve a significant number of SAM issues). Finally, the GSA is working with TagVault.org and others to define a minimum set of certification requirements for SWID tags. If everyone who buys software requires these changes, the publishers will absolutely hear and recognize the need. Review the TagVault.org article detailing how you can add language to your contracts!