19770-2

Overview and how to purchase

The ISO/IEC 19770-2:2009 standard specifies the structure and basic usage of software identification. The standard is available for purchase from the ISO and ANSI online stores, or your country's standards body. The XSD is also available for electronic access from the ISO website. Any organization regardless if they are a software publisher, or a software purchaser, can create standardized software identification (SWID) tags that are installed at the same time a software product is installed.

Benefits of SWID tags

Installing software that has a SWID tag lowers the cost of software asset management by increasing the accuracy and consistency of software identification. Software asset management (SAM) programs are less expensive to implement and will support a broader portfolio of software. Since SWID tags provide a consistent set of values, large organizations that have multiple discovery tools across business units, locations or platforms now have a way to consolidate and reconcile inventories.

Benefits of SWID tags extend well beyond software compliance activities encompassing any IT process that relies on accurate software inventory including security compliance, patch management, desktop management, help desk processes and corporate policy compliance. Organizations gain significant value for operational security programs. Cost savings are recognized by all members of the SAM ecosystem from the publishers, to tool and service providers to the software purchasers.

What's in a SWID tag?

SWID tags are XML files that follow a standard structure for detailed information about the specific software product. The standard defines 7 mandatory elements and 30 optional elements. The standard also allows for extensions to the structure of SWID tags to ensure the tags provide any data required by the publisher, tool provider, software purchaser or registration/certification authorities. Finally, due to the fact that the SWID tags are XML files, it is possible for additional information to be added to a tag by a downstream user. For example, an organization deploying software may want to indicate who tested and released a particular product and when - that information can now be included in the SWID tag and collected during inventory processing.

The importance of SWID tags for entitlement management

SWID Tags have been designed to work hand-in-hand with software entitlement tags (based on the draft ISO/IEC 19770-3 standard). When 19770-3 is published and implemented, organizations across the software ecosystem will see a significant automation in compliance tools as well as many new and interesting tools in the license optimization space.

Additional Information Resources

TagVault.org is the certification authority for SWID tags and a non-profit program of IEEE-ISTO. Since the standard was published in 2009, TagVault.org has proactively ensured that the market has the tools, technology and information available to create, digitally sign and use software tags. The overall goal of TagVault.org is to ensure the initial implementation of SWID tags is done as smoothly, quickly and at the least cost possible for all members of the software market. That means that TagVault.org also specifies the certification requirements to ensure consistent use of the element data values that the SWID tags provide.

TagVault.org provides a significant number of whitepapers, videos, news articles, and presentation materials on their website - http://www.tagvault.org.

Latest WG21 news

RSS RSS feed
More news
© 2013 ISO/IEC. All rights reserved.