We think SWID tags are an important element that can help improve the overall security of critical infrastructure and key resources.
Past News ReleasesRSS
Piscataway, NJ (PRWEB) December 20, 2012
TagVault.org, the registration and certification authority for ISO/IEC 19770-2:2009 Software Identification (SWID) tags, today announced that it is simplifying its membership model, expanding the number of board seats, and lowering the cost of membership. These changes are based on the interests of both commercial and governmental organizations that have recognized that a better approach to accurate and authoritative software identification can save money, improve security and lower risks for every organization engaged in software creation, purchasing or management.
“TagVault.org, like the Department of Homeland Security (DHS) and other federal agencies and commercial organizations, would like to see barriers for the adoption of SWID tags reduced and, where possible, removed altogether. This is one reason the membership fees have been reduced as well as scaled to accommodate for size of the publisher,” says Steve Klos, executive director of TagVault.org. “TagVault.org’s ultimate goal is to create a community of registration and certification organizations that can work together to define and support a standardized implementation and a certification process for SWID tags across software publishers, ensuring consistency of implementation for software from any publisher on any platform. Standardization of SWID tagging implementations, the normalization of data, along with certification processes and organizations is critical to reducing the implementation costs for software publishers and SAM tool providers, and to providing the most value to IT organizations. Changing the membership structure is an important step towards this goal as it will allow for more organizations to participate in setting the direction for SWID tags, and to benefit from working with other TagVault.org members to accelerate their standardized implementation of SWID tags.”
New developments in the software industry enable new platforms, new mobile devices, new operating environments and new computing paradigms which, applied appropriately, provide significant benefits to organizations that license and use software. What’s been missing is a universal method that can be used to track and manage the numerous software components installed on an organization’s computing devices. The TagVault.org program is designed to support the management of these disparate components on any operating system in a way that works with existing software products, allows flexibility for new products or computing paradigms and allows for a more secure and more effectively managed IT infrastructure that ultimately will require fewer resources.
“DHS works collaboratively with private sector critical infrastructure resources as well as the ecosystem that supports these organizations to improve their cyber security posture - and that's one of the key drivers for the cyber security division of DHS to be involved in SWID tags,” said Richard Struse, the Deputy Director for Software Assurance in the Department of Homeland Security's National Cyber Security Division during a presentation at a conference in May. “We think SWID tags are an important element that can help improve the overall security of critical infrastructure and key resources.”
TagVault.org brings software vendors, IT discovery and inventory tool providers, and software procurement teams together to specify the certification rules and provide tools that help the entire industry support a more effective IT operation in the areas of software security, logistics and compliance.
TagVault.org is a certification authority for software identification tags based on the ISO/IEC 19770-2:2009 standard. Formed as a non-profit organization under IEEE-ISTO, TagVault.org provides a shared library of software tools, technical knowledge and communications forums that decrease the costs of creating, managing and using software identification tags.
TagVault.org's certification process ensures SWID tags fully conform to the specification; provide a minimum specified level of information while also ensuring that all terms used in the tag are normalized. Certified software identification tags are digitally signed and time-stamped ensuring authoritative tag data that any third party can validate. Certified software identification tags enable accurate and authoritative software identification reducing the cost and complexity and improving accuracy of software logistics, security and compliance activities for all SAM eco-system members.
For more information, please visit http://www.tagvault.org.