ISO 19770-2 PDF

The tags are XML files that are used for discovering and identifying software. They are delivered with software products and contain unique product-related information such as its name, edition, version, whether it is a part of a bundle and more. SWID tags facilitate software discovery and the overall process of software asset management. Unicode Available from 9.

Author:Grorr Gardara
Language:English (Spanish)
Published (Last):19 August 2011
PDF File Size:7.90 Mb
ePub File Size:19.96 Mb
Price:Free* [*Free Regsitration Required]

Enterprises and individuals routinely acquire software products and deploy them on the physical and virtual computing devices they own or operate. Discovery is technically challenging due to the enormous variation across the software industry in what it means to be a unit of software. For example, a single unit of software may consist of a combination of executable files, data files, configuration files, library files, and more.

A single unit of software may also include supporting software units which may be independently installed and executed, as well as changes to the underlying operating environment, such as the addition of device drivers and entries in an operating system maintained tables and databases. The SWID tag standard was developed to help overcome the technical challenges associated with software discovery, identification, and contextualization, and thereby enhance the accuracy and reliability of software asset management processes.

Tags aid identification by including a consistent label for a product within its tag. There are three primary methods that may be used to ensure SWID tags are available on devices with installed software: SWID tags created by a software creator or publisher which are installed with the software are the most authoritative for identification purposes.

Organizations can create their SWID tags for any software title that does not include a tag, allowing the organization to more accurately track software installations in their network environment. Third party discovery tools may optionally add tags to a device as software titles are discovered. Specifically: End-User OrganizationS Organizations and entities that use information contained in SWID tags to support higher-level, software-related business, and cyber security functions.

Ideally, the organizations involved in creating, licensing, and distributing software products will also create the tags that accompany their products. This is because these organizations are best able to ensure that the tags contain correct, complete, and normalized data. In other cases, tags may be produced and distributed by other entities, including third parties and through the use of automated tools. The implementation of SWID tags supports these stakeholders throughout the entire software lifecycle from software creation and release through software installation, management, and retirement.

SWID tags can be created by anyone, so individuals and organizations are not required to be part of TagVault.


Support for ISO/IEC 19770-2

Symantec has also released multiple products that include SWID tags and is committed to helping move the software community to a more consistent and normalized approach to software identification and eventually to a more automated approach to compliance. This equates to approximately product releases a month that include SWID tags. Governmental support[ edit ] The US federal government has identified SWID tags as an important aspect of the efforts necessary to manage compliance, logistics and security software processes. The primary intentions of are: To provide a basis for common terminology to be used when describing entitlement rights, limitations and metrics To provide a schema which allows effective description of rights, limitations and metrics attaching to a software license. The specific information provided by an entitlement schema ENT may be used to help ensure compliance with license rights and limits, to optimize license usage and to control costs. Though ENT creators are encouraged to provide the data that allow for the automatic processing, it is not mandated that data be automatically measurable. The data structure is intended to be capable of containing any kind of terms and conditions included in a software license agreement.


ISO/IEC 19770-2:2015



ISO/IEC 19770


Related Articles