SOURCE: TagVault.org

TagVault.org

August 30, 2010 13:00 ET

Newly Approved TagVault.org Software Identification Tag Certification Requirements Will Save Companies and Government Time and Money on Software Identification and Negative Software Audit Findings

Large Software Purchasing Organizations Expected to Require Certified Tags as Part of Software Purchasing Requirements

PISCATAWAY, NJ--(Marketwire - August 30, 2010) -  In today's environment, it is nearly impossible for organizations to accurately identify all the software products from all vendors on all operating systems in use on their corporate computers. This problem continues to multiply as new devices such as smart phones and tablet computers enter the market. The ability to accurately identify software directly affects the ability to manage software assets. Therefore, the lack of this ability results in increased cost and exposure to risk such as: License Management (over and under licensing software, potential vendor audits); Security (unauthorized applications, malware, patch management) and Platform Stability (inter-operability between applications).

There is a market-ready solution to this problem based on the ISO/IEC 19770-2:2009 standard for software identification tags. Organizations that want to improve the accuracy, consistency and verifiability of their software inventory can require software publishers to include TagVault.org certified software identification tags as part of their purchasing process. By specifying a requirement for certified tags based on the recently released TagVault.org certification requirements, organizations will know exactly what information will be provided with every software application they purchase; know they can use their existing tools to collect software identification tags; and know that the certified tags can be independently validated to ensure that key data elements have not been modified. If software publishers are unable to comply with this requirement then changes to the audit clause in purchasing contacts are in order. While it is unlikely that audit clauses will be complete removed, they should at a minimum be modified to limit the liability of the purchaser until the publisher provides the certified tags. While this may seem like a significant change, software publishers can include software identification tags in their software products without a major disruption to their current processes.

As some of the largest software purchasing organizations in the world, the U.S. Department of Defense and the U.S. General Services Administration (GSA) helped to define the requirements for the TagVault.org Asset Management software identification certification level. "Software identification tags offer a simple but elegant solution for strategically managing IT assets throughout their require-procure-use-reuse-dispose lifecycle. As government and large and small companies alike move towards cloud computing, more consolidated data center operations, and towards more secure and sustainable day to day virtual work environments -- requiring embedded software identification tags within all delivered products provides 'the' cornerstone for building a comprehensive asset management solution -- and provides the 'key' to better manage both risk and opportunity," said Alan Vander Mallie, Federal ITAM Program Manager of GSA. "Requiring software identification tags in all procurements is critical to eliminating the overall complexity of ITAM issues. Software identification tags are vital to eliminating the risk of not knowing for sure what a software product is and who provided it. Finally, software identification tags offer the desired opportunity to strategically leverage assets -- making it easier to discover and manage what the organization has by using automated tools, enterprise level feeds and dashboards, and robust ISO-IEC processes. The GSA federal ITAM program has recommended adding mandatory contract clauses that require embedded software identification tags for all products and applauds the efforts of the workgroup as they complete their initial specification for certified software identification tags."

The TagVault.org certification requirements for software identification tags were developed as part of an official work group by individuals and organizations that span the spectrum of the software ecosystem including software suppliers, asset management tool providers, and purchasing organizations. "It was fantastic to work with a group of talented individuals from across the software licensing spectrum to define a solution that can be verified and certified and solves a fundamental problem of authoritative software identification," said Steve Klos, Executive Director of TagVault.org. "Providing an authoritative approach to accurate software identification based on the ISO/IEC 19770-2:2009 standard is a major step forward toward the ability to automate software license reconciliation across the entire industry in an automated fashion reducing organizational costs and security risks while simultaneously decreasing IT resource costs."

Certification Document Availability
The certification document outlining the requirements for the two (Base and Asset Management) levels of certification for TagVault.org software identification tags can be found on www.TagVault.org. This information is available today at no cost to TagVault.org members above the adopter level and at a nominal cost to non-members.

About TagVault.org
TagVault.org is the certification authority for software identification tags based on the ISO/IEC 19770-2:2009 standard. Formed as a non-profit organization under IEEE-ISTO, TagVault.org provides a shared library of software tools, technical knowledge and communications forums that decrease the costs of creating, managing and using software identification tags.

TagVault.org's certification process ensures tags fully conform to the specification; provide a minimum specified level of information while also ensuring that all terms used in the tag are standardized. Certified software identification tags are digitally signed and time-stamped using a certificate issued by VeriSign -- ensuring the accuracy of tag data that any third party can validate. Certified software identification tags enable accurate software identification which reduces software asset management cost and complexity for all SAM eco-system members.

For more information, please go to www.tagvault.org.