December 01, 2010 11:15 ET

Reducing the Cost of Accurate Software Inventory Provides Tools to Increase Accuracy and Reduce Costs of Software Discovery

PISCATAWAY, NJ--(Marketwire - December 1, 2010) -, the registration and certification authority for ISO/IEC 19770-2:2009 software identification (SWID) tags, today announced the release of tools to automate the creation, verification and digital signing of software identification tags.

The tools make the development and distribution of certified SWID tags easier, less expensive, more authoritative and consistent. Certified SWID tags provide the first tangible steps for purchasing organizations to receive the authoritative, accurate and consistent inventory information required for many IT processes including software asset management (SAM), desktop management, patch management and security management. Among other things, collecting an accurate software inventory minimizes the potential impacts of a negative software audit -- certified tags provide critical software inventory data without the excess cost, confusion and difficulty organizations have today when trying to implement an effective SAM practice.

For further details, go to 

Software Tagging Tools Available

The ISO/IEC 19770-2:2009 standard provides specific details on the structure of SWID tags and includes details about how specific values in the tag can be digitally signed. However, there is a large step for organizations to move from a specification and structure defined in the standard to a process they can use to create and manage SWID tags. The process of creating an authoritative SWID tag includes a relatively complex procedure for digitally signing values in the tag as well as the additional complexity of providing digital timestamps. These are some of the areas the tools automate and simplify.

The tools are developed in Java and are released on Windows, Macintosh and Linux platforms. Two tools are being released initially -- a tag creation and signing tool and a tag verification tool. The tag creation and signing tool logically groups the 37 different specified tag elements into an effective user interface that validates data as it is entered. It makes digital signatures as easy as identifying the elements that need to be signed, specifying if a timestamp is required or not and entering the password for accessing the digital certificate. The tag verification tool validates the timestamp, ensures that the tag was digitally signed while the digital certificate is valid and validates that all data values in the SWID tags are unchanged. 

The tools are designed for both the software purchaser who wants to add SWID tags to software as it is distributed and installed in their organization, as well as for software publishers who want to create certified SWID tags that are installed at the same time as their software products. The tag validation utility will generally be utilized by software purchasing organizations to validate the authenticity of tag data as well as by inventory and SAM tools to automate the validation process.

Tool availability

Executable binaries and source code for the tag tools are available to members of based on member level. Organizations can find information about becoming a member and access the tools or source code for the tools on the website.

Start reducing the cost and complexity of software identification today!

About is the certification authority for software identification tags based on the ISO/IEC 19770-2:2009 standard. Formed as a non-profit organization under IEEE-ISTO, provides a shared library of software tools, technical knowledge and communications forums that decrease the costs of creating, managing and using software identification tags.'s certification process ensures tags fully conform to the specification; provide a minimum specified level of information while also ensuring that all terms used in the tag are standardized. Certified software identification tags are digitally signed and time-stamped using a certificate issued by VeriSign -- ensuring the accuracy of tag data that any third party can validate. Certified software identification tags enable accurate software identification which reduces software asset management cost and complexity for all SAM eco-system members.

For more information, please go to