Cherwell IT Service Management Blog
Resources, Best Practices, and Solutions for ITSM Pros

Reflections on TagVault’s 2012 Software Identification Summit

Posted by

TagVault is a non-profit organization that serves as a registration and certification authority for software ID tags based on the ISO/IEC international standard.]

For those of you who have, at some point in your lives, been frustrated and/or overwhelmed by the ominous challenges related to software recognition, you may be aware that there’s an international effort dedicated to solving the problem. Last week I attended TagVault’s 2012 Software Identification Summit, whose purpose is to promote the benefits of widespread adoption of software ID tags, as defined by ISO/IEC 19770-2:2009. For organizations concerned with software license management, this portion of the broader 19770 standard is an important development to follow, as its adoption by software publishers has the potential to transform the process of software recognition from a task wrought with tedium and error into a simpler, more reliable process.

In last year’s blog post about the 2011 Summit, we discussed our observation that although there was widespread agreement about the importance of software tags, few publishers had shown any real commitment to adopting tags—most likely due to the perceived lack of tangible financial benefits of doing so. Perhaps most conspicuous in its silence was Microsoft, who, despite participation in the early stages of development of 19770-2, hadn’t yet uttered a word about their plans to either embrace, reject, or propose an alternative to the international standard.

However, this year the summit was abuzz with word of Microsoft’s recent pledge of support for the ISO/IEC tagging standard. With Microsoft now committed to tagging their software, the playing field has shifted considerably, and other software publishers will surely fall into line—which is great news for organizations struggling with the software recognition challenge.

Other highlights of this year’s summit included:

  • Richard Struse, Deputy Director for Software Assurance, National Cyber Security Division, U.S. Department of Homeland Security. In his keynote, Mr. Struse focused on the security aspects of how software tags can be used. Security, for the DHS, means knowing every single executable that resides on agency computers. The more accurately the DHS can accurately identify what’s installed, the fewer executables that need to be investigated. The DHS has significant skin in the game with respect to software tagging; in fact, they are one of a number of US government agencies that are driving adoption among software publishers through RFP requirements for software tags.
  • John Richardson, Director of Licensing Technology Strategy, Symantec. Symantec was one of the earliest supporters of software ID tags and has already begun tagging some of its products. Mr. Richardson spent time discussing the technical side of how Symantec is implementing tags within its technology.
  • Scott Lemm, IT Asset Practice Manager, TechTeam Global. Mr. Lemm addressed the use of software tags from a service management angle. His company, TechTeam Global, a consulting company that helps organizations develop asset management programs, has begun generating tags as part of their engagements to help identify and manage key applications for their clients.
  • Heather Young, Global Manager of Software Asset Management Services, Microsoft. Ms. Young’s appearance at the summit was met with great interest and enthusiasm due to the recent announcement made by Microsoft to support the international tagging standard. She and her team were responsible for building the business case within Microsoft for tagging their products, with customer satisfaction as the stated driver. According to Ms. Young, Microsoft is in the process of modifying their common engineering criteria to require tagging for all releases. With Microsoft’s commitment, she expects to see a tidal wave of tags from other software publishers in the future. She also announced Microsoft’s intent to become a member of TagVault.
  • John Tomeny, VP of Business Development, Sassafras Software. Mr. Tomeny discussed the status of ISO/IEC 19770-3, the next level of application recognition, intended to reveal license entitlements associated with installed software, and how it fits into the entire set of 19770-based standards. According to Mr. Tomeny, the standard is undergoing a comment period, and assuming all goes well, could be adopted as early as next year.
  • Steve Klos, Executive Director, Mr. Klos, the driving force behind the annual summit, re-iterated the benefits of software ID tags to software publishers from a customer satisfaction standpoint and emphasized the importance of tag adoption among software publishers, as well as among software asset management tool providers from the standpoint of collection and interpretation of tagging data.

From a practical standpoint, a couple of significant questions remain: First, when will Microsoft release a spec outlining exactly how their products will implement the standard? (The standard requires that a certain minimal level of information be included in a software ID tag, but allows for optional and extended details.) From our perspective as an asset management tool vendor, the ability to support software tags for Microsoft customers is contingent on our ability to properly consume and interpret that information. It’s therefore imperative that Microsoft define and publish their plan as soon as possible in order for asset management vendors like ourselves to have time to react and, most importantly, for customers to receive the full range of benefits.

Secondarily, even with software publishers tagging their new releases, the pervasive issue of non-tagged applications residing on enterprise desktops will exist for many years to come. This reality will leave end-user organizations with several options: 1) work with asset management technology that relies on one of the “traditional” recognition methodologies, ensure the limitations are well-understood, and develop practices by which inaccurate and/or incomplete data can be accounted for and corrected, 2) utilize a hybrid tool that identifies and normalizes data derived from both tagged and non-tagged software by combining the former option with tag-based recognition, or 3) rely exclusively on software tags by becoming familiar with the ISO 19770-2 standard, and use this knowledge to retroactively assign tags to untagged applications.

Despite the uncertainties, the overall news is very positive for end users. The scales have tipped in favor of tags, and at some point, although still many years away, the task of turning raw, discovered application information from multiple potential sources into normalized software titles will eventually be a thing of the past.

As for our customers, you remain in good hands. Our propriety software identification database, which we recently spun off into its own business entity called Apptria Technologies, has for many years performed the task of application recognition with both accuracy and comprehensiveness, making the timeline for tag adoption among the wider software publisher market virtually irrelevant. That said, given the likelihood of eventual widespread adoption, we are committed to not only support, but also embrace, the use of software tags. To this end, our 10.0 release of our asset management software, Express Software Manager, shipping this summer, will be tagged according to the ISO standard, as well as offer the ability to collect and report on tagged software.

Kudos to Microsoft for taking this important first step; it’s exactly what’s needed to galvanize critical mass for software tagging and eventually overcome the application recognition challenge once and for all!