Cybersecurity and SWID Tags – What You Don’t Know Can Hurt You!

Cybersecurity and SWID Tags – What You Don’t Know Can Hurt You!

Can you identify every piece of software that is installed in your organization? Have you been told (likely by your vendor) that you are using the very best recognition library on the market? Can you correlate all software products installed against all known vulnerabilities and identify where there may be known risks in your organization? The real answer to these questions for most organizations is “No”, “Yes” and “Oh – that’s a pipe dream”.
SWID tags move this idea from being a pipe dream to being a reality – helping organizations automate security, compliance and logistics IT processes. Be part of the user and vendor community that defines how SWID tags delivers on these goals in a productive and efficient manner and attend the SWID Tag Workshop hosted by NIST in on April 26th and 27th at the National Cybersecurity Center of Excellence in Rockville, MD.
This workshop is targeted at any organization that creates, uses, or supports software – including, software vendors, tool providers and software consumers.
The SWID tag standard (ISO/IEC 19770-2:2015) which is being supported by supported by 1E as well as HP, IBM, Microsoft, Symantec, numerous US Governmental organizations and many other organizations is part of the overall answer to the tsunami of information most organizations are dealing with when it comes to software identification.
The standard, by itself does not resolve all cybersecurity issues, but it does provide an extremely strong foundation on which to build a number of solutions in the cybersecurity, compliance and logistics areas.
The National Institute of Standards and Technology (NIST) is hosting a free 2-day workshop in April to cover the specifics of what information software vendors need to provide to support Cybersecurity improvement. High level details of this workshop are:

  • The goal of the workshop is to assemble a broad audience of SWID tag creators, users, and stakeholders to actively participate in engineering-level discussions on various topics relative to SWID tags, including implementation challenges
  • The agenda will be comprised of technical topics culled from the guidelines within the NIST Interagency Report (IR) 8060, “Guidelines for the Creation of Interoperable Software Identification (SWID) Tags,” so it is recommended that participants attending the workshop be familiar with NIST IR 8060
  • Workshop will be held April 26-27, 2016, at the National Cybersecurity Center of Excellence (NCCoE) in Rockville, MD

You can sign up for the workshop here. For more detailed information, read this post on
1E Supports these efforts through our continued use of and support for the ISO ITAM standards (SAM Processes, SWID Tagging, Entitlement data and Resource Utilization Measurement standards). To learn more about 1E’s focus on helping customers automate their SAM programs, check out our Strategic SAM initiatives, or sign up for some of our upcoming SAM related webinars.


Digital Employee Experience (DEX) in the Enterprise: Progress, Patterns, and Gaps

DEX Report