SWID - Software Identification Tagging
Software identification tags (SWID tags) record unique information about an installed software application, including its name, edition, version, whether it’s part of a bundle and more. It’s an XML file that’s installed alongside software, and which uniquely identifies the software, providing data for software inventory and asset management.
See also: CPE - Common Platform Enumeration and CoSWID - Concise Software Identification Tags
SWID and CoSWID are regulatory responses to certain dissatisfaction with CPE. The issue with CPE was that it pushed the burden of software identification on the software consumers or NIST (as their representative). SWID is designed to push the responsibility to software producers instead. However, there is no political will to mandate it.
Look, this kind of thing tends to be all or nothing. Either all software is tagged, or it is not.
Key Online Resources
- SWID, Project Homepage [Online, 2024-04-03]
- ISO/IEC 19770-2:2015, Information technology - Software asset management - Part 2: Software identification tag, [Published: October 2015, Updated: March 2017]
- RFC: 9393, Concise Software Identification Tags (CoSWID) [Published: June 2023]
- Open Source Tooling for generating SWID tags from RPMs, Github Organization [Online, 2024-04-03]
- NIST IR 8085, Forming Common Platform Enumeration (CPE) Names from Software Identification (SWID) Tags [Published: December 2015]