ISO 19770 Software Tagging: Opportunity or Roadblock? October 2010
Dec 27, 2015
ISO 19770 Software Tagging:Opportunity or Roadblock?
October 2010
Who We Are
Dextrys is a global provider of product engineering and application outsourcing services Headquartered in Wakefield, MA
US-based management and client support
China-based service delivery
A top ranked U.S.- Chinese IT servicesbusiness Ranked #2 by Global Services 100 as a
top company to watch in emerging Asian Markets
Ranked #1 in China by the Black Book of Outsourcing
Ministry of Commerce
2008 Best business model of the China Outsourcing services industry
2008 China Top 10 Outsourcing Industry Leader
Owned by Francisco Partners Acquired in August 2007 to capitalize on the massive China growth
opportunity
Why was the ISO/IEC 19770 tagging standard created?
Traditional Software Asset Management has failed Poor solutions, poor implementations, complex
processes Lack of participation by vendors
Result: Industry continues to make heavy use of audits, alienating customers Vendors don’t know what they’ve sold Customers don’t know what they bought, what they use, nor whether they are in compliance
The ISO/IEC 19770 Family of Standards
ISO/IEC 19770-1:2006SAM Best Practices
ISO/IEC 19770-2:2009Software ID Tagging Standard
ISO/IEC 19770-3 (under development)Software Entitlements Tagging
Standard ISO/IEC 19770-4 (under
development)Phased approach to adoption of -1
best practices
ISO/IEC 19770-2 Software Tags
MANDATORY
Product Title Product Version Software Creator Software Licensor Software Unique
ID Tag Creator Entitlement
Required?
OPTIONAL
• Product Category (UNSPSC)
• Components of a suite
• Previous product names
• License linkage• Application or
vendor-specific extensions
DoD/GSA Endorsements
Requirement: Software Tagging: Unless modified by delivery order, commercial-off-the-shelf software products released for production after January 1, 2011 shall include a software identification tag that conforms to the International Standard for Software Identification Tagging, ISO/IEC 19770-2:2009. The minimum level for software identification tags required by this procurement is to provide the specified mandatory elements as designated by ISO/IEC 19770-2:2009 and provide optional elements as may be designated by the delivery order.
Guidance: Software Tagging: ISO is in the process of developing a Software Asset Management (SAM) standard that specifies how software entitlements should be identified in an electronic format. ISO/IEC 19770-3 is currently in draft form. Once the standard is finalized and published, commercial-off-the-shelf software items shall support the delivery of software entitlement information by utilizing the ISO/IEC 19770-3 standard.
U.S. Air Force NETCENTS-2
Replaces existing NETCENTS contracts $24.2B contract over 5-7 years Direction is to acquire net-centric products to support Air
Force Enterprise IT Policy Requires ISO/IEC 19770-2 conforming SWID tags within 6
months Applies to all new titles, editions, versions, upgrades, patches
or maintenance releases Vendors do not have the infrastructure need to respond to this
requirement
TagVault.org Overview
8
TagVault.org is a 501(c) 6 program formed under IEEE-ISTO (Industry Standards and Technology Organization)
TagVault.org is a 501(c) 6 program formed under IEEE-ISTO (Industry Standards and Technology Organization)
• Certification and registration authority for software identification tags
• Non-profit• Member driven• Industry trusted
• Supporting the SAM Eco-system– Certification process– Software tag repository– Software tools and services– Software ID tag best practices– Software tool source code
available
TagVault.org: Secure & Authoritative Software ID
9
• Services– Specifications & Training – Normalization & Validation– Repository – Structured procurement policy for purchasing organizations
• Working Groups – setting the stage for market transformation
• Market Adoption
GSA Working Group Data Value Registration
End-user SWID tag defns Community Forums
Publisher use of tags Repository API/Arch
GSA/DoD Support & Reqs IDC Publisher Note
Best use of Tags Contest Executive Order #13103
AF NETCents2 RFP GSA Draft language
Publishers delivering tags(Adobe and Symantec)
Purchasers requiring tags (RFP negotiation points)
An integrated, turnkey solution allowing: Your software products and business practices to conform
to the ISO/IEC 19770-2 standard In partnership with your customers, provide valuable
information on consumption and usage of your products Based upon:
Leading edge ISO/IEC 19770 standards based products:
<VeriTag> Publisher<VeriTag> Enterprise
The Dextrys VeriTag Solution
<VeriTag> Publisher
<VeriTag> Publisher Environment(LAMP)
<VeriTag> Publisher Environment(LAMP)
SWID Tag Creation
and Modificatio
n
SWID Tag Creation
and Modificatio
nSWID Tag
and Prototype
Audit History
and Reporting
SWID Tag and
Prototype Audit
History and
Reporting
SWID Tag Prototype Database
SWID Tag Prototype Database
SWID Tag Instance Database
SWID Tag Instance Database
Product Configuration
s and Footprints
Product Configuration
s and Footprints
Corporate Information and Application Role
Permissions(User, Department,
Location, etc.)
Corporate Information and Application Role
Permissions(User, Department,
Location, etc.)
Publisher Operational
Delivery Infrastructure
(ERP, E-Commerce, ESD
Systems)
Publisher Operational
Delivery Infrastructure
(ERP, E-Commerce, ESD
Systems)<VeriTag> Publisher
DB Manageme
nt
<VeriTag> Publisher
DB Manageme
nt
<VeriTag> Publisher Application AdminOperational Licensing SpecialistProduct Release Specialist
An end-to-end solution for Publishers building software tagging into their infrastructure
<VeriTag> Enterprise
Customer/End User EnvironmentCustomer/End User Environment
SWID Tag Deployment
and Modification
SWID Tag Deployment
and Modification
Deployment
Instance Usage and Lifecycle History
Reporting
Deployment
Instance Usage and Lifecycle History
Reporting
Deployment Instance Database
Deployment Instance Database
Product Entitlement Database
Product Entitlement Database
Deployed Product
Configurations and Footprint
Database
Deployed Product
Configurations and Footprint
Database
Deployment Administration and Application
Role Permissions
Database(User,
Department, Location, etc.)
Deployment Administration and Application
Role Permissions
Database(User,
Department, Location, etc.)
Enterprise Operational
Software Deployment
Infrastructure(InstallAnywhere, MSI, Synaptic,
etc.)
Enterprise Operational
Software Deployment
Infrastructure(InstallAnywhere, MSI, Synaptic,
etc.)
<VeriTag> Enterprise DB Management
and Reconciliation
Reporting
<VeriTag> Enterprise DB Management
and Reconciliation
Reporting
<VeriTag> Enterprise Application AdminIT Installation/Support TeamSoftware Acquisition/Purchasing Team
Enterprise Purchasing Transaction
System
Enterprise Purchasing Transaction
System
An end-to-end solution for Enterprises to manage software tags across multiple vendors
Benefits of ISO/IEC 19770 in SAM/ITAM
Software Publisher /
ISV
Enterprise and
Government Customer
OEM / Partner
Reduced cycle time and cost for entitlement reconciliation process
Increase in Return on Software Assets by reducing “shelfware”
Provides information that can be used to indicate True Business Value
Reduced Costs for development of compliance tools and simplified compliance processes
Reduced revenue leakage from over-deployments (Publisher); SW tagging service (Service Provider)
Important Questions for You…
Are you one of the publishers working with the GSA and DoD ?
If not, can you afford to lose Federal Government business because you are late to the table ?
Do you want to develop the practice and technology yourselves, especially if doing so makes you even later to the table ?
Are your competitors already ahead of you ? Or can you leverage this technology to a clear
advantage in order to further differentiate yourself from the competition ?
How long will it be before the private sector follows the GSA and DoD with the same mandate ?
Revisiting the Questions…
Q & AQ & A
16
Contact Information
Bob Kramich, EVP Global Solutions, Dextrys C/ 978-764-3690 [email protected]
David Rowley, President, Veritag Software [email protected]
This webinar has been recorded and will be posted on www.dextrys.com
Also available: a free whitepaper on ISO 19770