Skip to main content

A reality check for software recognition

By Axel Nordman | August 24, 2015

Axel Nordman, Global Manager of Snow's Software Recognition Service, discusses the realities of software recognition If you are involved in Software Asset Management, you’ll understand the importance of software recognition and the significant legwork that can be involved in manually interpreting raw executable files and reconciling them against the exact versions and editions of software installed across the network.

It’s a well-recognized (if not fully understood) challenge and so there’s no surprise that there have been a number of efforts to make life easier for the SAM manager. One example might be the ISO 19770-2 standard for Software ID (SWID) Tagging, which established specifications for tagging software to optimize its identification and management.

This means that, in theory (and there’s a caveat, as I’ll discuss in a moment), when installing a new application into an IT environment there is a small xml file embedded with it that becomes the identity tag for the software. These SWID tags record unique information about an installed software application, including its name, publisher, edition, version, whether it’s part of a bundle and more besides – basically everything that you would need for its recognition. 

If you haven’t seen a SWID Tag before, it looks something like this:


Image removed.  



Today a number of major publishers such as Adobe, Microsoft and Symantec use these SWID Tags on new software that they release.  

However, this only applies to recent titles and versions and the standard is still far from fully-adopted by the software publisher community. 

The wide availability of software (both freeware and commercial) to create SWID Tags is also potentially as harmful as it is helpful (the format of the standard might be consistent, but the information contained within each tag certainly isn’t!). So in theory, the SWID Tag is a great idea and could be one way to achieve 100% software recognition across your IT estate. If you had complete control and every application was deployed complete with a SWID Tag.

Unfortunately, life isn’t like that. Shadow IT is growing and is unstoppable, with Gartner predicting that almost 90% of technology spending will occur outside of the IT department by the end of the decade. This relentless rise of employees finding and installing their own software for work makes it an impossible challenge to only rely on SWID Tags as the single source of software recognition.

This isn’t to say SWID Tags are useless. Far from it. But in the real world, there are two serious obstacles they first need to overcome before they can be relied on to provide even 50%, yet alone 100%, software recognition accuracy across the network:

  1. Most of your software estate and most of your software publishers simply don’t use them… yet.
  2. The ability to write organization-specific SWID Tags is actually a challenge, rather than a help, to building technologies that can interpret SWID Tags into a normalized and accurate inventory repository

Dealing with the here & now of software recognition

Moving forward, ensuring as much software as possible is installed with a SWID tag (preferably one set by the software publisher itself) has to be a good thing. Our Snow Inventory clients already have the capability to support the reading of SWID tags where present. But Snow doesn’t rely on SWID Tags, or even static software signature libraries to provide its customers with the best software recognition possible.

The Software Recognition Service provides a fast and efficient way to recognize applications old and new across all major enterprise IT platforms: Windows, Mac OS X, Unix and Linux. The Software Recognition Service provides a continually-updated library of software recognition ‘signatures’ which today has more than 289,000 applications in its catalog of commercial software from nearly 43,000 (normalized) publishers.  

Snow customers benefit from nightly updates, so there’s little or no wait for the latest signatures to be applied when reconciling the software inventory.

Indeed, over the past three months more than 20,000 applications have been added by our Software Recognition teams in Stockholm, Sweden and Austin, Texas. So while hypothetically you can achieve 100% recognition with SWID tags, it’s extremely unlikely that every application in your environment will have a SWID tag embedded. 

Until the day that SWID Tags do finally become ubiquitous, it’ll remain necessary to rely on other means for your software recognition.

To learn more and understand what software you have installed in your environment, speak to a Software Recognition expert at Snow today.

You May Also Like

Product-Led Growth and Why ITAM Shouldn't Be Afraid of It
Product-Led Growth and Why ITAM Shouldn't Be Afraid of It
Learn why product-led growth is growing like wildfire among software vendors today.
Read More
Snow’s Approach to Security and the Use of Bug Bounties
Snow’s Approach to Security and the Use of Bug Bounties
Discover how our program encourages security researchers to help refine and improve Snow products.
Read More
Study: Reaping the Benefits of Cloud Begins With Facing the Realities
Study: Reaping the Benefits of Cloud Begins With Facing the Realities
We polled more than 500 IT leaders from organizations in both the US and UK to better understand the current state of cloud infrastructure within the enterprise.
Read More