Software ID Tags
132 views | +0 today
Follow
Your new post is loading...
Your new post is loading...
Scooped by Steve Klos
Scoop.it!

IBM Wants You To Ask For SWID Tags!

IBM Wants You To Ask For SWID Tags! | Software ID Tags | Scoop.it
Multiple organizations are working with TagVault.org and ISO to utilize SWID tags in their own standards efforts. More documents from other standards groups are also on the way... Now is the time to get involved.
Steve Klos's insight:

Read IBM's perspective on SWID tags and what they are telling customers to do about these data requirements today.

The IT Automation Newsletter covers numerous updates on what's happening with SWID tags in the Software Market. 

more...
No comment yet.
Scooped by Steve Klos
Scoop.it!

Provide Direct Feedback to the National Cybersecurity Center of Excellence! | TagVault.org

Provide Direct Feedback to the National Cybersecurity Center of Excellence! | TagVault.org | Software ID Tags | Scoop.it
Steve Klos's insight:

Inlude your voice in this important effort to provide better security processes to critical infrastructure systems!

more...
No comment yet.
Scooped by Steve Klos
Scoop.it!

ISO 19770 Meeting – Dublin, October 2013

ISO 19770 Meeting – Dublin, October 2013 | Software ID Tags | Scoop.it
I recently joined WG21 which is the working group within ISO (International Standards Organisation). The group has been working to create standards around the field of IT Asset Management.
Steve Klos's insight:

Welcome to 1e - the newest member to the ISO community working on SAM standards.  Clearly, they are coming up to speed very quickly!

more...
No comment yet.
Scooped by Steve Klos
Scoop.it!

Amazon's Bezos to buy 'Washington Post' for $250M

Amazon's Bezos to buy 'Washington Post' for $250M | Software ID Tags | Scoop.it
Amazon founder Jeff Bezos to buy 'Washington Post.'
Steve Klos's insight:

Talk about an effective lobbying investment!  Not sure how much is spent on 'K' street lobbiest, but I could see this as lowering overall lobbying costs. The ability to communicate and directly influence Washington insiders via the local paper is likely a very good business investment.

Now the question - will Bezos put it to positive use, or simply become an alternative to 'K' Street? 

more...
No comment yet.
Scooped by Steve Klos
Scoop.it!

Critical Control 2: Inventory of Authorized and Unauthorized Software

Critical Control 2: Inventory of Authorized and Unauthorized Software | Software ID Tags | Scoop.it
Steve Klos's insight:

FISMA Top 20 Critical Security Controls - what do you need to do to keep your systems secure?

 

Item 10 under this control:-- Deploy software that only provides signed software ID tags. A software identification tag is an XML file that is installed alongside software and uniquely identifies the software, providing data for software inventory and asset management.

more...
No comment yet.
Scooped by Steve Klos
Scoop.it!

Hackers take advantage of Bash Shellshock bug as developers rush to patch

Hackers take advantage of Bash Shellshock bug as developers rush to patch | Software ID Tags | Scoop.it
Apple plays it down, security companies say panic
Steve Klos's insight:

It continues to be clear to me that problems like Heartbleed and Shellshock exploits will be around for eternity - why - because there is no direct link between software inventory and patch information that is currently provided in any standardized fashion.  See the following for more details on Heartbleed 6 months after the widespread news of the problem see this story - http://www.bloomberg.com/news/2014-08-27/heartbleed-hack-still-a-threat-six-months-after-discovery.html. ;

 

I'm working to change that through the efforts I'm making with the software identification standard and in my efforts with TagVault.org.  The US Federal Government understands this problem quite well and they are now working to help resolve this problem (identifying patch relationships like this is just as big an issue for the US Gov, or any other enterprise as it is for Internet focused web servers).

 

We may well see more automation to highlight vulnerable systems in my lifetime!  It's absolutely clear to me that the only way we can fix this problem is through the software industry using international standards that provide authoritative software identification (directly from the vendor) as well as information that allow organizations to identify patch requirements using only inventory data.  If you're interested in geeking out over the work I've been dedicated to over the last 5 years that can help resolve these issues, have a look at http://tagvault.org.

more...
No comment yet.
Scooped by Steve Klos
Scoop.it!

Announcing the 2013 IAITAM Fellow Inductees

Announcing the 2013 IAITAM Fellow Inductees | Software ID Tags | Scoop.it

IAITAM plays a prominent role in guiding IT Asset Management best practices and industry direction. Our global members drive best practices. Industry experts, and leaders with foresight, emerge from within our membership base who can positively influence and extract improvements as business demands evolve.  
 
The IAITAM Fellow designation recognizes these leaders. Receiving the recognition of being an IAITAM Fellow is not only a reflection of personal achievement, but it also highlights those leaders from the ITAM community who have achieved a substantial level of understanding of the ITAM industry. These individuals are advocates within their own environment for the advancement of ITAM industry best practices and are willing to assist IAITAM and its Members around the world in advocating best practices in asset management.  The Fellowship designation is awarded to those individuals who have gone above and beyond to provide thought leadership to move the industry forward and have contributed positively to the IT Asset Management profession.

Steve Klos's insight:

Not quite directly related to SWID tags, but certainly related to the efforts TagVault.org is making to unify efforts in the software identification space!

Congrats go to Barbara and Heather for being recognized by IAITAM for their above and beyond efforts in the IAITAM space!  The recognition is certainly well deserved! 

more...
No comment yet.
Scooped by Steve Klos
Scoop.it!

Trusted Computing Group - Community - TCG Releases Spec for Endpoint Compliance Profile for Public Review

The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces,...
Steve Klos's insight:

SWID Tags provide enhanced data that enables better network security

 

The Trusted Computing Group (TCG) released new specifications for public review – the comment period for these specifications is open until Oct 22.  If you work in network security in particular the management of networked computing devices, are interested in the work done by the Trusted Computing Group, or are curious about how SWID tags provide enhanced data for security needs, please review these new specifications targeted at end-point security management and provide your feedback.  In particular, these specifications are designed to enable network operators to enforce policies regarding endpoint integrity when granting access to a network infrastructure.  A key element of this set of standards that differentiates it from other approaches is the fact that it’s based on international standards and supports interoperability and the reuse of discovery data.

 

The specifications were created in support of its Trusted Network Connect Endpoint Compliance Profile. The Endpoint Compliance Profile describes a profile of TNC standards and capabilities that is optimized for collecting specific types of endpoint identity and state information and retaining this information over time in a searchable repository.

 

One of the specifications in this suite is the new SWID Message and Attributes for IF-M specification. This specification standardizes how SWID tag information can be requested by a Policy Decision Point and returned by an endpoint. The specification also describes how an endpoint can actively monitor its SWID tag collection for changes and push reports to a Policy Decision Point if a change is detected.

 

All of the Endpoint Compliance Profile specifications are open for public review and comment through October 22. In particular the TagVault.org and SWID communities should review and comment on the SWID Message and Attributes for IF-M specification to ensure that it aligns with their usage models. Following the public review period the specifications will be revised and published in final form. Feedback on any of these specifications is greatly appreciated.

 

For more information about TagVault.org, please visit their website – www.tagvault.org.

For more information on the Trusted Computer Group, please visit their website - www.trustedcomputinggroup.org

more...
No comment yet.
Scooped by Steve Klos
Scoop.it!

Atul Gawande: How Do Good Ideas Spread?

Atul Gawande: How Do Good Ideas Spread? | Software ID Tags | Scoop.it
In the era of the iPhone, Facebook, and Twitter, we want frictionless, “turnkey” solutions to the major difficulties of the world. We prefer instructional videos to teachers, drones to troops, incentives to institutions.
Steve Klos's insight:

Some ideas make sense, but take time to spread - especially those that do not have an instantaneous benefit.  This article is focused on health practices, but is applicable in so many different areas.  Sometimes, even good ideas just require perseverance.

more...
No comment yet.