[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some SWID Tag Resources



Here are some software identification (SWID) tag resources:

- Some general resources: https://scap.nist.gov/specifications/swid/

- NISTIR 8060 provides an overview of the capabilities and usage of 
SWID tags. It also provides requirements for SWID tags that enable 
various cybersecurity use cases.

http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8060.pdf

- There is the CoSWID draft nearing completion in the IETF which 
defines an alternate serialization to the SWID tag XML format to 
support devices that may require a smaller tag footprint.

https://datatracker.ietf.org/doc/draft-ietf-sacm-coswid/

- NIST has produced a Java-based command-line SWID tag validator based 
on NISTIR 8060 and ISO/IEC 19770-2:2015. This tool can also be invoked 
by API. I plan to open source the tool and the Decima library which 
provides the validation functionality.

https://scap.nist.gov/specifications/swid/ (under "SWID Tag Validation 
Tool")

Regards,
Dave


Page Last Updated or Reviewed: December 14, 2017