ISO/IEC 19770-2, TagVault.org and CPE information

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ISO/IEC 19770-2, TagVault.org and CPE information

steveklos

Folks,

 

I’m very new to this distribution list.  Normally, I would read up on postings prior to posting one myself as I know for a fact that there is quite a bit of shared knowledge from this list that I have not yet had the opportunity to learn from.  Having said that, I’ll make an initial post introducing myself and we’ll go from there.

 

My name is Steve Klos.  I was the convener of the ISO/IEC 19770-2:2009 standard that defines software identification tags.  As the standard was going through its final stages of ISO process towards publication, three companies – Symantec, CA and ModusLink OCS came together to form a non-profit organization called TagVault.org which is formed as a program of IEEE-ISTO.  Once the organization was formed, the board of directors asked me to initiate the lead for the organization as the executive director.  For those of you not familiar with IEEE-ISTO, the ISTO stands for for Industry Standards and Technology Organization and their main role in life is to facilitate non-profit programs that are of interest to a set of market players and can be created to develop standards, or as the case with TagVault.org to bring a standard to market in a more rapid and consistent fashion (see www.ieee-isto.org for more details on ISTO, or www.tagvault.org for more details on the TagVault.org program).

 

At the highest level, the 19770-2 standard focuses on providing authoritative software identification data grouped into 7 mandatory elements, 30 optional elements and provides for extensions to the schema.  The standard is primarily focused on software identification data required for authoritative software discovery that is used for Software Asset Management processes.  Having said that, there are design implications included in the standard to facilitate a number of additional capabilities including file level provenance details and XMLDSIG based digital signatures of data elements.  

 

TagVault.org is providing registration and certification services allowing software publishers to utilize normalized values, ensure consistency of self-reported information (i.e. company name) and provide the data with a digital signature that can be independently validated.  TagVault.org also provides its members with tools, services and documentation to make the tagging process easier, faster and significantly more reliable.

 

I am interested in how TagVault.org can work with the CPE efforts…  I see many different possibilities, but I need to learn more about the CPE efforts before proposing any suggestions/ideas/methodologies.

 

I’m working with Paul Cichonski of NIST to setup presentations so I may learn more about the CPE efforts to date as well as whatever is possible to know about the roadmap.

 

I’d like to learn a bit more about who is part of this distribution list as well as to have a look at the roadmap and design details for the CPE v2.3 efforts that were referred to in the e-mail I saw from Seth (I missed Brant Cheikes original post to this distribution list).  Finally, I’d like to find out if there is a publically available repository where e-mails to this list are archived – it may help me come up-to-speed faster.

 

Looking forward to working with a number of you on the potential integration of TagVault.org certified tag process with the CPE efforts already underway.

 

I’m happy to receive e-mails directly – especially for information that has already been posted to this list – if you could include the words “CPE Info” in the subject, it will help me greatly in my daily inbox triage efforts.  If the information has previously been posted, can you please let me know that as well as if there were discussions around any particular topics?  If I know the details of what has already been posted and discussed, it will ensure I don’t populate everyone’s in-box with duplicate information.

 

I’m looking forward to learning more about the CPE program and efforts to-date!

 

Regards,

 

Steve Klos

Executive Director

TagVault.org

www.tagvault.org

Office:  732.562.6031

Cell:       408.202.1900

Reply | Threaded
Open this post in threaded view
|

Re: ISO/IEC 19770-2, TagVault.org and CPE information

Smith, Robert J Mr NII/DoD-CIO
Classification: UNCLASSIFIED

Steve,

I would recommend that you touch base with the following POCs:

David Waltermire
[hidden email]
301-975-3390

Lt Col Joseph L. Wolfkiel
Director, Computer Network Defense Research & Technology (CND R&T) Program
Management Office
[hidden email]
Commercial 410-854-5401 DSN 244-5401

Andrew Buttner
[hidden email]
781-271-3515

R/
Bob

____________________________________________________________________________
_______
"Life is a coin, you can spend it anyway you wish, but you can only spend it
once."
____________________________________________________________________________
_______

Robert J. Smith
Program Manager - DoD IT Asset Management
DoD CIO / Portfolio Mgmt & Enterprise Infrastructure
201 12th Street South
Crystal Gateway North, Suite 501
Arlington, VA 22202-4301
COM: (703) 601-4729 ext 124
BB: (571) 309-4941
FAX: (703) 601-4738
Email: [hidden email]


-----Original Message-----
From: Steve Klos [mailto:[hidden email]]
Sent: Tuesday, April 27, 2010 5:33 PM
To: [hidden email]
Subject: [CPE-DISCUSSION-LIST] ISO/IEC 19770-2, TagVault.org and CPE
information

Folks,

 

I'm very new to this distribution list.  Normally, I would read up on
postings prior to posting one myself as I know for a fact that there is
quite a bit of shared knowledge from this list that I have not yet had the
opportunity to learn from.  Having said that, I'll make an initial post
introducing myself and we'll go from there.

 

My name is Steve Klos.  I was the convener of the ISO/IEC 19770-2:2009
standard that defines software identification tags.  As the standard was
going through its final stages of ISO process towards publication, three
companies - Symantec, CA and ModusLink OCS came together to form a
non-profit organization called TagVault.org which is formed as a program of
IEEE-ISTO.  Once the organization was formed, the board of directors asked
me to initiate the lead for the organization as the executive director.  For
those of you not familiar with IEEE-ISTO, the ISTO stands for for Industry
Standards and Technology Organization and their main role in life is to
facilitate non-profit programs that are of interest to a set of market
players and can be created to develop standards, or as the case with
TagVault.org to bring a standard to market in a more rapid and consistent
fashion (see www.ieee-isto.org for more details on ISTO, or www.tagvault.org
for more details on the TagVault.org program).

 

At the highest level, the 19770-2 standard focuses on providing
authoritative software identification data grouped into 7 mandatory
elements, 30 optional elements and provides for extensions to the schema.
The standard is primarily focused on software identification data required
for authoritative software discovery that is used for Software Asset
Management processes.  Having said that, there are design implications
included in the standard to facilitate a number of additional capabilities
including file level provenance details and XMLDSIG based digital signatures
of data elements.  

 

TagVault.org is providing registration and certification services allowing
software publishers to utilize normalized values, ensure consistency of
self-reported information (i.e. company name) and provide the data with a
digital signature that can be independently validated.  TagVault.org also
provides its members with tools, services and documentation to make the
tagging process easier, faster and significantly more reliable.

 

I am interested in how TagVault.org can work with the CPE efforts.  I see
many different possibilities, but I need to learn more about the CPE efforts
before proposing any suggestions/ideas/methodologies.

 

I'm working with Paul Cichonski of NIST to setup presentations so I may
learn more about the CPE efforts to date as well as whatever is possible to
know about the roadmap.

 

I'd like to learn a bit more about who is part of this distribution list as
well as to have a look at the roadmap and design details for the CPE v2.3
efforts that were referred to in the e-mail I saw from Seth (I missed Brant
Cheikes original post to this distribution list).  Finally, I'd like to find
out if there is a publically available repository where e-mails to this list
are archived - it may help me come up-to-speed faster.

 

Looking forward to working with a number of you on the potential integration
of TagVault.org certified tag process with the CPE efforts already underway.

 

I'm happy to receive e-mails directly - especially for information that has
already been posted to this list - if you could include the words "CPE Info"
in the subject, it will help me greatly in my daily inbox triage efforts.
If the information has previously been posted, can you please let me know
that as well as if there were discussions around any particular topics?  If
I know the details of what has already been posted and discussed, it will
ensure I don't populate everyone's in-box with duplicate information.

 

I'm looking forward to learning more about the CPE program and efforts
to-date!

 

Regards,

 

Steve Klos

Executive Director

TagVault.org

www.tagvault.org <http://www.tagvault.org>  

Office:  732.562.6031

Cell:       408.202.1900


smime.p7s (16K) Download Attachment