Software Life Cycle Management Standards

Software Life Cycle Management Standards: Real-world Scenarios and Solutions for Savings

DAVID WRIGHT
Copyright Date: 2011
Published by: IT Governance Publishing
Pages: 193
https://www.jstor.org/stable/j.ctt5hh4m1
  • Cite this Item
  • Book Info
    Software Life Cycle Management Standards
    Book Description:

    Software Life Cycle Management Standards will help you apply ISO/IEC 19770 to your business and enjoy the rewards it offers. David Wright calls on his vast experience to explain how the Standard applies to the whole of the software life cycle, not just the software asset management aspects. His informative guide gives up-to-date information using practical examples, clear diagrams and entertaining anecdotes.

    eISBN: 978-1-84928-205-5
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-4)
  2. FOREWORD
    (pp. 5-7)
    David Bicket

    David Wright has addressed an important topic with this book, providing a valuable resource for people involved in architecting and implementing the technologies of software management. David has written the book from the perspective of a real-world practitioner, and it should help other real-world practitioners understand and exploit the technology. Don’t read it for theory; read it for practical ideas and guidance.

    The technology is based on the ISO/IEC 19770-2:2009 software identification tag (SWID). This technology is starting to be adopted by many different software vendors and tool providers, but at the time of writing is still in the process...

  3. PREFACE
    (pp. 8-10)
  4. ABOUT THE AUTHOR
    (pp. 11-12)
  5. ACKNOWLEDGEMENTS
    (pp. 13-14)
  6. Table of Contents
    (pp. 15-17)
  7. INTRODUCTION
    (pp. 18-20)

    It seems to me that unless I can explain the ultimate goal and associated benefits that might be achieved by all that I describe in this book, there is really very little point in you reading on; so here is a simple statement that encapsulates all that the ideas expressed here aspire to:

    Quantifying the value delivered by software/SaaS and removing the ‘us versus them’ framework between publisher and customer in enterprise software commerce.

    I must say that if you don’t find this concept appealing and you are standing in a bookshop trying to decide if the book in your...

  8. CHAPTER 1: SOFTWARE ASSET MANAGEMENT: BOTH SIDES OF THE EQUATION
    (pp. 21-41)

    A software publisher rarely allows the software itself to be sold. The publisher sells rights, or entitlements, to use via the sale of licences. The risk to both the customer and the publisher is that software deployment and usage is very difficult to measure. Even the term usage is very difficult to define and must be described very specifically as part of the ‘right to use’ or licence.

    Such confusion can give rise to two dominant questions for the IT manager:

    1 Am I using more or less than I am entitled to?

    2 Am I optimising usage across all...

  9. CHAPTER 2: CURRENT APPROACHES IN BOTH PROCESS AND TECHNOLOGY
    (pp. 42-48)

    I am reluctant to dwell in detail on the topic of software management, especially the asset management aspect, for risk of sounding more like a critic and detractor than a promoter of technology. The truth is, the art of software management thus far has very much been exactly that; ‘art’.

    As with all art, the success of many of the tools has very much relied upon the artists handling them and there are some very fine practitioners in the field today. Again, at the risk of alienating people for whom I have a great deal of respect, I am not...

  10. CHAPTER 3: WHAT IS ISO/IEC 19770?
    (pp. 49-56)

    It may be apparent that I have avoided using the term SAM to a large extent in this book. This is deliberate on my part since, as I have mentioned earlier, I regard SAM as only one component of software life cycle management, a component largely in the domain of the software consumer.

    While ISO/IEC 19770 came about largely as a result of the problems faced by SAM practitioners, from my own point of view the impact of the standards is greater and their use can benefit many aspects of the software life cycle. I hope that, overall, this book...

  11. CHAPTER 4: INTRODUCTION TO THE SWID TAG
    (pp. 57-65)

    It is important to understand that classic tagging only indicates the raw functional model deployment in general. Therefore it may offer only part of the business rules of deployment in many cases since the overall licensing model, which may go beyond simple functionality, may not be detectable.

    This part of ISO/IEC 19770 was developed in order to provide a software data standard for software/software component tagging. This is the process by which digital identification (SWID tag) is made to contain information about a given software configuration and the items or components it contains, so as to best facilitate deployed software...

  12. CHAPTER 5: IMPLEMENTATION OF THE ISO/IEC 19770-2 PROCESS
    (pp. 66-73)

    Data input into tagging fields must maintain consistencies that optimise the software detection processes for discovery tools, SAM and other software life cycle management owners alike. For example, it is recommended that, if possible, software manufacturers should maintain consistency in the manufacturer name field within any given product line. Although this document does not require consistency in the manufacturer name field for operating systems, uniformity is strongly urged.

    Acknowledging that some resellers may only ship pre-manufactured media and therefore find tag modification difficult or impossible, this document proposes three possible implementation alternatives to allow for, or preclude the necessity of,...

  13. CHAPTER 6: THE ISO/IEC 19770-2 SWID TAG DATA FUNDAMENTALS
    (pp. 74-98)

    Although derived from actual use and application of the standard in my own experience, the section below does not stand alone in providing complete information on SWID content and structure. I recommend that as you read through this, you refer to the official standards document, ‘Information technology – Software asset management – Part 2: Software identification tag’, ISO/IEC 19770-2:2009(E).

    As described earlier, there should be a tag designed for each software component or licensable function. In order to comply with basic ISO/IEC 19770-2 standards, the following elements must be included.

    This element is a Boolean tag that indicates if an...

  14. CHAPTER 7: SWID TAG CERTIFICATION REQUIREMENTS
    (pp. 99-120)

    In the US, the current body offering regulation and assistance in tagging standards is TagVault.org. The stated mission is as follows:

    TagVault.org is the neutral not-for-profit certification authority for software tagging, primarily focused on software identification tags (as specified by ISO/IEC 19770-2) and software entitlement tags (as specified by ISO/IEC 19770-3). By providing a trusted certification process for software identification and software entitlement definitions to software publishers, tool providers, and end-users, the expensive and complicated issue of software asset governance/compliance will be greatly simplified.

    TagVault.org will:

    1 Certify software products and software publishers that provide 19770-2, 19770-3 or other software...

  15. CHAPTER 8: ISO/IEC 19770-3 CONSIDERATIONS
    (pp. 121-145)

    ISO/IEC 19770-3 will provide a standard to specify the structure of software entitlement tags. Software entitlement ID tags are XML data structures that provide authoritative identifying information about software licensing rights. In ‘Candide’s ideal world’, the degree of an organisation’s software licence compliance configurations will be demonstrated when 19770-3 entitlement tags are reconciled with 19770-2 SWID tags.

    If you detected some of Voltaire’s satirical edge in my statement above, you will not be surprised, given my earlier description of the fuzzy rules when interpreting the information delivered by SWID tags.

    The dream of automating reconciliation is still difficult to achieve...

  16. CHAPTER 9: SOFTWARE FEATURE DESIGN RELATED TO SWID/SWEID TAG MANAGEMENT FOR TAG CREATORS AND MODIFIERS
    (pp. 146-174)

    Figure 49 is a reminder of our life cycle. The first step in the cycle involves the process described in the following sections.

    Figure 50 is an example of the functional sequence that might be followed by a software publisher/OEM that is defining a new product.

    A similar sequence might also be followed if the publisher/OEM has already released a product, but wishes to either:

    simply offer an application patch that updates the installation with SWID tags; or

    include application changes that require patching concurrently with updating the new patched version with SWID tags.

    The example sequence shows the use...

  17. CHAPTER 10: SWID AND SWEID TAG MANAGEMENT FOR CONSUMERS
    (pp. 175-186)

    Figure 54 is a reminder of our life cycle. The third step in the cycle involves both the publisher/creator as well as the consumer. The publisher delivers both SWID and SWEID tags; the consumer receives them.

    The SWEID tag may be recorded directly into some form of entitlement database, an example of which is shown in Figure 55.

    The task requires that:

    the publisher issues SWEID tags as per the standard and delivers them in a manner in which the consumer may accept them

    the consumer has the process and supporting infrastructure to process SWEID delivery.

    SWID tags of the...

  18. APPENDIX: ISO/IEC 19770-2:2009 XML SCHEMA DEFINITION (XSD)
    (pp. 187-187)
  19. GLOSSARY
    (pp. 188-190)
  20. ITG RESOURCES
    (pp. 191-193)