Understanding Software Discovery

By Ludmila Kantova

Software inventory plays critical role in Software Asset Management. You cannot manage what you cannot see. In this article I would like to guide you through the world of software discovery…

Software Product Versus Software Component
  • Software Product is identified by a marketing name. It represents vendor software license offerings and implies the rights to install and/or use a set of software components and terms and conditions governing their use. Software Product refers to things that are purchased.
  • Software Component is a program/application or set of programs that are installed on a computer system. Software components are not sold, ownership of software programs is retained by the manufacturer. Usage of software component is licensed. Software components are typically identified by software discovery tools.
Software Discovery Basic Terms

Let me first introduce basic terms used in software discovery:

  • Software Discovery: Detection, collection, and reporting of installed software components
  • Software Discovery Tool: Software application running on the scanned object for the purpose of collecting and providing information about the object
  • Software Signature: Unique data element or combination elements within an application that can be used for identifying the application
  • Software Discovery Catalog: Structured database, contains information about existing software manufacturers, products, components, component versions and related software signatures
Types of Software Discovery Tools

There are several types of software discovery tools, using different technologies in order to discover installed software components.

  • Data Collectors collect raw data based on predefined attributes. As a result of scan using data collector, large list of collected structured data is returned. One of the main advantages of data collectors is the fact that data catalog maintenance not required and output from data collectors have a user-friendly format. Main limitations of data collectors are the high demand on data exchange, time consuming analysis of raw data and the fact that data collectors only use simple signatures.
  • Catalog Based Software Discovery Tools use predefined software catalog containing software signatures. As a result of scan list of matched software signatures is returned. Some of the advantages are low demand on data exchange, agents can be configured for excluding files, hard drives and the ability to use complex signatures. Main limitations are the required catalog maintenance and the fact that component version is not discovered if signature is missing in the catalog.
Types of Software Signatures

There are four main types of software signatures.

  • File Signature is a basic type of signature, used by majority of software discovery tools. Consists of File name and File size/version. Typical candidate for File signature is an executable file that executes the application. Main advantages of file signatures are the fact that the file signatures can be used by all software discovery tools and that most software components consist of a file structure. Wrongly set file signature can cause miss identification which is seen as the main limitation of file signatures.
  • Filter Signature is a basic type of signature used by majority of software discovery tools. Consists of Filter/Package name and Filter/Package version. File signature is identified in software package information delivered to the system during software installation. Filter signatures can also be used by all software discovery tools and the main advantages is the accurate description of the application. Main limitation is regular catalog update requirement.
  • Common Inventory Technology (CIT) Signature is a special type of signature, technically defined in XML language. Set of conditions are defined within the signature which must be met to have software component returned as discovered. Main advantages are low risk of miss identification, applicability for all distributed platforms and use of wildcards which limits catalog update frequency. Only limited number of software discovery tools can use CIT Signatures.
  • Software Identification Tags (SWID tags) are XML files with *. swtag or *. swidtag extension. ISO/IEC 19770-2:2015 defines standard for tagging software to optimize its identification and management. A SWID tags producer can be part of the software manufacturer organization, the software licensor organization, or be a third-party organization. Software Identification Tags must contain, at minimum, software manufacturer, product title and product version. One of the main advantages is the data standardization. In addition to this benefit, most of software discovery tools can identify SWID tags. Only selected manufacturers produce software tags today, which is the main limitation. It must be understood that by using SWID tags you do not discover the real component, the file might exist, and the component might not, and vice versa.
Software Signature Identification Techniques

Base data for validation or building software signatures depend on platform and signature type. Common data sources for building software signatures are commands, registry dumps, packages, data collector extracts, unmatched registry entries from software discovery tools and program files in computer.

Other Software Discovery Options

Software manufacturers can use audit scripts to identify software features, users, editions. Obligation to provide audit script can be part of license agreement with software manufacturer. Selected discovery tools can execute these scripts or accept the script output.

For selected licensing metrics data from instance-based software discovery is not enough. Product specific reports are required to secure all required information, for example managed virtual machines, authorized users, managed devices.

Software discovery can be challenging but its accuracy is critical for success in Software Asset management.

About the Author