ISO is the international standards organization – most well known I suspect for the ISO 9000 quality certification, but active in lots of other areas as well. I noticed today an article in which ISO announced that they are preparing a standard for software asset management. Their web site does not have a lot of detail at this point, but the fact that they are actively pursuing this area is important. My reading of this is that they are addressing the acquisition and license management of commercial software – i.e. “How many copies of Microsoft Office do I have and did I pay for all of them?” Obviously this is an important question to vendors of commercial software.
But there is a larger impact as well – done properly, this may lead to a more standardized way to identify software – and not just commercial software. Most organizations today are already in the “mixed code” zone. In other words, they use software from many sources – some commercial, some open source. And there are many motivations to answer the question, “What's in my code?” – IP, security, vulnerability, etc.
We proposed last year the concept of IP Ingredients – a way to label the ingredients of software that is analogous to food labeling. Admittedly this is not exactly what the ISO initiative seems to be about at this point. But as the industry progresses toward a view that software is an asset, and needs to be acquired, maintained and used much like other assets, having some standards to assist would be welcome.