Software Identification and Entitlement Tracking Using Blockchain Technology

Abstract

This research assessed the applicability of blockchain technology to a registry for software asset management data aligned with the requirements of the International Organization for Standardization (ISO). ISO has developed a series of standards that specify data formats and practices for digital tags to help track software assets, but to date, adoption of the standards have been slow, and tools to improve tag deployments and utilization have not yet become widespread. To assess the potential for blockchain technology to catalyze the emergence of capabilities based on software tagging, this investigation involved a design and proof of concept implementation of a software tagging registry based on blockchain technology. The preliminary research suggests that blockchain technologies could be very effective at enabling much higher degrees of security and automation for software tracking. Blockchains have proven highly effective for environments with high security demands, with low trust, and that require a full enumeration of all past changes. These traits closely match the characteristics of a software tag registry, namely a need for a transparent, publicly accessible, high-availability, platform to share tags in an environment with diverse methods for determining trust. The proof of concept was implemented using a Hyperledger Fabric blockchain platform, which was mostly successful. However, the exercise revealed several key weaknesses of the Hyperledger Fabric blockchain implementation for that application. These weaknesses were specific to the Hyperledger Fabric implementation of blockchain, and do not apply to blockchain technologies in general. The research and proof of concept indicated that using blockchain to implement a software tagging registry is a viable approach, but that development of a full registry would likely require a different blockchain implementation than the one used in this proof of concept.