View the original version of this article on LinkedIn
An introduction from Shane Coughlan, General Manager at OpenChain Project:
Our colleagues over at Software Heritage have long worked towards creating a universal archive of all software. Part of this work relates to identifying software effectively, and to accomplish this they developed the SoftWare Hash IDentifier specification, which has now been released an international standard. You will find it as ISO/IEC 18670 via the ISO website.
Because of the potential of this new standard to positively impact the global open source supply chain, and to help address compliance matters of all types, we want to ensure our community is fully aware of the release, its meaning, and how to learn more.
A few words from Roberto Di Cosmo, Director at Software Heritage:
A major milestone has been reached in the landscape of digital infrastructure: the Software Hash Identifier (SWHID) has officially been published on April 23rd 2025 as the ISO/IEC international standard 18670! 🎉 🔗 Official ISO Listing 📘 Free Public Specification
A Universal Identifier for Software
Inspired by well established practice in distributed software development, almost ten years ago Software Heritage created a “Software Heritage Identifier” that is used in its archive to track over 50 billion software artifact. Today, this identifier schema has now grown into a globally recognized, community-driven standard. Rebranded as the Software Hash Identifier, SWHID is designed for universal adoption across archives, regulatory frameworks, research, industry, and beyond.
This name shift reflects a deeper transformation: from an internal archival tool to a public digital infrastructure for all—a way to uniquely and verifiably reference software artifacts across contexts and borders.
Why It Matters
Software is at the core of innovation, but referencing it reliably has always been a challenge. SWHID addresses this by offering:
- 🧾 Intrinsic, verifiable, and immutable identifiers
- 🔍 Long-term traceability of code, even if moved or renamed
- 📚 Reproducibility in science and industry
- 🛡️ Support for compliance and cybersecurity regulation
With the adoption of ISO/IEC 18670, we now have a globally accepted framework for identifying software—just as we have ISBNs for books or DOIs for papers.
Community at the Core
This success is the result of years of collaboration within the broader software preservation and cybersecurity community. The journey included:
- The original development by Software Heritage
- Open community dialogue in the swhid-discuss forum
- Stewardship of the ISO fast-track process by the Joint Development Foundation
- A dedicated core team dedicated to the maintenance of the specification
This is a shared major acheivement—for everyone committed to making software a first-class, preservable, and referenceable citizen of our digital ecosystem.
SWHID in Action: Strengthening Cybersecurity
Software traceability is increasingly critical to regulatory compliance and cyber resilience. Our recent whitepaper outlines how SWHIDs contribute to this vision:
📄 Software Identification for Cybersecurity: Survey and Recommendations for Regulators 🖇️ Download PDF 🔍 HAL Repository Version
This work supports efforts like the EU’s Cyber Resilience Act by providing a concrete, open standard for identifying software components.
SWHID in Action: Enabling Reproducibility in Open Science
In scientific research, reproducibility depends on more than just data—it relies on exactly replicating the software used in analyses. SWHIDs provide a rock-solid way to archive and reference the precise version of code used in experiments.
Explore the guidelines on how to archive and cite software with SWHID to support reproducible science: 🔗 How to archive and reference code
And see how the integration with functional package managers like Guix or Nix allows to reach long term reproducible builds.
SWHID in Action: Promoting Transparency in AI
As AI systems become increasingly influential, the demand for transparency in the data and software used to train them is growing. SWHIDs offer a solution by enabling verifiable references to source code, contributing to more accountable and auditable AI.
Read Software Heritage’s position on AI transparency and the importance of proper referencing: 🧠 SWH Statement on Large Language Models for Code
What’s Next?
The SWHID journey doesn’t end here. Now that it’s an international standard, we invite everyone—developers, educators, researchers, policy makers—to adopt it, build on it, and share it.
✅ Explore the spec on swhid.org or in the 🔗 Official ISO Listing 🌐 Visit the official site: swhid.org 📬 Include it in your toolchains and supply chain policy
Together, we’ve transformed a powerful idea into a global asset. Here’s to a future where all software is identifiable, referenceable, and preserved.
#SoftwareHashIdentifier #SWHID #DigitalInfrastructure #Cybersecurity #OpenStandards #ISO #SoftwarePreservation #OpenSource #DigitalSustainability
