Description
Speaker: Thomas Aynaud, CTO at Software Heritage
The Software Hash Identifier (SWHID[1]) is an intrinsic identifier for software source code and artifacts that became an international standard in April 2025 (ISO/IEC 18670:2025[2]). As an open standard, SWHID is developed under open governance and was originally championed by Software Heritage[3], which remains its largest and most prominent use case.
Intrinsic identifiers like SWHID will play a foundational role in activities where provenance, reproducibility, auditing, and SBOMs are essential—such as in industries with complex supply chains, safety-critical systems, highly regulated sectors, and security-sensitive environments.
With recent legislation worldwide making SBOMs mandatory or strongly encouraged, their creation and maintenance have become increasingly challenging, especially for organizations managing complex supply chains. SWHID offers a significant simplification, which explains the growing interest and early adoption.
In this talk, Thomas Aynaud will present Software Heritage missions and data model, introduce the concept of intrinsic identifiers, explain the SWHID specification, and present its open standard governance model. He will share how open source projects and companies can adopt and benefit from SWHID through real-world use cases. The session will conclude with a summary of the key advantages of SWHID and an update on Software Heritage’s plans to support its development and adoption in the coming months.