Close

SoftWare Hash IDentifier (SWHID)

From Heritage to Hash: SWHID Becomes a Global ISO/IEC Standard

A significant step forward for digital infrastructure: the Software Hash Identifier (SWHID) has now been officially published as the ISO/IEC international standard 18670, on April 23, 2025.
🔗 Official ISO Listing 📘 Free Public Specification

A universal identifier for software

Drawing inspiration from established practices in distributed software development, Software Heritage created its « Software Heritage Identifier » nearly 10 years ago. This identifier now tracks over 50 billion software artifacts in its archive. Today, this identifier schema has grown into a globally recognized, community-driven standard. Rebranded as the Software Hash Identifier, SWHID is designed for universal adoption across archives, regulatory frameworks, research, industry, and beyond.

This name shift reflects a deeper transformation: from an internal archival tool to a public digital infrastructure for all—a way to uniquely and verifiably reference software artifacts across contexts and borders.

Why It matters

Software is at the core of innovation, but referencing it reliably has always been a challenge. SWHID addresses this by offering:

  • Intrinsic, verifiable, and immutable identifiers
  • Long-term traceability of code, even if moved or renamed
  • Reproducibility in science and industry
  • Support for compliance and cybersecurity regulation

With the adoption of ISO/IEC 18670, we now have a globally accepted framework for identifying software, just as we have ISBNs for books or DOIs for papers.

Community at the core

This success is the result of years of collaboration within the broader software preservation and cybersecurity community. The journey included:

This major achievement is shared by everyone dedicated to making software a first-class, preservable, and referenceable part of our digital world.

SWHID in action: Strengthening cybersecurity

Software traceability is increasingly critical to regulatory compliance and cyber resilience. Our recent whitepaper outlines how SWHIDs contribute to this vision:

Software Identification for Cybersecurity: Survey and Recommendations for Regulators 🖇️ Download PDF 🔍 HAL Repository Version

This work supports efforts like the EU’s Cyber Resilience Act by providing a concrete, open standard for identifying software components.

SWHID in action: Enabling reproducibility in Open Science

In scientific research, reproducibility depends on more than just data—it relies on exactly replicating the software used in analyses. SWHIDs provide a rock-solid way to archive and reference the precise version of code used in experiments.

Explore the guidelines on how to archive and cite software with SWHID to support reproducible science: 🔗 How to archive and reference code

And see how the integration with functional package managers like Guix or Nix allows us to reach long-term reproducible builds.

SWHID in action: Promoting transparency in AI

As AI systems become increasingly influential, the demand for transparency in the data and software used to train them is growing. SWHIDs offer a solution by enabling verifiable references to source code, contributing to more accountable and auditable AI.

Read Software Heritage’s position on AI transparency and the importance of proper referencing: SWH Statement on Large Language Models for Code.

What’s next?

The SWHID journey doesn’t end here. Now that it’s an international standard, we invite everyone—developers, educators, researchers, policy makers—to adopt it, build on it, and share it.

Explore the spec on swhid.org or in the Official ISO Listing, check out the official site swhid.org, and include it in your toolchains and supply chain policy

Together, we’ve transformed a powerful idea into a global asset. Here’s to a future where all software is identifiable, referenceable, and preserved.