Software inventory refers to the process of cataloging and documenting all the software applications installed on the systems within the organization. Establishing an inventory of all software and applications running in the environment is not only a fundamental step to secure the organization, but a key step in application software security. Identifying software usage is necessary to ensure software assets are authorized, appropriately licensed, supported, and have the most recent security fixes applied. A current software inventory also helps demonstrate compliance with regulatory controls and Service Level Agreements (SLAs) for software used in the environment.
Performing regular software inventory checks also identifies unnecessary software running in the environment, which increases the attack surface without providing a business advantage. In addition, running unnecessary software creates overhead and an inefficient runtime environment. Finally, a software inventory helps identify applications using components with known vulnerabilities that may undermine application defenses and enable a range of possible attacks and impacts. For more information on software inventory see the Tenable Cyber Exposure Study, Establishing a Software Inventory.