Software Audit Issues for Acquisition Due Diligence

When you consider acquiring a company, you need to know about any software licensing risks associated with open source software product and how to mitigate them. Most sellers do not have current and accurate data about the open source code in their products, but they will not want to show you their source code either.

nexB is a trusted third-party who can quickly analyze products of any size and technology to support your acquisition due diligence process. We provide a turnkey service that minimizes the impact on both Buyer and Seller while you are both very busy with other activities. A nexB software audits provide you with a comprehensive and actionable report of software IP issues supported by a detailed software inventory at the component and file level. We can also tailor the depth of analysis to fit your concerns and schedule.

Why nexB?

We have a deep knowledge in software license and origin analysis across languages and environments ranging from consumer devices to very large enterprise systems. We do not offer any legal advice, but we can provide our deep technical experience as open source developers and also our deep knowledge of best practices and open source community standards.

Two key reasons to engage nexB for acquistion due diligence are

  • We combine automated analysis tools and our expertise to clearly define Issues and practical remediation actions to address them. This enables you to directly apply the audit findings to your acquisition negotiations.
  • We can identify the subset of software from your Development codebase that you actually distribute or deploy. This is critical information to identify the potential impact of a software IP risk because open source license obligations are typically different for external versus internal use. We have performed more than 500 software audit projects.

The deliverables from a Acquisition Due Diligence Audit include:

Software BOM

A Software Bill of Materials (BOM) file that provides a complete inventory of all the Open Source code in your Development codebase with identification of which Deployed products use each Development codebase component

Software Audit Report

A summary Software Audit Report with concrete remediation actions that the engineering team can use as a checklist to fix any potential issues found during the audit.