Software Audit

A software audit may be required for many different business reasons, but some of the most common are:

•    Software acquisitions – You want to know the origin and license obligations for a software product or component that you plan to acquire.  This may be as simple as confirming that a prospective software product complies with your organization standards for licensing or as complex as acquiring a whole software company.

•    Product release – You want to ensure that your software or hardware (with embedded software) product complies with your licensing rules and that it will not create risks for your customers.  There is a small, but growing, trend of customer demand for a certified bill of materials for software similar to familiar standards in most manufacturing supply chains.

•    Systems inventory – You want to identify the origin and license for all components of your IT software systems to confirm that you are in compliance with company and industry standards.

Baseline Analysis
In any of these cases, the initial task is a baseline analysis of the code base for your software product(s) or system(s).  This baseline analysis should include both the development code base (typically some combination of source code and binary libraries) and the deployment code base (a copy of the code that will actually be deployed).  The output of the baseline analysis is a complete annotated bill of materials for the product or system including origin and license for all components and a report of any issues identified along with practical recommendations for remediation.

Continuing Audit
After you have a valid Bill of Materials for your software product or system, you should implement a process for continuing audits so that your software origin and license information is always current.  The effort required to perform an incremental software audit at each release point is much, much smaller than the effort to redo a baseline analysis after a few releases.

Software Audit Results

A summary of our experience is:

More than 50 software audit projects completed to-date, primarily for due diligence during a software company, product acquisition and pre-release product audit
The aggregated value of the acquisitions is more than $1.5Bn.
nexB is recognized by the acquiring and acquired companies as a fair and trusted intermediary.
nexB has identified licensing and quality issues in each case along with practical remediation steps.