Open Source Due Diligence Audit 2021-10-20T10:54:22+00:00

Open Source Audits

Support Technology M&A Due Diligence by Providing Open Source Audits

opensource1

Open Source Due Diligence

Open-source code is widely used by software development companies to accelerate development and reduce costs. The use of open-source code creates challenges if the code breaches any licensing rules.

Escrow London performs audits of software code bases to detect and identify the existence of open-source code. The Escrow London Open Source team creates a detailed report identifying the open-source code and their corresponding licenses.

There Are Many Common Open-Source Licenses Including:

  • GPL
  • LGPL
  • MPL
  • AGPL
  • GNU
  • Apache

When are open-source code audits used?

Investment – The opportunity to invest in a software or SaaS company may be tempting. Before investing you need to ensure that the IP of the company is owned by that company and does not contain open-source code which may negatively affect the value of the company.

Acquisition (M&A) – During the acquisition of a software company or the intellectual property (IP) belonging to a company, it is essential to identify if any of these products contain open-source code not owned by that company. For example, if open-source code with a GPL license exists within the code base, this will most likely be problematic.

Outsourced Developer – If you subcontract software development to a third-party developer, you may request assurances or warranties that the codebase does not contain any open-source code. In order to determine if the developer is keeping to their end of the agreement, it is essential to conduct an open-source code audit to verify compliance.

SecurityThe use of open-source code comes with security risks as the code is available to the public. Hackers can use this code to seek out and exploit vulnerabilities that may exist. Research has shown that 78% of audited codebases contained at least one open-source vulnerability, of which 54 percent were high-risk ones that hackers could exploit. An open-source code audit will assist in identifying known vulnerabilities in a codebase containing open-source code.

Open Source Code Audit Reports

The final audit report provides a complete overview of the Build of Materials including:

  • An inventory of all source code files contained within the codebase
  • List of files containing copyrights
  • List of files containing licenses
  • List of open-source licenses linked to this code
  • Detailed report authored by an open-source licensing expert identifying possible constraints, potential IP issues, and known security vulnerabilities with the audited open-source code. 
software audit

Extracts from sample audit reports

M&A Due Diligence

When acquiring a technology company, as the buyer, you need to identify if there could be any underlying licensing issues with the technology. The most common issues arise from the use of open-source code within the development cycle. The only way to mitigate these potential risks is to understand exactly what code and licenses have been used to build the technology. During an M&A due diligence process, the seller will generally be hesitant to hand over their source code to a potential buyer.

Escrow London is a trusted 3rd party that specializes in source code verification and audits. We can quickly analyze software and technology builds to support an M&A due diligence process.

 

opensource2

Looking for an Open Source Code Audit?

Leading Companies Trust Escrow London

YES! I want a free quote

If you have any questions about our services or would like to receive a free quote, simply fill in your details and we will be in touch with you.