Open Source Audits
Support Technology M&A Due Diligence by Providing Open Source Audits
Open Source Due Diligence
Open-source code is widely used by software development companies to accelerate development and reduce costs. The use of open-source code creates challenges if the code breaches any licensing rules.
Escrow London performs audits of software code bases to detect and identify the existence of open-source code. The Escrow London Open Source team creates a detailed report identifying the open-source code and their corresponding licenses.
There Are Many Common Open-Source Licenses Including:
When are open-source code audits used?
Investment – The opportunity to invest in a software or SaaS company may be tempting. Before investing you need to ensure that the IP of the company is owned by that company and does not contain open-source code which may negatively affect the value of the company.
Acquisition (M&A) – During the acquisition of a software company or the intellectual property (IP) belonging to a company, it is essential to identify if any of these products contain open-source code not owned by that company. For example, if open-source code with a GPL license exists within the code base, this will most likely be problematic.
Outsourced Developer – If you subcontract software development to a third-party developer, you may request assurances or warranties that the codebase does not contain any open-source code. In order to determine if the developer is keeping to their end of the agreement, it is essential to conduct an open-source code audit to verify compliance.
Security – The use of open-source code comes with security risks as the code is available to the public. Hackers can use this code to seek out and exploit vulnerabilities that may exist. Research has shown that 78% of audited codebases contained at least one open-source vulnerability, of which 54 percent were high-risk ones that hackers could exploit. An open-source code audit will assist in identifying known vulnerabilities in a codebase containing open-source code.
Open Source Code Audit Reports
The final audit report provides a complete overview of the Build of Materials including:
- An inventory of all source code files contained within the codebase
- List of files containing copyrights
- List of files containing licenses
- List of open-source licenses linked to this code
- Detailed report authored by an open-source licensing expert identifying possible constraints, potential IP issues, and known security vulnerabilities with the audited open-source code.
Extracts from sample audit reports
M&A Due Diligence
When acquiring a technology company, as the buyer, you need to identify if there could be any underlying licensing issues with the technology. The most common issues arise from the use of open-source code within the development cycle. The only way to mitigate these potential risks is to understand exactly what code and licenses have been used to build the technology. During an M&A due diligence process, the seller will generally be hesitant to hand over their source code to a potential buyer.
Escrow London is a trusted 3rd party that specializes in source code verification and audits. We can quickly analyze software and technology builds to support an M&A due diligence process.
Looking for an Open Source Code Audit?
Leading Companies Trust Escrow London
YES! I want a free quote
If you have any questions about our services or would like to receive a free quote, simply fill in your details and we will be in touch with you.