Mergers and Acquisitions Technical Due Diligence

Identify Open Source Software and Third-Party Components

An Effective Merger & Acquisition Software Technical Due Diligence Requires Domain Expertise and Accurate Reporting

The emphasis in a merger and acquisition (M&A) project is on results that can impact go/no-go decisions, valuation or remediation costs. We deliver a high quality audit report more quickly than alternate methods and act as an arms-length, independent third party. Due to this independence, target companies are more willing to share code for OSS license compliance and application security analysis prior to a definitive agreement. Our process ensures the highest possible confidentiality and projects are treated on a need-to-know basis.

Since time and communication are critical, our processes are highly responsive:

  • Engagements often start the same day that a client makes the first contact with us
  • Our auditors will make interim reports as required to help make immediate decisions during the negotiation
  • Scope and depth is tailored to the time available, with initial results focusing on IP issues that represent the most challenging remediation
  • Reports can be expanded to the forensic level to provide a full understanding of the code being acquired

Internal Baselines

Our audit services team can also be an effective, fast choice for a number of non-M&A situations, including:

  • When you are receiving a code drop from an outsourced supplier
  • At a key development milestone
  • When a sales contract calls for disclosure of code content
  • When you anticipate making a software project open source
  • If you anticipate interest from potential acquirers
  • IP litigation

Internal Baseline Quick Start

An audit services engagement is an efficient way to augment your staff for the initial scans and analysis to understand your use of open source and third-party components to ensure your IP compliance process up and running faster. Our services team will conduct the initial audits and ensure that the results are live in your system for immediate use. As the internal baselines proceed, we can also transfer information to your internal staff to ensure knowledge of system operation and analysis best practices.

Overview Audit

An overview audit identifies the major open source and commercial components that make up a software development project. It uses some or all types of detection techniques, such as copyright detection, license detection, Java Namespace detection, exact file match to known open source content, email/URL detection and version detection.

Detailed Audit

A detailed audit is appropriate when the cost of accidental infringement is high or circumstances suggest that copyrights or license text may have been removed. A detailed audit expands the overview audit and makes extensive use of source code fingerprint analysis to identify partial matches, such as a cut-and-paste. Auditors are tasked to spend additional analysis time to fully explain the origin of evidence.