Aug 1

Over the past 3 years, we have conducted over 100 open source audits.  Almost all of our customers were software developers, who were developing their own software, but had also added in significant open source into their software.

Here are some of the key situations that necessitated an audit:

Company was being acquired – Usually, the acquiring company will audit the seller’s intellectual property. Since the valuation of the company can be driven down by a negative audit result, it is wise to pre-audit your source code, using a professional audit firm.  Any issues can be discovered and rectified before the formal audit by the acquirer.

Company is acquiring another company – The acquirer will inherit any IP issues from the seller.   Almost all of the larger acquirers will use audit software and a professional audit firm to uncover issues prior to the closing.

Company is a large technology provider and incorporates software from a variety of supply chain participants – The lawsuits have tended to focus on the larger companies with bigger pockets, and the courts have ruled that if a company distribute software provided by someone else, and if that software has licensing issues, the distributor is equally liable as the original supplier.  This means that most large technology provider have decided to require audits from their upstream software suppliers.

Company is a software supplier to a larger technology provider. As the technology provider will require an audit, it is often a good idea to do a preliminary audit which will discover and rectify any issues.