The Synopsys Software Integrity Group is now Black Duck®. Learn More

Today's software is not created so much as assembled. The parts that serve as ingredients come from a variety of sources, but mostly from the millions of open source components freely available on the internet. This has enabled a digital transformation in several industries, helping market leaders speed their time to market, lower costs, and improve innovation.

But what are the licensing and security implications? This white paper, written by Phil Odence, general manager, Black Duck® Audits, examines the risks of open source in merger and acquisition (M&A) transactions, the best approaches to address those risks, and how to prioritize what and when to audit.

The paper answers critical questions such as:

  • What constitutes a tech transaction?
  • Why does it require an open source audit?
  • When in the due diligence process should an open source audit be conducted?
  • What are the risks of not performing an audit?