Open Source Software (OSS) is everywhere and its popularity and usage are ever growing. Revenera research shows that in a typical technology acquisition usage of OSS and third-party software in codebases is more than 50%. However companies declare and/or have knowledge of only around 2%-10%. This is primarily due to the lack of 1) Tracking usage and maintaining detailed disclosures and 2) Using Software Composition Analysis (SCA) to scan deep and often enough.
During a technology due diligence, the discovery of unknown or unreported OSS and third-party software in a Target’s applications/products can impact the overall success of the Merger & Acquisition (M&A). The buy side needs to have a good understanding of the composition of the incoming technology prior to deal close in order to uncover any potential OSS license violations and security vulnerabilities. The discovery of such issues can lead to unforeseen delays due to remediation efforts by the Target, deal price reduction, or in the worst case the entire deal falling through.
As a part of the standard due diligence process for technology acquisitions, buyers typically request the seller’s OSS and third-party disclosure documents. They may also want the source code to be scanned by an independent 3rd party service provider to create a detailed Software Bill of Materials (BOM) and check for potential OSS licensing and security risks.
During this webinar, KPMG LLP and Revenera will discuss leading practices, common pitfalls and other important considerations for the buy side.
Key topics will include:
Jeff Luszcz is the VP of Product Management for Revenera’s Software Composition Analysis products. His team builds products for the discovery and management of compliance and security vulnerabilities associated with the use of open source software. Prior to Revenera, Jeff was the Founder and CTO of Palamida, one of the first providers of open source scanning tools. Since 2004, he has helped hundreds of software companies understand how to best use open source while complying with their license obligations and keeping on top of security issues.
Paul is a Principal in KPMG’s Major Projects and Contract Advisory practice in Silicon Valley. He focuses on software asset management and license compliance. Paul has over 30 years of IT business experience with a strong international track record having completed engagements in Europe and the Middle East prior to joining the US firm in 2005. Paul has significant software industry experience having worked with several major publishers and now leads KPMG US Software Asset Management (SAM) practice. Prior to joining KPMG in 1998, Paul worked for 10 years in IT as a systems developer and project manager where he led several major system implementations.
Indira Bhatt is a Manager in KPMG’s San Francisco Advisory practice with over 8 years of experience in the area of Open Source Software (OSS) pre and post deal due diligence. She has extensive experience in setting up OSS compliance teams including leading, training and mentoring junior and senior analysts.