Free software enterprise products were exotic 20 years ago, so strong were the preconceptions about reliability and quality. Over the years, open source has strengthened its position in the IT market, gradually increasing the number of corporate users. Here is more about open source audits in M&A deals.
The purpose of the open-source audit
Today, many companies have already become aware of the legal requirements of open source licenses through an open-source audit. The need for such an audit arises when going through M&A procedures, IPOs, or new rounds of investment, when a report is required on third-party open-source components contained in proprietary software. In other words, such an audit can be initiated by different teams – legal departments, compliance, and security specialists in a company.
Gathering this information manually can be time-consuming, primarily if your product uses a lot of open source components. In addition, the share of open source in the codebase can be up to 60-80%, which further points to the need and value of controlling and managing open source components from the very beginning.
To help companies with open-source auditing, in 2002, startup Black Duck Software introduced the first open-source scanning solution to the market. This solution identified open source components and also provided information about their licenses. These scanners could scan code and identify pieces of code that resembled the code that appears in open source components. Users were notified about the similarity of the code and had to review such a snippet manually.
The first and most apparent advantage concerns the transparency of such decisions. Open source code allows you to analyze the code for bookmarks of special services. Security audit of open source projects is regularly carried out both by order of the community and government agencies.
Examples of M&A open source audits
In the area of M&A transactions and deals, the main focus on the buyer side is to understand whether the target has complied with security aspects of the software and license conformity when using the open-source audit components. On the other hand, the seller also improves their negotiating position if the software products for sale or details do not involve any risks. Therefore, there is a great deal of interest on the part of the buyer, in particular in checking the proof of IP rights and the license-compliant use of an open-source.
An IT infrastructure audit during the due diligence phase can help identify potential barriers to integration: incompatible platforms and solutions that do not meet business goals, are long out of date or do not add value.
IT infrastructure integration strategy for M&A transactions is based on the following points:
- Optimization of the IT infrastructure of the merged enterprises;
- Creation of a flexible, dynamic, and scalable IT architecture that can keep up with market trends and new technological solutions;
- Making informed decisions about which systems need to be integrated, modernized and which ones should be abandoned;
- Ensuring synergy within the IT infrastructure, end-user support, and system administration;
- Implementation of new systems that will optimize business performance.
An elementary part of every corporate transaction (M&A transaction), whether a merger, company acquisition, spin-off, or carve-out, is the economic and legal assessment of the target (due diligence). Evaluating the IT, license, and data protection management of the target is of decisive importance and too often neglected. It applies particularly to online or IT-driven targets and targets with traditional business models.