Reduce open source risk in M&A with software due diligence

The vast majority of today’s applications are made up of open source components. The 2021 “Open Source Security and Risk Analysis” (OSSRA) report, conducted by the Synopsys Cybersecurity Research Center (CyRC), found that 75% of the 1,500+ codebases analyzed were composed of open source.

AWS Builder Community Hub

Understanding what’s in your codebase is essential, and for M&A transactions it’s one of the key drivers for performing software due diligence. Identifying open source risks, security flaws, and code quality issues ensures there are no surprises for acquirers, and earlier detection protects the value of a deal.

Phil Odence, general manager of Black Duck Audits at Synopsys, oversees a team that advises on the software due diligence activities of over 500 M&A transactions every year. He spoke with Transaction Advisors on the importance of software due diligence and the critical information organizations can get from them. He also discusses the impact the pandemic has had on M&A due diligence over the last year. Watch the interview to learn more.

*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: