Software Integrity

Archive for the 'Legal' Category

 

Why you need to perform open source due diligence in an M&A transaction

Most companies involved with technology M&A understand the importance of open source risks in software. Today’s software contains significant amounts of open source, on average more than 50%, according to a 2018 Synopsys study. Consequently, it has become the norm for acquirers to raise open source questions as part of technical and legal due diligence. […]

Continue Reading...

Posted in Featured, Legal, Open Source Security

 

Webinar: Effective policies for managing and releasing open source software

The use of open source has surpassed the occasional and solidified itself as the standard. In fact, the Black Duck by Synopsys 2018 Open Source Security and Risk Analysis found that 96% of the applications we scanned last year contained open source components. It’s increasingly difficult to properly manage open source in an organization to ensure […]

Continue Reading...

Posted in Legal, Open Source Security, Webinar

 

The Apache Software Foundation can take a joke, but not when it comes to licensing

The Apache Software Foundation’s legal group is an interesting microcosm in which to study open source license issues. Generally, what the Apache Software Foundation (ASF) deems good is good for companies looking to consume open source, and what’s not is not. So their open discussions are useful to monitor if you want to keep tabs […]

Continue Reading...

Posted in Legal, Open Source Security

 

Software composition analysis & the secret ingredients for a successful M&A

Open source is everywhere. Researchers have been tracking its growth for years, but because open source is now so pervasive, they are increasingly concerned about the security of applications built on the foundation of open source components. The only way an organization can be sure of the open source in its codebase, other than by […]

Continue Reading...

Posted in Legal, Open Source Security, Software Composition Analysis

 

Celebrating freedom with free beer

America is unique (beyond being the only place on the planet not distracted by the World Cup). Amid heaps of controversy over our national identity, freedom remains central to the American culture and spirit. And so as we in the United States enjoy our hot dogs, beers, and fireworks on the Fourth of July, it […]

Continue Reading...

Posted in Legal, Open Source Security

 

Open source issues in an M&A target’s code: How do you know?

Until you ask, you don’t know how much open source a target has used, what components it uses, or what open source issues might be latent therein. That’s why open source questions are on the checklist of virtually every acquirer in a tech transaction. And the unfortunate reality is that even asking good questions doesn’t […]

Continue Reading...

Posted in Legal, Open Source Security

 

SCA for DevOps, DHS security, securing open source for GDPR, CVE gap

It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Legal, Open Source Security

 

Enhanced legal tab in Black Duck On-Demand audit reports

If you have reviewed any Black Duck On-Demand audit reports recently, you may have noticed improvements in the legal tab and the way we report on findings. The new report format has received some very positive reviews, the theme being that it makes reported results more actionable.

Continue Reading...

Posted in Legal, Open Source Security

 

Tech due diligence: Helping PE firms invest with confidence

When the private equity industry was in its infancy in the 1980s, the tech sector was barely on its radar. Tech is now attracting all types of private equity firms, with the sector representing over 40 percent of US buyouts last year, a trend reflecting the global M&A market, in which tech is also the most […]

Continue Reading...

Posted in Legal, Open Source Security

 

When software is the company, tech due diligence is critical

Best practices for a growing amount of firms involved in a merger/acquisition transaction (commonly known as an “M&A”) include a code audit whenever software is a significant part of the deal. And more and more firms are realizing that an open source code audit should be part of their overall tech due diligence process.

Continue Reading...

Posted in Legal, Open Source Security