For those being acquired, be warned that discovering these problems late in the game can dramatically affect the final purchase price, trigger the need for additional/longer/enhanced escrows, delay closing or even cause an acquisition to be called off altogether. And this doesn’t apply strictly to M&A, if you’re looking to raise or borrow money, you better be sure your code is in order before you start opening the hood to potential investors or lenders since they too will want to be certain that you have the rights to the IP assets that you claim.
In Black Duck’s experience performing code audits for M&A due diligence, 75 percent of companies find unknown licenses. In fact, over 95 percent find open source that the target didn’t know was in there – and in 5 percent of cases, the deal never materializes because of what is found!
In order to avoid these potential M&A deal breakers, you should, at a minimum:
- Regularly scan your code, and the code of potential acquisition targets, to determine what open source components and licenses are in use
- Properly manage your use of open source by continually tracking it throughout the application development lifecycle, implementing clear policies and procedures around its use
- Ensure that you are compliance with all applicable open source licensing obligations
We can all agree on the many benefits that come with using open source software, yet companies need to keep in mind the critical importance of open source code analysis and compliance before it impacts the value of their software assets and potential impacts M&A transactions. This is no longer just an issue for engineers -- code awareness and security affects the entire company and should not be taken lightly.