Software due diligence is essential in private equity buyouts. Learn about software security risks and proactive approaches to managing them.
We’ve been briefing private equity investment professionals on how software is developed today and the risks it creates in the software. The data we present is based on our experience auditing thousands of codebases for technology companies undergoing software due diligence. Understanding issues in the code allows investors to ensure that deal terms fairly allocate risk and to allow for addressing in forward-looking plans.
Watch the video to learn about the legal, security, and quality software risks to look for during a software due diligence and the approaches for managing those risks.
The briefing mentions these reference materials that may be of interest:
If you would like to better understand how these concepts might apply to your specific investments or how your competitors are addressing them, please contact us.
Phil is the general manager of Synopsys’s Black Duck Audit business auditing the composition, security and quality of software for companies on both sides of M&A transactions. He focuses on software due diligence best practices and the M&A market. He also works closely with the company’s law firm partners and the open source community and is a frequent speaker on open source management and M&A. Phil chairs the Linux Foundation's Software Package Data Exchange (SPDX) working group which created an ISO standard for Software Bills of Materials (SBOMs). With decades of software industry experience, Phil held senior management positions at Hammer/Empirix and High Performance Systems, a startup in computer simulation modeling. He began his career in marketing and sales with Teradyne's electronic design and test automation (EDA) software group. He’s also written a book on fly fishing. Phil has an AB and an MS in engineering from Dartmouth College.