Intellectual property is the top priority in M&A
“When you buy a software company, the intellectual property is the crown jewel,” Clark says. Finding efficient, reliable ways to evaluate the quality and provenance of intellectual property, including software code, during acquisitions had always been a priority for Spirent. But the importance of this due diligence recently became even more apparent. “If the architecture isn’t done correctly, we can’t integrate the code from the target company into Spirent code,” Clark says. “It becomes more difficult and expensive for us.”
During one potential acquisition, it became clear relatively late in the process that the target company’s software code had serious problems. “We walked away from the deal, and this was the primary reason why,” he explains. “The code was a train wreck. Our engineers said it would have taken 10 engineers two years to fix the code. That’s what first spurred our internal conversation about code quality audits.”
Since this failed acquisition attempt, Spirent has retained Synopsys for its Black Duck Open Source and Third-Party and Code Quality Audits. “Black Duck audits have become a standard part of our due diligence when we buy a software company,” Clark says. “We do it every time.” At one time, Spirent didn’t assume its target acquisitions would have open source included in their codebase, but that time has passed. Open source is now an issue in every potential software company acquisition.
“There’s so much open source code out there, but people aren’t necessarily using it correctly,” he adds. “I’ve now learned there will never be an acquisition where we won’t find some type of problem with open source code. Every time we’ve run a Black Duck code scan, we’ve found some type of violation.”
And according to recent research from Gartner, companies will need to become even more vigilant regarding open source code problems as these projects become more widely used throughout large corporate enterprises. Gartner analyst Mark Driver notes that “by 2020, quality and security defects publicly attributed to open source projects will increase significantly, driven by a growing presence within high-profile, mission-critical and mainstream IT workloads.”1
Synopsys’ well-known Black Duck Open Source and Third-Party Audit identifies open source components in a codebase and any associated risks. The Code Quality Audit is focused on identifying risk in the code or its construction techniques that can lead to quality issues. The audit determines whether code is built using industry best practices, structured to enable efficient ongoing development, and sufficiently well documented. Code is examined for functionality, reliability, usability, efficiency, and maintainability. The result of this examination is a comprehensive analysis, including comparative benchmarks and metrics, which can be used to form a plan to address code problems.