The software due diligence process, in which the acquirer performs a comprehensive review of the target’s software and their compliance practices, is a standard part of any merger or acquisition when software intellectual property (IP) is on the table.
Often overlooked during the software due diligence process is the need to determine the origin of the target’s software assets. Modern software is more often assembled than written, and it's likely to contain third-party code, open source components and code snippets, and even links to external web services, as well as custom, proprietary code.
The risks of acquiring software include license conflicts, security vulnerabilities, quality issues, and maintainability concerns over time.
And the risks aren't limited to open source. Modern applications don't include just proprietary code, third-party commercial software, and open source, they also increasingly use external web services that are called through application programming interfaces (APIs). Those web services may expose companies to additional risks that could severely impact their business.
Our eBook, "Taking a Comprehensive Approach to Software Audits in Merger and Acquisition Transactions," includes everything a buyer and seller need to consider when it comes to software due diligence.