-
Due Diligence and Compliance
Technical Due Diligence is a crucial part to business success as there are potential threats from all angles, such as: security issues, ownership rights, out of date components or legal requirements. Furthermore, with regulations and standards constantly changing, legal issues can arise that were not present before (See Compliance Watch to learn more about current standards).
Technical Due Diligence with Open Source Software
The Technical Due Diligence service from Source Code Control analyses the software applications in a number of key areas:
- How well is the open source software supply chain currently managed
- Perform Software Composition Analysis to produce a complete Software Bill of Materials (SBoM), giving a full list of open source software components and their attributes, such as licensing and security vulnerability status.
- Software design and architecture reviews
- Code quality assessments and complexity
- Cyclomatic Complexity
- Maintainability
- Lines of source code
- Lines of executable code
- Class Coupling
- Review Testing strategy
- Peformance and load testing
From this we can work with you to:
- Assist developers with the appreciation and adoption of quality processes
- Introduce best practices – removing the common issues from business as usual
- Provide customers with confidence in the steps you have taken, providing a competitive advantage
- Continue to work with you in the background to monitor issues e.g. new security vulnerabilities or changing licensing terms
- Provide bespoke training on best practices
- Future architecture advise
- Provide software developer resource
Smoke Testing
We offer our customers an initial smoke test to understand how many vulnerabilities there are within their software.
For further information on Open Source Compliance, click here