Imagine you are buying or investing a software company. There is, of course, value in the people, buildings, hardware etc, but the majority of what your hard-earned money obtains is… the software.

Now, imagine that you complete the purchase or investment only to find out that there are:

• Claims from other people asserting that they own part of the software
• Security problems in the software which are causing issues for customers
• Out of date components in use which leaves the software open to cyber-attack
• Unintended legal requirements for the sourse code to be made available

Clearly, this is a worse case scenario, but similar outcomes are all too common. And regardless of whether you are the buyer or the seller, the time to find out is not during a transaction!

The Technical Due Diligence service from Source Code Control will analyse the software looking for exactly these problems.

We will then work with you to:

• Assist developers with the appreciation and adoption of quality processes
• Introduce best practice – removing the common issues from business as usual
• Prove to your customers the steps which YOU have taken – and so provide competitive advantage

Continue to work with you in the background to monitor issues e.g. new security vulnerabilities or changing licensing terms.

What is invovled

Our technical due diligence service will assess two areas:

1. Process - How well is the open source software supply chain currently managed? This will be compared against the lates industry best practice from the OpenChain Project 

We will perform an independent review and identify strengths and weakenesses using our OpenChain Conformance assessment tool.

2. Source Code Review - We will perform a Software Composition Analyis of source code to produce a complete Bill of Materials which will give a list of all 3rd party open source software components and their attributes such as licensing and security vulnerability status.