SlideShare une entreprise Scribd logo

nexB Software Audit M&A: What to expect as a Seller

nexB Inc.
nexB Inc.

If your company is being acquired, the open source software due diligence is something you will have to deal with. nexB can help in this process. See http://www.nexb.com/services.html

BusinessTechnologie
1  sur  18
Télécharger pour lire hors ligne
Software Provenance Analysis - Acquisition Due Diligence What to expect as a Seller? © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Agenda • About nexB – What nexB does – Our experience • Software Audit: M&A – Software Analysis Scope – Software Audit Process – Software Audit Tools – Software Analysis Deliverables • Additional Information – Why nexB? – Contact us © 2014 nexB Inc. All rights reserved. Confidential and proprietary
About nexB What nexB does • Enable component-based software development – Software provenance analysis services – Software asset management tools © 2014 nexB Inc. All rights reserved. Confidential and proprietary • Software audit services – Acquisitions – Software product releases • Expertise in all software IP• Active OSS developers
About nexB Our experience is our difference • Recognized by the buyers and target companies as: – experts in software origin analysis – a fair and trusted intermediary • We identifies issues along with practical remediation steps • 350+ software audit projects completed to-date © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Software Analysis Scope Commercial Code © 2014 nexB Inc. All rights reserved. Confidential and proprietary Original Code Open Source Code
Software audit: M&A Software Audit Process © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Step 1: Preparation - 1 week (1/2) • Establish NDA with your company – Two-way (nexB/Seller) or Three-way (nexB/Seller/Buyer) • Understand our Software Audit Process – One hour or less conference call to go through the audit steps with you and your team è Many sellers can be anxious about the process, we understand: – General level of anxiety is inversely proportional to prior M&A experience of executives – We do help you understand our process to make you comfortable © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Step 1: Preparation (2/2) • Scope the audit effort – Comprehensive questionnaire provided by nexB – Size of code base – number of files and lines of source code – Disclosure of known third-party and open source software – Architecture and software development process documentation è No extra work needed! – The quality of the disclosures you provide is essential, however we do not ask you to create special documentation for the only purpose of the audit project © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Step 2: Software Analysis – 2 weeks (1/3) • After nexB has access to the code, we schedule a telephone interview: – One hour or less – Involved your senior technical contact(s) – Goal is to understand your development process and open source and third party policies in greater details è We limit our demands on your team because we know you are always over-tasked during acquisition due diligence. – During the project, we will need responses to ad-hoc technical questions within 24 hours (usually via email) © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Step 2: Software Analysis (2/3) • Analysis Activities: – Discovery: scan files for license and copyright texts – Identification: match target code to reference code repository for origin and license detection (based on digital “fingerprints”) – Map deployed code to development code to validate that you are auditing the right code ( i.e. the deployed/distributed code) – Analyze software interaction and dependencies patterns for copyleft-licensed components (with specifics on Linux) © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Step 2: Software Analysis (3/3) è Results: – Software Inventory and Bill(s) of Materials – Draft findings & recommendations © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Step 3: Review & Report – 1 week (1/2) • Activities: Draft report – Remediation actions – specific and actionable, that make business and technical sense – Recommendations for code management policies and processes – Review draft with engineering/product team: we need your review of the draft report documents (24 hour turnaround) before we share it with the buyer – Incorporate feedback and answers where appropriate © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Step 3: Review & Report (2/2) Results • Final Software Inventory / BOM spreadsheets • Final Report - narrative with executive summary, project data and summary of the Action items and Responses © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Software Audit Tools • nexB typically uses a combination of tools for a software audit – Our own DejaCode™ toolkit is the primary tool – Other tools used as needed or as licensed by a customer (open source or commercial) • Multiple layers of analysis – Discovery: direct scan for license and copyright notices – Identification: component matching for open source and publicly available third-party components (freeware/proprietary) – Analysis of source code and pre-built libraries (binary) – Interaction and dependency analysis as needed • Review and validation by software experts • All require expert humans to interpret the results! © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Software audit: M&A Software Analysis Deliverables • Complete inventory of OSS and third-party components in Development codebase(s) • Bill of materials for Deployed product components • Specific Action items and recommended actions for resolution that can be factored into the deal terms – Including possible exposure for older product versions – Detailed analysis for copyleft “contamination” • Checklist of commercial components as input to due diligence for contract review • Analysis of how much code is original versus borrowed (OSS) or purchased (Commercial) © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Additional Information Why nexB (1/2) 100% of our customers are repeat customers and references We have a balanced approach – Automated code analysis AND analysis by software experts – Direct consultation with engineering, management and legal teams – Concrete Action items with recommended nexB action resolution and seller Responses © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Additional Information Why nexB (2/2) • Trusted third party – Mitigates confidentiality concerns of a seller company – Maintains proper segregation of information during acquisition negotiations – Enables objective analysis with appropriate consideration of feedback from all parties © 2014 nexB Inc. All rights reserved. Confidential and proprietary
Additional Information Contact us Contact person: Pierre Lapointe, Customer Care Manager plapointe@nexb.com + 1 415 287-7643 More information: http://www.nexb.com/ © 2014 nexB Inc. All rights reserved. Confidential and proprietary

Recommandé

Managing Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub EraManaging Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub EranexB Inc.
 
Open source software governance with DejaCode
Open source software governance with DejaCodeOpen source software governance with DejaCode
Open source software governance with DejaCodenexB Inc.
 
Managing Open Source Software License Compliance with DejaCode
Managing Open Source Software License Compliance with DejaCodeManaging Open Source Software License Compliance with DejaCode
Managing Open Source Software License Compliance with DejaCodenexB Inc.
 
How to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCodeHow to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCodenexB Inc.
 
Software audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexBSoftware audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexBnexB Inc.
 
nexB: Software Audit for Acquisition Due Diligence
nexB: Software Audit for Acquisition Due DiligencenexB: Software Audit for Acquisition Due Diligence
nexB: Software Audit for Acquisition Due DiligencenexB Inc.
 
Managing Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software ComplianceManaging Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software CompliancenexB Inc.
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 

Recommandé

Managing Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub EraManaging Open Source Software in the GitHub Era
Managing Open Source Software in the GitHub EranexB Inc.
 
Open source software governance with DejaCode
Open source software governance with DejaCodeOpen source software governance with DejaCode
Open source software governance with DejaCodenexB Inc.
 
Managing Open Source Software License Compliance with DejaCode
Managing Open Source Software License Compliance with DejaCodeManaging Open Source Software License Compliance with DejaCode
Managing Open Source Software License Compliance with DejaCodenexB Inc.
 
How to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCodeHow to Manage Open Source requirements with AboutCode
How to Manage Open Source requirements with AboutCodenexB Inc.
 
Software audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexBSoftware audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexBnexB Inc.
 
nexB: Software Audit for Acquisition Due Diligence
nexB: Software Audit for Acquisition Due DiligencenexB: Software Audit for Acquisition Due Diligence
nexB: Software Audit for Acquisition Due DiligencenexB Inc.
 
Managing Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software ComplianceManaging Software Inventories & Automating Open Source Software Compliance
Managing Software Inventories & Automating Open Source Software CompliancenexB Inc.
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationnexB Inc.
 
Open source governance with Dejacode
Open source governance with DejacodeOpen source governance with Dejacode
Open source governance with DejacodenexB Inc.
 
nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS IntroductionnexB Inc.
 
Identifying third party software with ScanCode
Identifying third party software with ScanCodeIdentifying third party software with ScanCode
Identifying third party software with ScanCodenexB Inc.
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product releasenexB Inc.
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementProtecode
 
Practical Steps to Scale Legal Support for Open Source
Practical Steps to Scale Legal Support for Open SourcePractical Steps to Scale Legal Support for Open Source
Practical Steps to Scale Legal Support for Open SourceBlack Duck by Synopsys
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
Using Perforce Data in Development at Tableau
Using Perforce Data in Development at TableauUsing Perforce Data in Development at Tableau
Using Perforce Data in Development at TableauPerforce
 
Software Testing in a Distributed Environment
Software Testing in a Distributed EnvironmentSoftware Testing in a Distributed Environment
Software Testing in a Distributed EnvironmentPerforce
 
Supporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce HelixSupporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce HelixPerforce
 
Global Software Development powered by Perforce
Global Software Development powered by PerforceGlobal Software Development powered by Perforce
Global Software Development powered by PerforcePerforce
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackAaron G. Sauers, CLP
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsSteve Markey
 
Implementing Continuous Delivery with Enterprise Middleware
Implementing Continuous Delivery with Enterprise MiddlewareImplementing Continuous Delivery with Enterprise Middleware
Implementing Continuous Delivery with Enterprise MiddlewareXebiaLabs
 
Ankur_Srivastava
Ankur_SrivastavaAnkur_Srivastava
Ankur_Srivastavaasrivastava014
 
From ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelFrom ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelPerforce
 
RDAP @ .at
RDAP @ .at RDAP @ .at
RDAP @ .at Alex Mayrhofer
 
Perforce Helix Never Dies: DevOps at Bandai Namco Studios
Perforce Helix Never Dies: DevOps at Bandai Namco StudiosPerforce Helix Never Dies: DevOps at Bandai Namco Studios
Perforce Helix Never Dies: DevOps at Bandai Namco StudiosPerforce
 
Accelerating Software Development with NetApp's P4flex
Accelerating Software Development with NetApp's P4flexAccelerating Software Development with NetApp's P4flex
Accelerating Software Development with NetApp's P4flexPerforce
 
Source Control for the Oracle Database
Source Control for the Oracle DatabaseSource Control for the Oracle Database
Source Control for the Oracle DatabaseGerger
 
Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principlessaurabhshertukde
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Protecode
 

Contenu connexe

Tendances

Open source governance with Dejacode
Open source governance with DejacodeOpen source governance with Dejacode
Open source governance with DejacodenexB Inc.
 
nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS IntroductionnexB Inc.
 
Identifying third party software with ScanCode
Identifying third party software with ScanCodeIdentifying third party software with ScanCode
Identifying third party software with ScanCodenexB Inc.
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product releasenexB Inc.
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementProtecode
 
Practical Steps to Scale Legal Support for Open Source
Practical Steps to Scale Legal Support for Open SourcePractical Steps to Scale Legal Support for Open Source
Practical Steps to Scale Legal Support for Open SourceBlack Duck by Synopsys
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseNetSPI
 
Using Perforce Data in Development at Tableau
Using Perforce Data in Development at TableauUsing Perforce Data in Development at Tableau
Using Perforce Data in Development at TableauPerforce
 
Software Testing in a Distributed Environment
Software Testing in a Distributed EnvironmentSoftware Testing in a Distributed Environment
Software Testing in a Distributed EnvironmentPerforce
 
Supporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce HelixSupporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce HelixPerforce
 
Global Software Development powered by Perforce
Global Software Development powered by PerforceGlobal Software Development powered by Perforce
Global Software Development powered by PerforcePerforce
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackAaron G. Sauers, CLP
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsSteve Markey
 
Implementing Continuous Delivery with Enterprise Middleware
Implementing Continuous Delivery with Enterprise MiddlewareImplementing Continuous Delivery with Enterprise Middleware
Implementing Continuous Delivery with Enterprise MiddlewareXebiaLabs
 
From ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelFrom ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelPerforce
 
Perforce Helix Never Dies: DevOps at Bandai Namco Studios
Perforce Helix Never Dies: DevOps at Bandai Namco StudiosPerforce Helix Never Dies: DevOps at Bandai Namco Studios
Perforce Helix Never Dies: DevOps at Bandai Namco StudiosPerforce
 
Accelerating Software Development with NetApp's P4flex
Accelerating Software Development with NetApp's P4flexAccelerating Software Development with NetApp's P4flex
Accelerating Software Development with NetApp's P4flexPerforce
 
Source Control for the Oracle Database
Source Control for the Oracle DatabaseSource Control for the Oracle Database
Source Control for the Oracle DatabaseGerger
 

Tendances (20)

Open source governance with Dejacode
Open source governance with DejacodeOpen source governance with Dejacode
Open source governance with Dejacode
 
nexB - FOSS Introduction
nexB - FOSS IntroductionnexB - FOSS Introduction
nexB - FOSS Introduction
 
Identifying third party software with ScanCode
Identifying third party software with ScanCodeIdentifying third party software with ScanCode
Identifying third party software with ScanCode
 
nexB - Software audit for product release
nexB - Software audit for product releasenexB - Software audit for product release
nexB - Software audit for product release
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software Management
 
Practical Steps to Scale Legal Support for Open Source
Practical Steps to Scale Legal Support for Open SourcePractical Steps to Scale Legal Support for Open Source
Practical Steps to Scale Legal Support for Open Source
 
Thick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash CourseThick Application Penetration Testing - A Crash Course
Thick Application Penetration Testing - A Crash Course
 
Using Perforce Data in Development at Tableau
Using Perforce Data in Development at TableauUsing Perforce Data in Development at Tableau
Using Perforce Data in Development at Tableau
 
Software Testing in a Distributed Environment
Software Testing in a Distributed EnvironmentSoftware Testing in a Distributed Environment
Software Testing in a Distributed Environment
 
Supporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce HelixSupporting Digital Media Workflows in the Cloud with Perforce Helix
Supporting Digital Media Workflows in the Cloud with Perforce Helix
 
Global Software Development powered by Perforce
Global Software Development powered by PerforceGlobal Software Development powered by Perforce
Global Software Development powered by Perforce
 
Open-Source Software Panel - IP Track
Open-Source Software Panel - IP TrackOpen-Source Software Panel - IP Track
Open-Source Software Panel - IP Track
 
Reverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clientsReverse_Engineering_Thick-clients
Reverse_Engineering_Thick-clients
 
Implementing Continuous Delivery with Enterprise Middleware
Implementing Continuous Delivery with Enterprise MiddlewareImplementing Continuous Delivery with Enterprise Middleware
Implementing Continuous Delivery with Enterprise Middleware
 
Ankur_Srivastava
Ankur_SrivastavaAnkur_Srivastava
Ankur_Srivastava
 
From ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelFrom ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
 
RDAP @ .at
RDAP @ .at RDAP @ .at
RDAP @ .at
 
Perforce Helix Never Dies: DevOps at Bandai Namco Studios
Perforce Helix Never Dies: DevOps at Bandai Namco StudiosPerforce Helix Never Dies: DevOps at Bandai Namco Studios
Perforce Helix Never Dies: DevOps at Bandai Namco Studios
 
Accelerating Software Development with NetApp's P4flex
Accelerating Software Development with NetApp's P4flexAccelerating Software Development with NetApp's P4flex
Accelerating Software Development with NetApp's P4flex
 
Source Control for the Oracle Database
Source Control for the Oracle DatabaseSource Control for the Oracle Database
Source Control for the Oracle Database
 

Similaire à nexB Software Audit M&A: What to expect as a Seller

Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principlessaurabhshertukde
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Protecode
 
Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit? Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit? Tiberius Forrester
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeEmerasoft, solutions to collaborate
 
Streamline Open Source Compliance with Package Pre-Approval
Streamline Open Source Compliance with Package Pre-ApprovalStreamline Open Source Compliance with Package Pre-Approval
Streamline Open Source Compliance with Package Pre-ApprovalProtecode
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Source Code Control Limited
 
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Mindtrek
 
Everything you need to know about your open source support contract
Everything you need to know about your open source support contractEverything you need to know about your open source support contract
Everything you need to know about your open source support contractRogue Wave Software
 
Software Engineering- Requirement Elicitation and Specification
Software Engineering- Requirement Elicitation and SpecificationSoftware Engineering- Requirement Elicitation and Specification
Software Engineering- Requirement Elicitation and SpecificationNishu Rastogi
 
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...Black Duck by Synopsys
 
Open Source Software - What is it?
Open Source Software - What is it?Open Source Software - What is it?
Open Source Software - What is it?Johan Linåker
 
Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software auditsTiberius Forrester
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev opsLen Bass
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software EngineeringSweta Kumari Barnwal
 
UNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptx
UNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptxUNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptx
UNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptxLeahRachael
 
Chapter 7 Development Strategies
Chapter 7 Development StrategiesChapter 7 Development Strategies
Chapter 7 Development StrategiesMeryl C
 

Similaire à nexB Software Audit M&A: What to expect as a Seller (20)

Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough?
 
Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit? Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit?
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
 
Streamline Open Source Compliance with Package Pre-Approval
Streamline Open Source Compliance with Package Pre-ApprovalStreamline Open Source Compliance with Package Pre-Approval
Streamline Open Source Compliance with Package Pre-Approval
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
 
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
Martin von Willebrand - Collaborative Open Source Compliance - Mindtrek 2016
 
Our approach
Our approachOur approach
Our approach
 
Everything you need to know about your open source support contract
Everything you need to know about your open source support contractEverything you need to know about your open source support contract
Everything you need to know about your open source support contract
 
Software Engineering- Requirement Elicitation and Specification
Software Engineering- Requirement Elicitation and SpecificationSoftware Engineering- Requirement Elicitation and Specification
Software Engineering- Requirement Elicitation and Specification
 
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
Winning the Cage-Match: How to Successfully Navigate Open Source Software iss...
 
Open Source Software - What is it?
Open Source Software - What is it?Open Source Software - What is it?
Open Source Software - What is it?
 
Requirement engineering
Requirement engineeringRequirement engineering
Requirement engineering
 
Best practices for simplifying software audits
Best practices for simplifying software auditsBest practices for simplifying software audits
Best practices for simplifying software audits
 
00.pdf
00.pdf00.pdf
00.pdf
 
Introduction to dev ops
Introduction to dev opsIntroduction to dev ops
Introduction to dev ops
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 
Rajesh Paleru
Rajesh PaleruRajesh Paleru
Rajesh Paleru
 
UNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptx
UNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptxUNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptx
UNIT 1-IDENTIFY THE NEED FOR SOFTWARE ENGINEERING DEVELOPMENT.pptx
 
Chapter 7 Development Strategies
Chapter 7 Development StrategiesChapter 7 Development Strategies
Chapter 7 Development Strategies
 

Dernier

FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...amitlee9823
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptP&CO
 

Dernier (20)

FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 

nexB Software Audit M&A: What to expect as a Seller

  • 1. Software Provenance Analysis - Acquisition Due Diligence What to expect as a Seller? © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 2. Agenda • About nexB – What nexB does – Our experience • Software Audit: M&A – Software Analysis Scope – Software Audit Process – Software Audit Tools – Software Analysis Deliverables • Additional Information – Why nexB? – Contact us © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 3. About nexB What nexB does • Enable component-based software development – Software provenance analysis services – Software asset management tools © 2014 nexB Inc. All rights reserved. Confidential and proprietary • Software audit services – Acquisitions – Software product releases • Expertise in all software IP• Active OSS developers
  • 4. About nexB Our experience is our difference • Recognized by the buyers and target companies as: – experts in software origin analysis – a fair and trusted intermediary • We identifies issues along with practical remediation steps • 350+ software audit projects completed to-date © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 5. Software audit: M&A Software Analysis Scope Commercial Code © 2014 nexB Inc. All rights reserved. Confidential and proprietary Original Code Open Source Code
  • 6. Software audit: M&A Software Audit Process © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 7. Software audit: M&A Step 1: Preparation - 1 week (1/2) • Establish NDA with your company – Two-way (nexB/Seller) or Three-way (nexB/Seller/Buyer) • Understand our Software Audit Process – One hour or less conference call to go through the audit steps with you and your team è Many sellers can be anxious about the process, we understand: – General level of anxiety is inversely proportional to prior M&A experience of executives – We do help you understand our process to make you comfortable © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 8. Software audit: M&A Step 1: Preparation (2/2) • Scope the audit effort – Comprehensive questionnaire provided by nexB – Size of code base – number of files and lines of source code – Disclosure of known third-party and open source software – Architecture and software development process documentation è No extra work needed! – The quality of the disclosures you provide is essential, however we do not ask you to create special documentation for the only purpose of the audit project © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 9. Software audit: M&A Step 2: Software Analysis – 2 weeks (1/3) • After nexB has access to the code, we schedule a telephone interview: – One hour or less – Involved your senior technical contact(s) – Goal is to understand your development process and open source and third party policies in greater details è We limit our demands on your team because we know you are always over-tasked during acquisition due diligence. – During the project, we will need responses to ad-hoc technical questions within 24 hours (usually via email) © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 10. Software audit: M&A Step 2: Software Analysis (2/3) • Analysis Activities: – Discovery: scan files for license and copyright texts – Identification: match target code to reference code repository for origin and license detection (based on digital “fingerprints”) – Map deployed code to development code to validate that you are auditing the right code ( i.e. the deployed/distributed code) – Analyze software interaction and dependencies patterns for copyleft-licensed components (with specifics on Linux) © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 11. Software audit: M&A Step 2: Software Analysis (3/3) è Results: – Software Inventory and Bill(s) of Materials – Draft findings & recommendations © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 12. Software audit: M&A Step 3: Review & Report – 1 week (1/2) • Activities: Draft report – Remediation actions – specific and actionable, that make business and technical sense – Recommendations for code management policies and processes – Review draft with engineering/product team: we need your review of the draft report documents (24 hour turnaround) before we share it with the buyer – Incorporate feedback and answers where appropriate © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 13. Software audit: M&A Step 3: Review & Report (2/2) Results • Final Software Inventory / BOM spreadsheets • Final Report - narrative with executive summary, project data and summary of the Action items and Responses © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 14. Software audit: M&A Software Audit Tools • nexB typically uses a combination of tools for a software audit – Our own DejaCode™ toolkit is the primary tool – Other tools used as needed or as licensed by a customer (open source or commercial) • Multiple layers of analysis – Discovery: direct scan for license and copyright notices – Identification: component matching for open source and publicly available third-party components (freeware/proprietary) – Analysis of source code and pre-built libraries (binary) – Interaction and dependency analysis as needed • Review and validation by software experts • All require expert humans to interpret the results! © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 15. Software audit: M&A Software Analysis Deliverables • Complete inventory of OSS and third-party components in Development codebase(s) • Bill of materials for Deployed product components • Specific Action items and recommended actions for resolution that can be factored into the deal terms – Including possible exposure for older product versions – Detailed analysis for copyleft “contamination” • Checklist of commercial components as input to due diligence for contract review • Analysis of how much code is original versus borrowed (OSS) or purchased (Commercial) © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 16. Additional Information Why nexB (1/2) 100% of our customers are repeat customers and references We have a balanced approach – Automated code analysis AND analysis by software experts – Direct consultation with engineering, management and legal teams – Concrete Action items with recommended nexB action resolution and seller Responses © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 17. Additional Information Why nexB (2/2) • Trusted third party – Mitigates confidentiality concerns of a seller company – Maintains proper segregation of information during acquisition negotiations – Enables objective analysis with appropriate consideration of feedback from all parties © 2014 nexB Inc. All rights reserved. Confidential and proprietary
  • 18. Additional Information Contact us Contact person: Pierre Lapointe, Customer Care Manager plapointe@nexb.com + 1 415 287-7643 More information: http://www.nexb.com/ © 2014 nexB Inc. All rights reserved. Confidential and proprietary