KPMG Open Source Software capabilities | KPMG | US
Share with your friends

Software composition analysis | KPMG capabilities

Software composition analysis | KPMG capabilities

Open source license compliance and vulnerability management




KPMG in the U.S.


Related content


Open source license compliance and vulnerability management - Why does it matter?

Today, developers are leveraging more than 50 percent of open source software (OSS) in their proprietary applications. This speeds up time to market, drives innovations, and revolutionizes the technology world.

In this new environment, security vulnerabilities, data breaches, and compliance lawsuits are real concerns. Organizations have to manage OSS assets proactively to manage security and license risk.

With the proliferation of OSS components in today’s development environment, it is imperative that regular and timely audits are conducted of software developed, used, and distributed by the organization to detect vulnerability and compliance risks.

Powered by Flexera’s FlexNet Code Insight, KPMG software composition analysis assists global organizations in discovering and understanding the use and impact of OSS components in their applications. We conduct OSS audits of an organization’s most critical code. Our approach strategically aligns with our clients’ business priorities, security, and compliance needs.

Coming out of the audit, organizations will get a detailed software bill of materials (BOM), with a deep understanding of the footprint of OSS, any known vulnerabilities that need to be patched, and risks around licensing that need to be addressed. These are essential for all organizations that build software. It is especially imperative for technology firms to include this as part of the technical due diligence process prior to making a software-related acquisition.

Our services

KPMG software composition analysis is based on Flexera’s FlexNet Code Insight (formerly Palamida) platform.

  • M&A due diligence: Preacquisition due diligence (OSS license obligation), postacquisition deep dive (OSS license obligation/ vulnerability detection assessment).
  • Baselines/investigations: Software bill of material (BOM), OSS license obligations, vulnerabilities detection, and SDLC process reengineering to embed continuous OSS usage monitoring.

Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities. Any trademarks or service marks herein are the property of their respective owners.

Connect with us


Request for proposal