Pre-deal and post-deal assistance for open source license compliance and vulnerability management
Why does it matter?
The use of open source software (OSS) is becoming increasingly prevalent in today’s development environment, with estimates ranging from 50% of the entire code base to as high as 85% to 90%. With such proliferation of OSS components in today’s code bases, it is imperative that OSS due diligence be performed when the target is a technology company or has external-facing technology products and applications.
Pre deal, corporate buyers and private equity (PE) firms need to have a detailed understanding of their targets’ OSS assets to understand the various license and security risks. Post deal, they need to ensure that these risks are being addressed and managed effectively.
KPMG Open Source Advisory Services assists global corporate and PE buyers to discover and understand the use and impact of OSS components in their target’s applications. Utilizing Flexera’s FlexNetTM Code Insight tool, we conduct a thorough scan and review of the target’s critical code. Our approach strategically aligns with a buyer’s business priorities, compliance, and security needs.
Coming out of the review, buyers will get a detailed software bill of materials (BOM) of the target’s critical product and application code base. This will provide the buyer with a deep understanding of the OSS foot print, known vulnerabilities that may need to be patched, and risks around licensing that may need to be addressed.
In addition, we can analyze the target’s OSS usage maturity to similar organizations as compared to the leading industry practices and develop a roadmap to move it up the OSS usage maturity scale. Accordingly, we can help buyers establish or enhance the target’s open source governance, policy and processes and supporting technologies.
Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities. Any trademarks or service marks herein are the property of their respective owners.