New Tech Due Diligence Service by FossID to Meet Trend of Higher Volume Yet Lower Value in M&A Deals

FossID, a leading provider of open source software risk management technology and services, announced today the availability of Open Source Insights, a lightweight and simple-to-execute software risk audit powered by FossID Workbench, a Software Composition Analysis (SCA) toolset. 

Following a steep decline in M&A activity in 2023, deal volume and value are on the upswing. However, with increased regulatory scrutiny on mega deals, many acquirers have begun to consider the risk and cost of a deal much more closely. 

The resurgent M&A market has evolved to put greater emphasis on generating both growth and cost savings.  

In terms of software technical due diligence, these conditions have translated to a greater demand for faster turnaround, lower cost, and less friction in the process. 

“We’re seeing a lot of demand from acquirers and investors for more sophisticated approaches to tech due diligence,” said Stuart Dross, Chief Executive Officer of FossID, “software audits are needed on very short notice and with varying degrees of detail appropriate for smaller deals.” 

FossID has offered open source software (OSS) audits for technical due diligence since its founding by staffing a team of expert software auditors working with their SCA tooling, FossID Workbench. To meet demands for confidentiality and speed, FossID pioneered the “blind audit” technique which allows for conducting a source code audit without direct access to the source code. 

By utilizing digital fingerprints in the form of one-way hash sums instead of examining the source code directly, FossID auditors can deliver open source audits without the target sharing their source code, therefore avoiding legal complications and eliminating the need for on-site travel. By not requiring the target code owner to share their source code, FossID greatly reduces the level of effort, people involved, complexity, and disruption of a traditional code audit. 

The new Open Source Insights service, together with FossID's blind audit capability, fills a gap in the market for acquirers who need to understand the open source posture of their target, but may not have sufficient time or budget to run a full-blown forensic source code audit. The Open Source Insights report can be completed in just one or two business days and provides a snapshot of the OSS-related risk associated with the code so that acquirers can determine if a full Open Source Audit is justified. 

Once the digital fingerprint of the target’s code is received, the codebase is analyzed in FossID Workbench leveraging an extensive OSS knowledge base and recently announced ID Assist, and then reviewed by an expert open source auditor. The acquirer is provided with the finalized reports along with a debriefing of the findings and recommendations. 

The Open Source Insights service by FossID is fully available now. Learn more at https://www.fossid.com/service/open-source-insights.  

About FossID 

FossID provides software risk management solutions that enable enterprises to leverage open source, third-party, and AI-generated code with confidence. Powered by FossID Workbench, a Software Composition Analysis (SCA) toolset, FossID also provides open source audit, technical due diligence, and code review services to help clients manage legal, security, and operational software supply chain risk.  

Learn more: https://www.fossid.com 
Follow us: Blog | LinkedIn | X | GitHub 

Media Contact 

Aaron Branson 
FossID Media Relations 
[email protected]  

Source: FossID

Share:


Tags: due diligence, mergers and acquisitions, open source software, software composition analysis, software supply chain


About FossID

View Website

FossID’s Software Composition Analysis (SCA) toolset finds all of the open source and third-party software in your code and highlights critical security vulnerabilities, license restrictions, and policy violations.

FossID
Gåsgränd 3
Stockholm
111 27
Sweden