Open source audits
The adoption of open source software has helped every team deliver value faster but the variety, volume, and risks have also grown, leading organizations to look inward to meet legal and compliance obligations and eliminate security risks. The OpenLogic application audit service analyzes internally-developed software for both known and unknown open source packages to create complete bill of materials (BOM) and bill of licenses for open source components, helping you understand the scope and depth of usage.
Once scanned, Rogue Wave aggregates the information and creates comprehensive reports to give companies the information they need to make informed decisions about distribution, security issues, and legal considerations.
Open source license compliance
Without a comprehensive understanding of the open source packages and licenses embedded in your applications, companies that distribute software or products containing software may be at risk of violating the legal obligations of one or more licenses. Our OpenLogic application audit service helps enterprises understand the license obligations that come with the open source software used in products they distribute.
Going one-step further, the Compliance Checklist service provides the critical information that organizations need to fulfill their open source license compliance requirements. This is essential for companies that distribute software – or products containing software – and need to assure license compliance. The Compliance Checklist service does just that - it provides the framework to verify OSS license compliance. With this service, you avoid customer objections and potential litigation.
Open source M & A and legal audits
Open source licenses used in acquired intellectual property have a significant impact on the valuation of the company. Whether for internal audit purposes or a Merger and Acquisition (M & A) transaction, our M&A Open Source Audit service provides technical and legal stakeholders with a detailed scan of software assets to identify open source. It offers a due diligence report that includes a complete list of open source packages and licenses that were found along with the relevant obligations that must be followed to ensure license compliance.
During an M&A transaction, it’s critical for both sellers and buyers to understand the IP profile of any software assets, including information about any open source software that may be included in proprietary code. Buyers can leverage the M&A Open Source Audit service to identify intellectual property conflicts and ensure that they understand any embedded open source licenses and obligations. Sellers can use the M&A Open Source Audit service to provide accurate disclosures and ensure mergers and acquisitions move forward smoothly and without asset devaluation.
OSS application security
The open source software (OSS) bill of materials (BOM) delivered in our OSS audits provide a list of the OSS components that are part of the codebase. These components may have known security vulnerabilities associated with themand it’s critical for an organization to quickly identify and remediate any such threats to avoid the financial, reputation, and regulatory damages associated with security breaches. Our OSS audit experts help CISO and development teams prioritize and identify the security risks hiding in their code bases. The audit consultants review the National Institute of Standards and Technology (NIST) Vulnerability Database to provide a risk assessment of the discovered OSS software components allowing you to develop a remediation plan and prioritize based on severity.