PUBLICATION

Assessment of Open Source Practices as Part of Due Diligence in Merger and Acquisition Transactions

Download Report

Assessment of Open Source Practices as Part of Due Diligence in Merger and Acquisition Transactions

A Contribution to the OpenChain Project

This open source merger and acquisition (M&A) assessment checklist is intended as a tool to help evaluate the open source practices of an organization as part of the due diligence process. The checklist presents a set of recommended practices distilled from the experiences of organizations committed to encouraging the use of open source while fully complying with license obligations.

The checklist explores the following areas as part of this due diligence process:

  • Discovery of open source software in code bases
  • Review and approval of open source use
  • Satisfaction of open source license obligations
  • Overseeing community contribution to open source projects
  • Process adherence audits
  • Open source policy
  • Appropriate staffing for compliance execution
  • Adaptation of business processes to accommodate open source specific requirements
  • Training
  • Verification practices
  • Compliance process management
  • Maintaining inventory of open source software
  • Automation and tool support for large scale use, consumption, and compliance