SlideShare uma empresa Scribd logo

Technical Due Diligence for M&A: A Perspective from Corporate Development at SAP

Transferir como PPTX, PDF
Black Duck by Synopsys
Black Duck by Synopsys

This webinar focuses on the issues related to improper use of open source software and how this can impact M&A and other partnering opportunities. Attendees will learn techniques to uncover potential issues and the benefits of properly managing your software assets to minimize delays and risks. Russell Hartz of SAP’s Corporate Development organization discusses their strategy and perspective on the subject and how they approach this kind of technical due diligence.

NegóciosTecnologia
1 de 25
Technical Due Diligence for M&A: A Perspective from Corporate Development at SAP
Speakers Peter Vescuso EVP of Marketing & Business Development, Black Duck Software Hal Hearst Sr. Director, Olliance Group Russell Hartz Corporate Development, SAP
Agenda Market trends Why technical DD is needed M&A Issues How it works Code Scanning Analysis SAP: Perspective from a Major Acquirer Summary Note: All registered participants will receive a follow-up email with a copy of the slides and a link to the webinar recording.
Market Trends Open source is becoming pervasive and ubiquitous It’s in your phone, your HD TV, your printer, your web browser, Google, Amazon, Twitter, etc. Gartner reports 85% of enterprises use OSS today Economics of OSS are compelling ,[object Object]
45% use is mission-criticalMarket Need – “Managing Abundance” ,[object Object]
Need: address challenges of Multi-Source development:
Compliance/Management – IP, security, export
Management/Automation – policy, process, multi-source451 Group Survey on OSS Use (December 2009) ,[object Object]
39% of OSS users ranked flexibility as the primary benefit,[object Object]
Universities
Corporate DevelopersRussia Your Software Application Obligations YOUR COMPANY – TOOLS, PROCESSES “Open source is a necessary component of all organizations' supply chain strategies. It is essentially a way to manage cost and mitigate 3rd party dependencies.” Brian Prentice, Gartner Group 5
Why Technical DD is Needed: Issues Open Source Problems Open source issues arise in the development process and software supply chain Discovery of open source post open source representations Anonymous: Entire source code posted on SourceForge Risks Lose deal Delay deal Reduced price/valuation Lost revenue
Why Technical DD is Needed: Issues Use of open source is widespread (despite what your CTO tells you) “A ‘don’t ask, don’t tell’ pact obscures the reality of OSS use” (Jeffery Hammond, Forrester Research,) Major acquirers and licensees are increasingly sensitive to uncertainty in general and this issue in particular (some have separate due diligence process for open source) Difficult to correct problems during merger frenzy Delay may be deadly to the deal
Open Source Licenses Open source licenses give broad rights Copy, modify, redistribute Includes express or implied patent rights But also obligations, which are triggered on distribution not on use Product Risks Uncertain "pedigree" "AS IS“ Copy left nature of GPL & other licenses
Risks of Unmanaged Code Loss of Intellectual Property License Rights and Restrictions Software Defects Export Regulations Injunctions Contractual Obligations Security Vulnerabilities Escalating Support Costs
Software Licensing Violations Software Freedom Law Center gpl-violations.org ,[object Object]
Cisco
Verizon
Monsoon Multimedia
Xterasys
High-Gain Antennas
Bell Microproducts
Super Micro Computer
Motorola
Acer

Recomendados

Lufthansa Reference Architecture for the OpenGroup
Lufthansa Reference Architecture for the OpenGroupLufthansa Reference Architecture for the OpenGroup
Lufthansa Reference Architecture for the OpenGroup
Capgemini
 
Accelerating Digital Transformation through People: Saudi Aramco and GE
Accelerating Digital Transformation through People: Saudi Aramco and GEAccelerating Digital Transformation through People: Saudi Aramco and GE
Accelerating Digital Transformation through People: Saudi Aramco and GE
Francesco Picconi (MSc,Dr)
 
Big Data Reference Architecture for Aviation Domain for Customer Satisfaction
Big Data Reference Architecture for Aviation Domain for Customer SatisfactionBig Data Reference Architecture for Aviation Domain for Customer Satisfaction
Big Data Reference Architecture for Aviation Domain for Customer Satisfaction
hari_surya
 
Robotic Process Automation | Accenture
Robotic Process Automation | AccentureRobotic Process Automation | Accenture
Robotic Process Automation | Accenture
accenture
 
Journey To Cloud – Arrive First with ServiceNow and Accenture
Journey To Cloud – Arrive First with ServiceNow and AccentureJourney To Cloud – Arrive First with ServiceNow and Accenture
Journey To Cloud – Arrive First with ServiceNow and Accenture
Accenture Operations
 
Digital Transformation - Cisco's Journey
Digital Transformation - Cisco's JourneyDigital Transformation - Cisco's Journey
Digital Transformation - Cisco's Journey
Cisco Canada
 
Developing an Aviation Reference Architecture
Developing an Aviation Reference ArchitectureDeveloping an Aviation Reference Architecture
Developing an Aviation Reference Architecture
Capgemini
 
Analytics Implementation Roadmap
Analytics Implementation RoadmapAnalytics Implementation Roadmap
Analytics Implementation Roadmap
Joel Benavidez
 

Recomendados

Lufthansa Reference Architecture for the OpenGroup
Lufthansa Reference Architecture for the OpenGroupLufthansa Reference Architecture for the OpenGroup
Lufthansa Reference Architecture for the OpenGroup
Capgemini
 
Accelerating Digital Transformation through People: Saudi Aramco and GE
Accelerating Digital Transformation through People: Saudi Aramco and GEAccelerating Digital Transformation through People: Saudi Aramco and GE
Accelerating Digital Transformation through People: Saudi Aramco and GE
Francesco Picconi (MSc,Dr)
 
Big Data Reference Architecture for Aviation Domain for Customer Satisfaction
Big Data Reference Architecture for Aviation Domain for Customer SatisfactionBig Data Reference Architecture for Aviation Domain for Customer Satisfaction
Big Data Reference Architecture for Aviation Domain for Customer Satisfaction
hari_surya
 
Robotic Process Automation | Accenture
Robotic Process Automation | AccentureRobotic Process Automation | Accenture
Robotic Process Automation | Accenture
accenture
 
Journey To Cloud – Arrive First with ServiceNow and Accenture
Journey To Cloud – Arrive First with ServiceNow and AccentureJourney To Cloud – Arrive First with ServiceNow and Accenture
Journey To Cloud – Arrive First with ServiceNow and Accenture
Accenture Operations
 
Digital Transformation - Cisco's Journey
Digital Transformation - Cisco's JourneyDigital Transformation - Cisco's Journey
Digital Transformation - Cisco's Journey
Cisco Canada
 
Developing an Aviation Reference Architecture
Developing an Aviation Reference ArchitectureDeveloping an Aviation Reference Architecture
Developing an Aviation Reference Architecture
Capgemini
 
Analytics Implementation Roadmap
Analytics Implementation RoadmapAnalytics Implementation Roadmap
Analytics Implementation Roadmap
Joel Benavidez
 
The Path to Open Banking
The Path to Open BankingThe Path to Open Banking
The Path to Open Banking
MuleSoft
 
Reinventing Enterprise Operations
Reinventing Enterprise OperationsReinventing Enterprise Operations
Reinventing Enterprise Operations
accenture
 
Workday Community Session Final.pptx
Workday Community Session Final.pptxWorkday Community Session Final.pptx
Workday Community Session Final.pptx
RohitRadhakrishnan8
 
Gartner Value in Action Insights
Gartner Value in Action InsightsGartner Value in Action Insights
Gartner Value in Action Insights
Dominique Wilkins
 
The New Cloud Contact Center
The New Cloud Contact CenterThe New Cloud Contact Center
The New Cloud Contact Center
Steve Chirokas
 
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
NUS-ISS
 
Powering B2B Sales with Digital
Powering B2B Sales with DigitalPowering B2B Sales with Digital
Powering B2B Sales with Digital
McKinsey on Marketing & Sales
 
Gartner Overview
Gartner OverviewGartner Overview
Gartner Overview
HernanCampero
 
Contact Center of the Future: Smart, Selective Human Touch in the Digital Age
Contact Center of the Future: Smart, Selective Human Touch in the Digital AgeContact Center of the Future: Smart, Selective Human Touch in the Digital Age
Contact Center of the Future: Smart, Selective Human Touch in the Digital Age
accenture
 
Digital Transformation Strategy & Framework | By ex-McKinsey
Digital Transformation Strategy & Framework | By ex-McKinseyDigital Transformation Strategy & Framework | By ex-McKinsey
Digital Transformation Strategy & Framework | By ex-McKinsey
Aurelien Domont, MBA
 
Modernizing the Insurance Value Chain: Top Three Digital Imperatives
Modernizing the Insurance Value Chain: Top Three Digital ImperativesModernizing the Insurance Value Chain: Top Three Digital Imperatives
Modernizing the Insurance Value Chain: Top Three Digital Imperatives
Cognizant
 
Accenture Robotics Platform
Accenture Robotics PlatformAccenture Robotics Platform
Accenture Robotics Platform
Accenture Technology
 
Great visual cv with timeline
Great visual cv with timelineGreat visual cv with timeline
Great visual cv with timeline
✔️ Henk de Ruiter
 
Appectual IT Solutions Company Profile
Appectual IT Solutions Company ProfileAppectual IT Solutions Company Profile
Appectual IT Solutions Company Profile
Appectual IT Solutions
 
Modern Marketing: The Case of Microsoft US
Modern Marketing: The Case of Microsoft USModern Marketing: The Case of Microsoft US
Modern Marketing: The Case of Microsoft US
Microsoft
 
Financial Reporting Robotics
Financial Reporting RoboticsFinancial Reporting Robotics
Financial Reporting Robotics
accenture
 
Cloud Journey: Implementation Success
Cloud Journey: Implementation Success Cloud Journey: Implementation Success
Cloud Journey: Implementation Success
Salesforce Partners
 
Product Engineering Services Trends Q2
Product Engineering Services Trends Q2Product Engineering Services Trends Q2
Product Engineering Services Trends Q2
Zinnov
 
RPA delivery life cycle
RPA delivery life cycleRPA delivery life cycle
RPA delivery life cycle
Ritika Raj
 
The BPO Transformation Journey
The BPO Transformation JourneyThe BPO Transformation Journey
The BPO Transformation Journey
Capgemini
 
Technical Due Diligence
Technical Due DiligenceTechnical Due Diligence
Technical Due Diligence
argentieri
 
Sample Due diligence report
Sample Due diligence reportSample Due diligence report
Sample Due diligence report
Rohit Pinto
 

Mais conteúdo relacionado

Mais procurados

Gartner Value in Action Insights
Gartner Value in Action InsightsGartner Value in Action Insights
Gartner Value in Action Insights
Dominique Wilkins
 
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
NUS-ISS
 
Product Engineering Services Trends Q2
Product Engineering Services Trends Q2Product Engineering Services Trends Q2
Product Engineering Services Trends Q2
Zinnov
 
RPA delivery life cycle
RPA delivery life cycleRPA delivery life cycle
RPA delivery life cycle
Ritika Raj
 

Mais procurados (20)

The Path to Open Banking
The Path to Open BankingThe Path to Open Banking
The Path to Open Banking
 
Reinventing Enterprise Operations
Reinventing Enterprise OperationsReinventing Enterprise Operations
Reinventing Enterprise Operations
 
Workday Community Session Final.pptx
Workday Community Session Final.pptxWorkday Community Session Final.pptx
Workday Community Session Final.pptx
 
Gartner Value in Action Insights
Gartner Value in Action InsightsGartner Value in Action Insights
Gartner Value in Action Insights
 
The New Cloud Contact Center
The New Cloud Contact CenterThe New Cloud Contact Center
The New Cloud Contact Center
 
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
 
Powering B2B Sales with Digital
Powering B2B Sales with DigitalPowering B2B Sales with Digital
Powering B2B Sales with Digital
 
Gartner Overview
Gartner OverviewGartner Overview
Gartner Overview
 
Contact Center of the Future: Smart, Selective Human Touch in the Digital Age
Contact Center of the Future: Smart, Selective Human Touch in the Digital AgeContact Center of the Future: Smart, Selective Human Touch in the Digital Age
Contact Center of the Future: Smart, Selective Human Touch in the Digital Age
 
Digital Transformation Strategy & Framework | By ex-McKinsey
Digital Transformation Strategy & Framework | By ex-McKinseyDigital Transformation Strategy & Framework | By ex-McKinsey
Digital Transformation Strategy & Framework | By ex-McKinsey
 
Modernizing the Insurance Value Chain: Top Three Digital Imperatives
Modernizing the Insurance Value Chain: Top Three Digital ImperativesModernizing the Insurance Value Chain: Top Three Digital Imperatives
Modernizing the Insurance Value Chain: Top Three Digital Imperatives
 
Accenture Robotics Platform
Accenture Robotics PlatformAccenture Robotics Platform
Accenture Robotics Platform
 
Great visual cv with timeline
Great visual cv with timelineGreat visual cv with timeline
Great visual cv with timeline
 
Appectual IT Solutions Company Profile
Appectual IT Solutions Company ProfileAppectual IT Solutions Company Profile
Appectual IT Solutions Company Profile
 
Modern Marketing: The Case of Microsoft US
Modern Marketing: The Case of Microsoft USModern Marketing: The Case of Microsoft US
Modern Marketing: The Case of Microsoft US
 
Financial Reporting Robotics
Financial Reporting RoboticsFinancial Reporting Robotics
Financial Reporting Robotics
 
Cloud Journey: Implementation Success
Cloud Journey: Implementation Success Cloud Journey: Implementation Success
Cloud Journey: Implementation Success
 
Product Engineering Services Trends Q2
Product Engineering Services Trends Q2Product Engineering Services Trends Q2
Product Engineering Services Trends Q2
 
RPA delivery life cycle
RPA delivery life cycleRPA delivery life cycle
RPA delivery life cycle
 
The BPO Transformation Journey
The BPO Transformation JourneyThe BPO Transformation Journey
The BPO Transformation Journey
 

Destaque

Sample Due diligence report
Sample Due diligence reportSample Due diligence report
Sample Due diligence report
Rohit Pinto
 
Due diligence slides
Due diligence slidesDue diligence slides
Due diligence slides
Le Tat Thanh
 
Strategy Basecamp's IT Diagnostic - Six Steps to Improving Your Technology
Strategy Basecamp's IT Diagnostic - Six Steps to Improving Your TechnologyStrategy Basecamp's IT Diagnostic - Six Steps to Improving Your Technology
Strategy Basecamp's IT Diagnostic - Six Steps to Improving Your Technology
Paul Osterberg
 
Software audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexBSoftware audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexB
nexB Inc.
 

Destaque (20)

Technical Due Diligence
Technical Due DiligenceTechnical Due Diligence
Technical Due Diligence
 
Sample Due diligence report
Sample Due diligence reportSample Due diligence report
Sample Due diligence report
 
Due diligence checklist
Due diligence checklistDue diligence checklist
Due diligence checklist
 
Due Diligence Best Practices and Pitfalls
Due Diligence Best Practices and PitfallsDue Diligence Best Practices and Pitfalls
Due Diligence Best Practices and Pitfalls
 
Creating A Due Diligence Framework
Creating A Due Diligence Framework Creating A Due Diligence Framework
Creating A Due Diligence Framework
 
IT due diligence and software quality for fintech startups
IT due diligence and software quality for fintech startupsIT due diligence and software quality for fintech startups
IT due diligence and software quality for fintech startups
 
Due diligence slides
Due diligence slidesDue diligence slides
Due diligence slides
 
Due Diligence for Merger & Acquisition, Corporate Restructuring and Takeover
Due Diligence for Merger & Acquisition, Corporate Restructuring and TakeoverDue Diligence for Merger & Acquisition, Corporate Restructuring and Takeover
Due Diligence for Merger & Acquisition, Corporate Restructuring and Takeover
 
Strategy Basecamp's IT Diagnostic - Six Steps to Improving Your Technology
Strategy Basecamp's IT Diagnostic - Six Steps to Improving Your TechnologyStrategy Basecamp's IT Diagnostic - Six Steps to Improving Your Technology
Strategy Basecamp's IT Diagnostic - Six Steps to Improving Your Technology
 
Mercer Capital's Value Focus: Healthcare Facilities | Mid-Year 2014
Mercer Capital's Value Focus: Healthcare Facilities | Mid-Year 2014Mercer Capital's Value Focus: Healthcare Facilities | Mid-Year 2014
Mercer Capital's Value Focus: Healthcare Facilities | Mid-Year 2014
 
nexB Software Audit M&A: What to expect as a Seller
nexB Software Audit M&A: What to expect as a SellernexB Software Audit M&A: What to expect as a Seller
nexB Software Audit M&A: What to expect as a Seller
 
Due diligence report 20150414
Due diligence report 20150414Due diligence report 20150414
Due diligence report 20150414
 
Diligence - A Marketing Plan
Diligence - A Marketing PlanDiligence - A Marketing Plan
Diligence - A Marketing Plan
 
The humane software assessment (Choose Forum 2009)
The humane software assessment (Choose Forum 2009)The humane software assessment (Choose Forum 2009)
The humane software assessment (Choose Forum 2009)
 
Software assessment by example (lecture at the University of Bern)
Software assessment by example (lecture at the University of Bern)Software assessment by example (lecture at the University of Bern)
Software assessment by example (lecture at the University of Bern)
 
Software audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexBSoftware audit for acquisition due diligence with nexB
Software audit for acquisition due diligence with nexB
 
Software assessment and audit
Software assessment and auditSoftware assessment and audit
Software assessment and audit
 
Software assessment essentials (lecture at the University of Bern 2013)
Software assessment essentials (lecture at the University of Bern 2013)Software assessment essentials (lecture at the University of Bern 2013)
Software assessment essentials (lecture at the University of Bern 2013)
 
Assessing youragility
Assessing youragilityAssessing youragility
Assessing youragility
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 

Semelhante a Technical Due Diligence for M&A: A Perspective from Corporate Development at SAP

Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
FINOS
 
How to cut IT costs with open source
How to cut IT costs with open sourceHow to cut IT costs with open source
How to cut IT costs with open source
jontranaes
 
Android for the Enterprise and OEMs
Android for the Enterprise and OEMsAndroid for the Enterprise and OEMs
Android for the Enterprise and OEMs
Black Duck by Synopsys
 

Semelhante a Technical Due Diligence for M&A: A Perspective from Corporate Development at SAP (20)

Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
Safeguarding Against the Risks of Improper Open Source Licensing - Valuable...
 
Rightsizing Open Source Software Identification
Rightsizing Open Source Software IdentificationRightsizing Open Source Software Identification
Rightsizing Open Source Software Identification
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 
How to cut IT costs with open source
How to cut IT costs with open sourceHow to cut IT costs with open source
How to cut IT costs with open source
 
OpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic DownturnOpenLogic - Open Source Cost Savings in Economic Downturn
OpenLogic - Open Source Cost Savings in Economic Downturn
 
Open Source ETL
Open Source ETLOpen Source ETL
Open Source ETL
 
Year 12 D Course Material
Year 12 D Course MaterialYear 12 D Course Material
Year 12 D Course Material
 
Aligning Business Models And Technology Architectures Ore Dev Conferenc...
Aligning Business Models And Technology Architectures Ore Dev Conferenc...Aligning Business Models And Technology Architectures Ore Dev Conferenc...
Aligning Business Models And Technology Architectures Ore Dev Conferenc...
 
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
FLIGHT Amsterdam Presentation - Open Source License Management in the Black D...
 
Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough?
 
Open source software: The infrastructure impact
Open source software: The infrastructure impactOpen source software: The infrastructure impact
Open source software: The infrastructure impact
 
Android for the Enterprise and OEMs
Android for the Enterprise and OEMsAndroid for the Enterprise and OEMs
Android for the Enterprise and OEMs
 
Unlocking Engineering Observability with advanced IT analytics
Unlocking Engineering Observability with advanced IT analyticsUnlocking Engineering Observability with advanced IT analytics
Unlocking Engineering Observability with advanced IT analytics
 
Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
 
Software as a Service
Software as a ServiceSoftware as a Service
Software as a Service
 
Why Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your OwnWhy Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your Own
 
Optimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software ManagementOptimizing The Cost Of Open Source Software Management
Optimizing The Cost Of Open Source Software Management
 
Take Quality Products to Market Faster with Enterprise-Ready Dynamic Languages
Take Quality Products to Market Faster with Enterprise-Ready Dynamic LanguagesTake Quality Products to Market Faster with Enterprise-Ready Dynamic Languages
Take Quality Products to Market Faster with Enterprise-Ready Dynamic Languages
 
SoftwareONE Oracle Licensing Introduction 18.02.14
SoftwareONE Oracle Licensing Introduction 18.02.14SoftwareONE Oracle Licensing Introduction 18.02.14
SoftwareONE Oracle Licensing Introduction 18.02.14
 
Driving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive SoftwareDriving Risks Out of Embedded Automotive Software
Driving Risks Out of Embedded Automotive Software
 

Mais de Black Duck by Synopsys

FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealFLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
Black Duck by Synopsys
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Black Duck by Synopsys
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Black Duck by Synopsys
 
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Black Duck by Synopsys
 

Mais de Black Duck by Synopsys (20)

Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...
 
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...
 
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck HubFLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
FLIGHT WEST 2018 Presentation - Open Source License Management in Black Duck Hub
 
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
FLIGHT WEST 2018 - Presentation - SCA 101: How to Manage Open Source Security...
 
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...
 
Open-Source- Sicherheits- und Risikoanalyse 2018
Open-Source- Sicherheits- und Risikoanalyse 2018Open-Source- Sicherheits- und Risikoanalyse 2018
Open-Source- Sicherheits- und Risikoanalyse 2018
 
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
 
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealFLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your Deal
 
FLIGHT Amsterdam Presentation - From Protex to Hub
FLIGHT Amsterdam Presentation - From Protex to Hub FLIGHT Amsterdam Presentation - From Protex to Hub
FLIGHT Amsterdam Presentation - From Protex to Hub
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
 
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
Open Source Insight: GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...
 
Open Source Rookies and Community
Open Source Rookies and CommunityOpen Source Rookies and Community
Open Source Rookies and Community
 
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...
 
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...
 
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...
 
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...
 
Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...
 
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsOpen Source Insight: Security Breaches and Cryptocurrency Dominating News
Open Source Insight: Security Breaches and Cryptocurrency Dominating News
 
20 Billion Reasons for IoT Security
20 Billion Reasons for IoT Security20 Billion Reasons for IoT Security
20 Billion Reasons for IoT Security
 

Último

GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
kapoorjyoti4444
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
vineshkumarsajnani12
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
jaehdlyzca
 

Último (20)

Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book nowGUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
GUWAHATI 💋 Call Girl 9827461493 Call Girls in Escort service book now
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTSJAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
JAJPUR CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN JAJPUR ESCORTS
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book nowKalyan Call Girl 98350*37198 Call Girls in Escort service book now
Kalyan Call Girl 98350*37198 Call Girls in Escort service book now
 
WheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond InsightsWheelTug Short Pitch Deck 2024 | Byond Insights
WheelTug Short Pitch Deck 2024 | Byond Insights
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in PakistanChallenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
Challenges and Opportunities: A Qualitative Study on Tax Compliance in Pakistan
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 

Technical Due Diligence for M&A: A Perspective from Corporate Development at SAP

  • 1. Technical Due Diligence for M&A: A Perspective from Corporate Development at SAP
  • 2. Speakers Peter Vescuso EVP of Marketing & Business Development, Black Duck Software Hal Hearst Sr. Director, Olliance Group Russell Hartz Corporate Development, SAP
  • 3. Agenda Market trends Why technical DD is needed M&A Issues How it works Code Scanning Analysis SAP: Perspective from a Major Acquirer Summary Note: All registered participants will receive a follow-up email with a copy of the slides and a link to the webinar recording.
  • 4.
  • 5.
  • 6. Need: address challenges of Multi-Source development:
  • 8.
  • 9.
  • 11. Corporate DevelopersRussia Your Software Application Obligations YOUR COMPANY – TOOLS, PROCESSES “Open source is a necessary component of all organizations' supply chain strategies. It is essentially a way to manage cost and mitigate 3rd party dependencies.” Brian Prentice, Gartner Group 5
  • 12. Why Technical DD is Needed: Issues Open Source Problems Open source issues arise in the development process and software supply chain Discovery of open source post open source representations Anonymous: Entire source code posted on SourceForge Risks Lose deal Delay deal Reduced price/valuation Lost revenue
  • 13. Why Technical DD is Needed: Issues Use of open source is widespread (despite what your CTO tells you) “A ‘don’t ask, don’t tell’ pact obscures the reality of OSS use” (Jeffery Hammond, Forrester Research,) Major acquirers and licensees are increasingly sensitive to uncertainty in general and this issue in particular (some have separate due diligence process for open source) Difficult to correct problems during merger frenzy Delay may be deadly to the deal
  • 14. Open Source Licenses Open source licenses give broad rights Copy, modify, redistribute Includes express or implied patent rights But also obligations, which are triggered on distribution not on use Product Risks Uncertain "pedigree" "AS IS“ Copy left nature of GPL & other licenses
  • 15. Risks of Unmanaged Code Loss of Intellectual Property License Rights and Restrictions Software Defects Export Regulations Injunctions Contractual Obligations Security Vulnerabilities Escalating Support Costs
  • 16.
  • 17. Cisco
  • 25. Acer
  • 26. Skype
  • 28.
  • 30. DieboldValuation Infringement Remediation Costs New revenue Support costs Vulnerability
  • 31. Technology Allows Easy Discovery of Unknown Open Source Black Duck Analysis Compare code in target’s code base against comprehensive KB of open source components Generate a software Bill of Materials, identify license obligations and conflict analysis Code Base Validation Server Open Source Report Third Party Code KnowledgeBase License Conflict Bill ofMaterials Internal Code Projects Licenses
  • 32.
  • 37. Code prints of source/binary
  • 39. Addresses the “long tail” of OSS projects
  • 41. Custom code printing to add your own code
  • 43.
  • 44. Source Code Analysis Code matching Compare Code Prints of your source code to the Black Duck KnowledgeBase Detects matches of components, files and code fragments Finds reused code even when altered Reports project / license for confirmation Language independent Dependency analysis Import/include statements Integrated string search Standard string search queries Custom strings Find licenses, copyrights, URL’s, company names, user comments (“taken from”), … Analysis results that are unachievable by a manual process
  • 45. Binary Code Analysis File matching Compares checksum value to the KnowledgeBase Libraries, class files, executables, archives, images, and more. Dependency analysis Detect dependencies embedded in JAR, CLASS, DLL, SO, etc, … Archives and Compressed Files Descends into archive files (zip, jar, tar, war, …) Recursively performs source and binary analysis. -MD5- The Black Duck KnowledgeBase simplifies binary file identification
  • 46. License Analytics Over 2,000 open source and other licenses With full license text Licenses organized according to 24 attributes Rights and obligations to simplify license review Display of license conflicts Automated approval process Obligation fulfillment checklist Add custom licenses Speed license reviews and make better choices, earlier in the development process
  • 47. Remediation Code Audit may reveal issues that need remediation Remediation can be done… Pre-acquisition as a condition of the sale Post-acquisition as part of the integration Primary Concern during Due-Diligence Phase Does the remediation impact valuation? What is cost & effort? Who should do it? When is it done? How much risk is Acquirer taking? Remediation options will depend upon OSS detected (license)
  • 48. What are the Remedies? Conform to the License Verify Compliance to License Obligations Check for File Modifications Confirm file level obligations are met Copyright statements retained Modification notices in place License Text in place Publish / distribute software if necessary Update documentation/splash screens if necessary And a host of others depending upon the license Implement Changes Typically done during Integration (post sale) Change Usage Some obligations depend upon usage scenario Re-architect so usage of component is less integrated Comply with more desirable license terms
  • 49. What are the Remedies? - Cont. Remove Offending Code Black Duck Service can detect “Fossils” Verify code can be safely removed with no impact Typically forced on Sellers Replace Code Replace with other OSS Replace with Commercial Alternative Replace with In-house developed Code Need Clean Room Environment? Can be difficult if OSS component is critical Can be lengthy and expensive
  • 50.
  • 51. > 2,000 OS components identified in target solutionsEcosystem Services and Support Optimize Performance and Balance RiskSAP BusinessObjects Implement Flexible Business Processes SAP Business SuiteSAP Solutions for SME SAP NetWeaver
  • 52. SAP’s Experience with Evolution of Target’s Response to Open Source Due Diligence Past: Skepticism Present: Industry Standard Why is SAP performing OS diligence? Open source due diligence is expected Many questions about process / NDA heavily negotiated Few process questions / little negotiation of NDA Require code scan to be performed on site Allow remote code scan
  • 53. SAP – M&A Due Diligence on Open Source SAP asks targets (typically prior to signing a term sheet): Provide a list of all open source in use Do you have a policy regarding open source use? Do you have a governance process to monitor & control the use of open source in your products? Following execution of a non-binding term sheet, SAP engages Black Duck to scan the target’s code for open source. Scan results are evaluated by SAP’s open source licensing and legal groups prior to finalizing transaction
  • 54. SAP M&A Open Source Evaluation Process Evaluate and categorize risk of open source components used in target’s products High risk components must be removed prior to SAP’s shipment of product post-closing Non-high risk components are dealt with following closing as part of SAP’s standard open source governance process SAP may terminate a transaction evaluation due to the amount of open source found in the target’s code and/or the cost of remediating high risk components
  • 55.
  • 59. Does the license allow for modifications?
  • 60. What terms apply to modifications?
  • 61. Required text for documentation
  • 66.

Notas do Editor

  1. (T/F) – Targets are always eager for a BD Scan?Potential Risks of Unmanaged OSS Code are:Loss of Intellectual PropertyReduced Asset ValuationIncreased Support CostsSecurity VulnerabilitiesNon-Compliance with Export RegulationsAll of the above