Open Source Risk Audit


Free and Open Source Software Audit (FOSS)

Most companies will use open source software when creating their own product. If you're investing in a software company, you need to know what you're buying. Nearly all software companies will use Free and Open Source Software (FOSS) to help build out their products.

But not all developers will keep track of the software they use of read the licence properly. It’s important that licenses and compliance are implemented correctly. But as a software project grows, those tasks can get tricky. Staying legal can be a challenge for most software teams.

Failing to implement FOSS code correctly can render commercial code useless as Open Source rules can apply that any adaptation of that code should also then be submitted back into the open project it came from to help benefit others.

Why get a FOSS audit?

If a developer has used a licence that require costs per use or for any changes to the code to be submitted back to the open source project this could mean increased costs or render the IP useless.

During development developers can find code from around the web that help them build a solution quickly and get the results they need fast. This often means using open source code which is fine, but it is rarely documented properly and can cause issues further down the line.

Some questions that need to be addressed are:

  • What open source has been used?
  • Where is it used?
  • What license does it use?
  • Is it secure?

FOSS audit

We can provide FOSS audits for companies wanting to identify all open source software and licences in their code base in order to better manage it going forward.

The software we use to identify and catalog the open source code can also then be used to continue managing the open source register.