process risk m and a

Making intelligent tradeoffs in software due diligence

Wednesday, February 07, 2024

Engineers tend to see the world in terms of tradeoffs. Certainly, successful product or solution design requires a clear understanding of the problem to be solved and the associated constraints, and then making informed tradeoffs to solve the problem within the constraints. Tradeoff thinking also applies to successful software due diligence. The purposes of due diligence …

Whose IP is it anyway? Introducing Synopsys AI code analysis API

Wednesday, August 16, 2023

With generative AI tools like ChatGPT, GitHub Copilot, and Tabnine flooding the software development space, software developers are quickly adopting these technologies to help automate everyday development tasks. And the use of these AI tools is continuing to expand exponentially, as evidenced by a recent Stack Overflow survey that found an overwhelming 70% of its 89,000 respondents …

Software risks and technical debt: The role of process in determining good software

Wednesday, March 15, 2023

Understanding how software is developed and the areas impacted by technical debt can help lawyers and investors assess software risks during an M&A. Insight into how software is developed and what kinds of issues can lurk in a codebase enables businesspeople and lawyers to better understand software risks and how to mitigate them. Disciplined development …

The top three differences between an open source audit and an open source scan

Wednesday, December 14, 2022

Understanding the differences between an open source audit and an open source scan will help you determine which approach is best for your organization. One of the biggest challenges of helping organizations determine the correct approach to managing their open source usage is the range of risk profiles, standards, and even definitions of “audits” and …

Custom and variant licenses: What’s in the fine print?

Wednesday, December 07, 2022

An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code. That’s table stakes to providing analysis about …

I have my Black Duck Audit reports; What’s next?

Wednesday, November 23, 2022

Get the most out of your Black Duck Open Source Audit by understanding the report components and next steps you need to take. Black Duck® Open Source Audit reports provide a tremendous amount of information. We have been performing audits and delivering results to customers for over 15 years, and we continue to seek to …

2022 OSSRA report

2022 OSSRA discovers 88% of organizations still behind in keeping open source updated

Thursday, May 05, 2022

Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2022 OSSRA report. It’s the time of the year when Spring is springing, and we release the annual Synopsys Open Source Security and Risk (OSSRA) report, with the 7th edition of OSSRA out this week. This year’s …