Assessment of Open Source Practices as Part of Due Diligence in Merger and Acquisition Transactions
A Contribution to the OpenChain Project
This open source merger and acquisition (M&A) assessment checklist is intended as a tool to help evaluate the open source practices of an organization as part of the due diligence process. The checklist presents a set of recommended practices distilled from the experiences of organizations committed to encouraging the use of open source while fully complying with license obligations.
The checklist explores the following areas as part of this due diligence process:
- Discovery of open source software in code bases
- Review and approval of open source use
- Satisfaction of open source license obligations
- Overseeing community contribution to open source projects
- Process adherence audits
- Open source policy
- Appropriate staffing for compliance execution
- Adaptation of business processes to accommodate open source specific requirements
- Training
- Verification practices
- Compliance process management
- Maintaining inventory of open source software
- Automation and tool support for large scale use, consumption, and compliance
Latest posts by The Linux Foundation (see all)
- Dent Introduces Industry’s First End-to-End Networking Stack Designed for the Modern Distributed Enterprise Edge and Powered by Linux - 2020-12-17
- Open Mainframe Project Welcomes New Project Tessia, HCL Technologies and Red Hat to its Ecosystem - 2020-12-17
- New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security - 2020-12-08