Software due diligence is an all-important aspect of any merger and acquisition (M&A) transaction, and in the tech M&A world, a target’s software assets are a significant part of the valuation. This due diligence process should identify a target company’s open source license obligations, application security and code quality risks, and the organization, processes, and practices that compose the software development life cycle.

🕵️‍♂️ Embarking on your journey and learning how to contribute to open source is an exciting step towards honing your programming skills, collaborating with experts, and giving back to the global developer community. However, the challenge often lies in finding the right project to kickstart your open-source journey.

Open source software (OSS) has driven technological growth for decades due to its collaborative nature and ability to share information rapidly. However, major OSS security vulnerabilities like Log4j, Heartbleed, Shellshock and others have raised concerns about the security and sustainability of similar projects. At the same time, major open source-based companies have changed their OSS licenses, like MongoDB, Elastic (formerly ElasticSearch), Confluent, Redis Labs and most recently, HashiCorp.

Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing engagements in several ways. Today, let me highlight two areas: Leaked Credentials and Files. As part of any security engagement, it is ideal, if not essential, that we look up our target’s leaked credentials and files, as many clients do not have a high level of visibility or awareness in this area.

New Synopsys Black Duck® engagement summary report summarizes a breadth of insights across all domains of software due diligence.

Open-source cybersecurity tools offer a prime solution for independent security experts, emerging businesses, and even medium to large enterprises aiming to tailor their security framework. These tools serve as a foundational platform for fostering security advancements, integrating proprietary software code and security automation scripts.

You don’t need us to tell you that open source software is becoming a very significant percentage of commercial software codebases. Open source components are free, stable, and enable you to focus your resources on the innovative and differentiated aspects of your work. But as the use of open source components increases, compliance with open source licenses has become a complex project of growing importance. So how can you stay on top of compliance and what tools are out there to help?

You may have heard that 1Password beta testers can sign into websites using passkeys stored in their vaults. We’re actively developing the internal library powering passkey authentication, and now we’re open-sourcing it!

Numerous inventive security solutions offered by open source software (OSS) remain untapped by the U.S. government. OSS refers to software for which the source code is accessible, allowing for its use, modification, and distribution. Dynamic OSS projects yield swift advancements and promote inclusive development, rendering them more adaptable to specialized demands. In cases where adjustments are necessary, the code can be accessed and modified accordingly.

It is not very often that we see cybersecurity vendors put aside competitive differences and ambitions to work towards a common goal that benefits the entire cybersecurity community. The Open Cybersecurity Schema Framework (OCSF) has shown to be an example of a productive industry-wide collaboration to facilitate a more secure environment for businesses, governments and individuals all over the globe.