Sign up for a FREE trial and try out SOOS's new container scanning tool today!

SOOS

Determined Businessman

Things to Worry About in Software M&A

Open Source Software Solutions

Mergers between and acquisitions of software companies occur with great frequency in the current tech market. They are a high stakes process, with a lot on the line for all parties involved.

Public companies who are conducting software M&A deals must invest their capital wisely to maximize stock value, as the reputation of the company’s management may be at stake if an investment turns out to be a poor one. On the opposite side, if the software M&A process goes smoothly and quickly, the sellers can set themselves up for the future financially, and many sellers want to move onto the next project they’re working on.

Unfortunately, the software M&A process isn’t without risks. Many issues can arise before closing to spoil a deal, or even after the deal is closed to negatively affect one or more parties. For sellers, if a deal is closed, most of the time they’ll have no regrets or issues, as the project is now out of their hands, and they’ve been compensated for it accordingly. However, if a deal falls through, this can have lasting damaging effects on the selling company and its reputation.

For buying companies, if the deal falls through, there aren’t many concerns or regrets other than potential wasted time and energy, but they may be at risk of becoming “contaminated” by seeing too much of the seller’s IP. However, most of the issues for the buyer arise if they have purchased a company or its IP that has problems with legal risks, open source usage, or software quality.

Legal Risks of Software M&A

Legal risks can come in several forms for both buyers and sellers. The first issue can occur when a merger or acquisition falls through part way through the deal. Sometimes, when looking at a target’s processes, architecture and code, the information discussed or revealed can get too confidential. If a seller shows too much of their behind-the-scenes process or code and the deal falls apart, both parties are at risk.

The seller is at serious risk of their intellectual property being stolen by the potential buyer, as the buyer has now seen how the target software operates and can potentially create their own version of the software with similar code. In theory, the buying company would be sued by the seller for IP theft, but there are no guarantees that the case will be won by the seller, and if it isn’t they’ll have a new rival in their field. On the other side, buyers can be “contaminated” by seeing too much of the seller’s IP. If they release similar software in the future, even if it isn’t meant to emulate the target’s code, they’ll likely be accused of IP theft.

For the sellers, this means that withholding some of the details, including actual source code and some internal practices, can be a very smart move to protect themselves. If they keep important IP unrevealed, there is little to no chance that the buying company can potentially steal IP or be “contaminated”. This also exemplifies why it is in the best interests of both parties to use a third party when conducting due diligence, as a third party insulates the buyer from IP theft accusations and dramatically reduces the risk of a seller’s ideas or products being stolen or copied.

Other legal issues often arise from the misuse of open source components, or the violation of open source licenses. According to a 2018 audit from Synopsys, 85% of over 1200 commercial codebases that were audited contained components with license issues, and 38% contained unlicensed components for which the seller had no rights. These companies can end up in severe legal trouble if they do not rectify these issues, potentially even facing lawsuits and the loss of their IP.

Open Source Use  and Software M&A Risk

Most software developed today is a mix of open source, third-party and proprietary software. As long as licenses are complied with, open source usage can be highly beneficial to most companies, as it can save time and energy by replacing in-house coding with open source software components that are already complete and available. Unfortunately, strict open source licenses can diminish or entirely eliminate the commercial value and viability of software, particularly when open source licenses prevent the commercial distribution of code containing certain open source components. If a company seeking a merger or acquisition has intentions of commercially distributing a program containing open source software with this type of license, it can render the deal useless.

Failure to comply with these licenses can result in license notices ordering a company to bring open source use within license compliance, which can lead to legal disputes if not adhered to. Unfortunately, bringing open source use back within license compliance can be an incredibly difficult task if done manually, as developers will often have many licenses and components to review, which can be a time consuming and inaccurate task. The alternative, however, could be facing lawsuits, damage to the company’s corporate reputation and loss of IP. For buyers, acquiring or merging with a company with open source licensing issues can create crushing amounts of extra work, and is often inadvisable. Selling companies must be aware of this, and must ensure their open source use adheres to license requirements if they want to be prepared for M&A.

Software Quality and Software M&A

Software quality issues can be another serious concern for buyers in software mergers and acquisitions, despite not having the immediate impact of other risks listed so far. Bad software quality can be a “gift that keeps on giving” in the worst way possible, as non-modular, low quality code can be very difficult to maintain. Low quality code can make it difficult to add features, fix bugs or patch vulnerabilities in the code. This creates technical debt, requiring developers to do work that adds no value to the code or company just to keep the code functioning, including difficult bug fixes, brittle code maintenance and code refactoring. The impact of low software quality can be severe enough that developers who work on poorly structured codebases can be 60% less productive than developers working on well structured codebases. If a buying company is unaware of the software quality, they leave themselves vulnerable to being blindsided with a nasty surprise.

Failed Software M&A Deals

Particularly for target companies on the selling side, failed deals can have serious consequences in multiple forms. Wasted time and resources is an obvious issue, as it can take a lot of time and energy to assemble and organize materials for due diligence. If the deal falls through, the selling company and its employees will have wasted a lot of time getting organized, and will have regrets about how it was spent. If that time had been used in other areas, it could have instead gone towards developing entirely new products or programs, as well as patching and fixing current ones.

Additionally, a failed merger or acquisition can tarnish the reputation of the selling company. This can have a lasting impact on the failed seller, as companies who seek to merge with or acquire them in the future may hesitate and think twice about doing so. If another buyer didn’t want to complete the transaction, questions can quickly arise about what was wrong, and if future interested parties should be concerned.

A Software M&A Solution: Due Diligence

Software due diligence can solve several of these problems, or at the very least make both parties aware of issues that could arise.

The software due diligence process investigates the company’s software, processes and architecture, revealing unknown issues and seeking to provide resolutions to problems that are found. In theory, a good, detailed due diligence process cultivates trust and understanding between the buying and selling companies. Particularly when performed by a third party with expertise reviewing tech companies, due diligence can identify issues with open source use and software quality and propose suggestions for how to fix any found issues, all while protecting buying companies from “contamination” and selling companies from risk of IP theft.

Another Useful Software M&A Tool: Automated OSS Security Software

Another incredibly valuable tool, particularly for sellers, is automated OSS security software like SOOS. This software can automate open source management, including monitoring license requirements and your compliance with them, helping to minimize the possibility that deals fall through due to open source risks. Even if the software wasn’t used as open source components were integrated into your software project, SOOS can help your developers get organized in preparation for M&A.

Check out more articles

The Purpose and Process of Software Due Diligence

The Purpose and Process of Software Due Diligence

Exploring DevSecOps

Exploring DevSecOps

Managing OSS for Mergers and Acquisitions

Managing OSS for Mergers and Acquisitions

Open Source Licenses Types and Issues (OSS)

Open Source Licenses Types and Issues (OSS)

Shifting Security Left

Shifting Security Left

What Is Bower?

What Is Bower?

npm vs Yarn

npm vs Yarn

Bower vs NPM

Bower vs NPM

What Is Bower Used For?

What Is Bower Used For?

BSD vs MIT License

BSD vs MIT License

Sooster

Don’t ignore your open
source code any longer

Sign up now