The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

Why nontechnical organizations need due diligence

Don Mulrenan

Jul 14, 2023 / 2 min read

Banking and finance, manufacturing, healthcare, automotive, construction, entertainment, education, hospitality. The landscape of industries that historically are not driven by technology continues to shift and shrink.

As just one example, 40 years ago, automobiles leveraged purely mechanical means to get us to our destination. According to IBM’s Research Insights report, “Automotive 2030: Racing toward a digital future,” 90% of innovation for vehicles will be software-driven. It’s hard to get a solid number on how much code is in a car, but a decade ago, 100M lines was thrown around by Doug Newcomb of Wired. And it’s estimated that it’s about twice that today. So yes, the minivan that gets your kids to sporting events has many times more microprocessors and software onboard than Apollo 11 did, and even more than today’s commercial airplanes. I recently heard a Tesla referred to as “a PC with wheels.”

On the healthcare front, when my daughter was diagnosed with Type 1 diabetes, her mother and I constantly had to prick her fingers, calculate insulin, and then give injections four or more times a day. Now she has a continuous glucose monitor that measures her blood sugar levels, and a tiny tubeless pump that communicates directly with the monitor to dispense insulin as needed. Technology has had an immeasurable impact on her quality of life. She can monitor, measure, and manage her blood glucose via software on her phone that communicates with her medical devices. Providing additional comfort to her parents, the software enables us to be aware of any potential issues as well.

In addition to these lower-tech, mechanical products becoming high tech and heavily software-dependent, there are also plenty of industries with nonphysical products that have become very software dependent. Banks, insurance companies, and retailers today are all heavily software-driven, and many employ large development teams.

The fact is, technology and software impact businesses regardless of industry or product. Which is why a strategic acquirer or private equity firm acquiring a company needs to add software assessment to its due diligence playbook. And the need to account for software impact in terms of an acquisition or investment continues to grow. Black Duck® audit customers leverage our software due diligence services to gain the crucial information we provide in a variety of areas.


Design and code quality

Code should be well organized, hierarchical, and modular. Absent that, the software can be very difficult to improve and maintain. Will changes in one functional area cause errors or crashes in another? Lots of bugs equates to loss of time and money by requiring resources that are better invested elsewhere. And it’s vital to ensure that clear coding standards been implemented in the code to keep it easy to maintain.

Security

Companies strive to make software products easy to access and use. Consequently, security concerns have increased exponentially, and software breaches and vulnerabilities can be catastrophic. It’s crucial to understand whether the software has been created and tested using modern security practices—or whether it is easy prey for hackers.

Open source and third-party software compliance

Leveraging open source software enables very small development organizations to accomplish large, complex tasks quickly. However, that code comes with inherent risks, including restrictive licensing terms and software vulnerabilities. How well-vetted is the third-party software at the heart of the code?

Summary

The Black Duck audit group often works with customers that may not readily come to mind when thinking of tech. The software may not be performing high-stakes tasks like assuring the health of a loved one or measuring flow and pressure rates for oil field pipelines, but it’s still a vital part of the investment in an acquisition. Our services provide insight and confidence in the timeframe our customers require to inform and ensure successful transactions.

Continue Reading

Explore Topics