Who Ya Gonna Call? Black Duck Audits On Demand

Who Ya Gonna Call? Black Duck Audits On Demand

"We had a client who was doing an acquisition and would have brought you in, but it was too late in the process.”

It’s frustrating to hear that because I bet we could have pulled it off. The reality is that we’re very often brought in late in the process; it’s just the nature of mergers and acquisitions.

Black Duck Audits

Black Duck is the Ghostbusters of open source audits. Roughly 90% of our audit business is in the context of M&A transactions, generally working for strategic or private equity acquirers, although savvy sellers come to us proactively as well. Why do so many companies call Black Duck for help in M&A? We have the scale to mobilize extremely rapidly and apply resources to meet the tightest deadlines. I’m at my proudest when our team delights customers with hyper-responsiveness.

Meeting “Impossible” Deadlines

Here’s a great example from a happy client of Black Duck’s “magic”:

ADP has successfully used Black Duck for audits for many years, but recently they outdid themselves. Due to internal issues, we called at noon one day asking for what we thought was the impossible, a next day delivery. Amazingly, Black Duck made it possible and had auditors work all night in order to deliver a report by 11 a.m. the next morning. It’s really important for us to have a partner that can bail us out in such a pinch.”

– John Generelli, Senior Director Software Asset Management, ADP 

Another example. One fine Saturday of Labor Day weekend, I came off the water to find three new voice messages. One was from a company we’d not done business with before and the next one was from their attorney. The last message was from our CEO, whom they’d also called because they were so anxious to get going. Only a week before the scheduled close of a transaction, they needed an open source audit report by the following Friday. Several of our team members pulled away from their weekend activities to work with the target. By that night we had the job scoped on what turned out to be an enormous code base.

Standard delivery for this scope is about one month, but the deadline, now six days out, wasn’t moving. By Sunday we had agreements signed with both acquirer and target, and got most of the code uploaded, which allowed work to commence late Sunday night. By Monday morning (a holiday, remember) we had a team working on the project, and we were able to deliver by Friday. On Tuesday, in the middle of the audit, the target discovered another week’s worth of code. We were able to knock that off before the following Monday, with just enough time for review before the transaction closed.

These are two fairly extreme examples, but it’s not unusual at all for us to get calls at the last minute and to make it all work. It’s in our team’s DNA because it’s what M&A customers require.

Scope Your Audit

All that said, the earlier you involve Black Duck, the less stress and cost involved. It’s often worth it, but it’s definitely more expensive to rev up our resources on a Friday night for weekend work. As soon as practicable, let us scope the audit so we all know what we’re dealing with. It takes some cooperation from the target and a little work on our part, but we are happy to do it even if you are not sure about the state of the transaction. Visibility into future projects is very helpful to our planning.

The bottom line is: Involve us as early as possible — but in a pinch, please, please, don’t assume it’s too late. If you or your clients need Black Duck’s help, never be shy about calling.


Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


Diving Deep into Wild & Wacky Open Source Licenses

| Sep 5, 2017

Copyleft terms seemed pretty strange to many seasoned attorneys familiar with commercial software licenses when they first encountered the GPL, but it is far from the weirdest license out there. The GPL-2.0 remains the most popular license and the choice for millions of open source components

| MORE >

The Quietly Accelerating Adoption of the AGPL

| Aug 14, 2017

The AGPL (Affero General Public License) has continued to gain in popularity and is showing up frequently in modern code bases. My blog Are SaaS Companies Immune to Open Source Risk? mentioned a key concern for SaaS or Cloud companies, a class of open source licenses that includes the Affero GPL

| MORE >

Can Blockchain and the BTC License Fund Health Insurance?

| Jul 26, 2017

The BTC license hit my radar screen recently. Billed as “sexy” by the author, the permissive BTC license employs Blockchain and may signal a new trend going forward that could transform the way many developers work... and how they get their health insurance. Background I chair the Linux

| MORE >