Management of open source licenses is an exercise whose importance transcends events like an Initial Public Offering (IPO) or a merger or acquisition (M&A), as revenue could be impacted when potential clients complete their due diligence before a purchase or an online marketplace requires a report before releasing your app on their platform.
As the use of open source grows and deployment timelines shrink, management of open source is a growing concern that many organizations are struggling with handling effectively.
Most organizations start off managing all of their open source dependencies in a spreadsheet. This is a process that generally involves someone from legal, engineering, product, or security tracking down the correct engineers to fill out a form that lists every open source component used to help build a product. Then, legal and security review the dependencies against license policy and security vulnerability databases to ensure the software is compliant and secure. Finally, these reports are finalized and shared with auditors for IPO, M&A — or reports are shared with customers and partners that require compliance.