Open Source Software and the impact on Mergers & Acquisitions Black Duck 2013
Speakers Russell Hartz VP of Corporate Development SAP Oliver Vivell Senior Director of Corporate Development SAP Matthew Jacobs General Counsel Black Duck 2 Black Duck 2013
Today s Agenda Open Source Software (OSS) Trends OSS in Mergers & Acquisitions SAP s Strategy & Perspective Summary & Conclusion Q&A 3 Black Duck 2013
The Global State of Open Source Software is Eating the World Marc Andreessen And Open Source is Driving the Software World Open Source Projects 2.7 Billion Files 1M Projects 100B LoC 10M personyears Source: Black Duck Software 4 Black Duck 2013
Open Source is Everywhere FOSS Community Internally Developed Code Outsourced Code Development Commercial 3 rd- Party Code Your Software Application THE ENTERPRISE 5 Black Duck 2013
Company Benefit: Less is More Enable organizations and developers to use open source technologies and methods to build software faster, better and cheaper. 80% 30% Average* Best in class *Source: IDC 2012 6 Black Duck 2013
Real World Example Over 80% of the software in our handsets is open source Carl-Eric Mols, Head of OSS, Sony Mobile Communications 7 Black Duck 2013
What is OSS? It s third party software No single official definition Third-party Software OSS Black Duck tracks over 2,200 unique license 8 Black Duck 2013
The OSS License Continuum X11/MIT GPL LGPL MPL Apache BSD Strong Copyleft Weak Copyleft Permissive licenses Restrictive Permissive 9 Black Duck 2013 8/27/20 2012 Black Duck Software, Inc. All Rights Reserved. 9
Other Interesting OSS Licenses Beer-ware Tofu Fender Stratocaster No-nuke Chicken Dance 10 Black Duck 2013 10
The Good News / Bad News 30% of deployed code is open source - IDC 2012 50% of companies will face challenges due to lack of FOSS policy and management 11 Black Duck 2013
Open Source in M&A: Why acquirers worry Concerns Inheriting problems Delaying revenue while addressing Most companies don t know what s in their code often times despite believing they do According to analysts, <50% of companies even have open source policies What Black Duck sees in M&A 20% - 50% of code we scan is open source >90% of target code bases contain undisclosed open source code >50% of code bases contain unknown or reciprocal licenses 12 Black Duck 2013
Hierarchy of Tech M&A Issues (partial list) Legal Issues IP Issues Copyright/Licensing Open Source Patents Open Source Export Control Open Source Technical Issues Security Open Source Quality Open Source Supportability Open Source Etc. 13 Black Duck 2013
Acquirer s Need to Understand What open source components are in the target s code? Under what licenses? How they are used? GPL Fit with acquirer policies vis a vis usage Obligations and how completely met Extent of remediation required How the target knows Knowledge Policy Process Approaches to assessing Interviews/Inspection Tools Third-Party Services 14 Black Duck 2013
Why Targets Need to Care Deals get delayed for remediation Valuation or financial terms change Deals go south He who sells what isn t his n, Must buy it back or go to prison. - Daniel Drew, 19 th Century American Financier 15 Black Duck 2013
What s a startup to do with respect to OSS? No company is too small to need governance Policy Can be simple red/yellow/green Process Czar, Catalog, Approval Education Developers are your firewall Implementation Define Policy/Process Baseline Education/Rollout Scan before selling 16 Black Duck 2013 16
Technical Due Diligence for M&A A Perspective from Corporate Development at SAP Russ Hartz, VP, SAP Corporate Development Oliver Vivell, Sr. Director, SAP Corporate Development August 27, 2013
SAP Company Profile Applications Analytics Mobile Database & Technology Cloud Powered by SAP HANA Worldwide leader in enterprise applications* and third largest independent software manufacturer ** More than 248,500 customers in 188 countries More than 65,500 employees with locations in more than 130 countries 2012 Revenue = ~$21.3 billion Market Capitalization = ~$90 billion * Based on software revenue ** Based on market capitalization 2013 SAP AG. All rights reserved. INTERNAL 18
SAP s Experience with Evolution of Target s Response to Open Source Due Diligence Past: Skepticism Present: Industry Standard Why is SAP performing OS diligence? Open source due diligence is expected Many questions about process / NDA heavily negotiated Few process questions / little negotiation of NDA Require code scan to be performed on site Allow remote code scan 2013 SAP AG. All rights reserved. INTERNAL 21
Open Source Evaluation is a core process in SAP s technical M&A Due Diligence LOI SIGN CLOSE Identify Evaluate Plan Integration Integrate Audit Due Diligence ~1-2 Months 1 SAP asks targets: 2 Following execution of a 3 o Provide a list of all open non-binding term sheet, source in use SAP engages Black Duck o Do you have a policy to scan the target s code regarding open source for open source. use? o Do you have a governance process to monitor & control the use of open source in your products? Scan results are evaluated by SAP s open source licensing and legal groups Open source components used in target s products evaluated and categorized by risk Remediation of high risk open source Non-high risk components are managed in PMI SAP may terminate a transaction evaluation due to the amount of open source found in the target s code and/or the cost of remediating high risk components 2013 SAP AG. All rights reserved. INTERNAL 22
SAP s approach to manage Open Source is a continuous process along the integration LOI SIGN CLOSE Identify Evaluate Plan Integration Integrate Audit Post Merger Integration / Development Operations 4 Open Source management for acquired solutions is being continued in PMI phase 5 Success of remediation activities is being managed via internal open source rescans with Black Duck Protex and 6 via BlackDuck Code Center End-to-End support provided by designated Open Source Expert (Diligence into Integration) Supports e.g. license compliance, Copyright notices, etc. Integration into SAP s standard open source process 2013 SAP AG. All rights reserved. INTERNAL 23
Summary Open source is pervasive and ubiquitous Checking for open source has become an industry best practice in M&A involving software assets Be Pro-active: Run code scan to accurately identify the open source components used in the your code Create an explicit policy for using open source Regularly audit compliance (can be automated) 2013 SAP AG. All rights reserved. INTERNAL 24
Conclusion Unmanaged use of open source can lead to: Lost deals Delayed deal Reduced price/valuation Lost revenue There are many paths for unknown components to enter a code base It s difficult to correct problems during an M&A transaction OSS due diligence helps companies avoid the risks Analyze contents using a comprehensive KnowledgeBase Provide a comprehensive view of what s in the code 25 Black Duck 2013
Black Duck Open Source Audit Services +8 Years of Experience 1,000 s Audits $40B+ M&A Transactions Discover unknown open source More thorough and accurate analysis than manual audits Identify encryption technologies that can restrict the legal export of software Identify security vulnerabilities that can impact software asset value Free quote: info@blackducksoftware.com 26 Black Duck 2013
Up Next? 5 Steps for a Winning Open Source Compliance Program with Nuance Communications Date: Thursday September 26th @ 11am ET Learn : Why OSS compliance should be a program, not a tool How centralization of a program can improve the compliance posture of your organization What steps you need to take to build a successful OSS compliance program, including how to obtain buy in from upper management Register at www.blackducksoftware.com 27 Black Duck 2013