Frequently Asked Questions

The use of open-source software entails unknown hidden risks, which may impact the value of the software asset and the intended business model. Before acquiring or selling software assets, these risks must be identified and evaluated, to arrive at a realistic valuation for the software asset. Therefore, an open-source risk analysis should be a mandatory key element of any tech due diligence.

During the analysis, the open source components along with their licenses and security vulnerabilities are identified and analyzed for potential compliance issues. This is crucial for a commercial product to avoid any legal consequences. BearingPoint provides a comprehensive report, based on each client's requirements, industry, and use case, including technical analysis of the licenses and recommendations for the developers.

We carefully align the delivery date with your deal schedule. After we get the codebase, you should expect a 1-2 week processing period.

To place a request, please contact us at foss@bearingpoint.com and use the contact form provided. Once you provided us with basic information about the codebase to be evaluated, you will receive a quote with a specific delivery date and a fixed price within one business day.

The secure handling of your codebase is our highest priority. We have implemented a code handling process that is strictly enforced, as well as additional security measures like encryption and access control. After the contract signing, we will set up a private and password-protected area for you in our data center in Austria. All data transfers are encrypted, and your codebase will be stored in encrypted file systems on our servers, with no third party involved.  Access to the servers is restricted to members of the analytic team and is protected by a VPN/Captive Portal with user-based authentication. ISO-27001 accreditation is held by all of our facilities.

Our open-source risk analysis considers the technical aspects of the open-source licenses concerned. When determining the obligations and risks, we rely on the widely accepted license interpretation in the open-source community although the legal aspects of licenses are not considered. The analysis results are most beneficial for a further evaluation of the open source-related risks by a legal professional with knowledge in this area. We can gladly propose a legal professional from our international network who can work with you on legal concerns.

Yes, BearingPoint will provide a compliance status based on the open-source license and the technical use case for each open-source component detected.  For compliance issues, we will also offer technical recommendations for remediation. 

BearingPoint will provide the findings and support you further in analyzing the results, compliance comments, mitigating solutions, and clarifying any findings accordingly, once the open-source analysis is complete and the compliance report is prepared.

Yes, the code generated by generative AI may be subject to third-party license conditions which must be respected when using it. Also, it may contain publicly known security vulnerabilities. A BearingPoint Open Source analysis will uncover the licenses applicable to code generated by generative AI, as well as applicable security vulnerabilities.