Call Us Toggle

Call us today

00800 8003 0800

Or arrange a callback now

We use reCaptcha to secure our forms. This requires JavaScript enabled.

Complete all fields marked with an asterisk

Got a question? We're here to answer!
If you don't see your question here, drop us a line on our Contact Page.

  • Why should I include FOSS analysis in my Tech Due Diligence process?

    The use of open-source software entails unknown hidden risks, which may impact the value of the software asset and the intended business model. Before acquiring or selling software assets, these risks must be identified and evaluated, to arrive at a realistic valuation for the software asset. Therefore, an open-source risk analysis should be a mandatory key element of any Tech Due Diligence.

  • What are the benefits of a BearingPoint open source analysis?

    During the analysis, the open source components along with their licenses and security vulnerabilities are identified and analyzed for potential compliance issues. This is crucial for a commercial product to avoid any legal consequences. BearingPoint provides a comprehensive report, based on each client's requirements, industry, and use case, including technical analysis of the licenses and recommendations for the developers.

  • How long does it take until I receive the analysis report?

    We carefully align the delivery date with your deal schedule. After we get the codebase, you should expect a 1-2 week processing period.

  • How can I request a BearingPoint FOSS analysis?

    To place a request, please contact us at and use the contact form provided. Once you provided us with basic information about the codebase to be evaluated, you will receive a quote with a specific delivery date and a fixed price within one business day.

  • How should I safely send the code for scanning?

    The secure handling of your codebase is our highest priority. We have implemented a code handling process that is strictly enforced, as well as additional security measures like encryption and access control. After the contract signing, we will set up a private and password-protected area for you in our data center in Austria. All data transfers are encrypted, and your codebase will be stored in encrypted file systems on our servers, with no third party involved.  Access to the servers is restricted to members of the analytic team and is protected by a VPN/Captive Portal with user-based authentication. ISO-27001 accreditation is held by all of our facilities.

  • Do you also offer legal advice?

    Our open-source risk analysis considers the technical aspects of the open-source licenses concerned. When determining the obligations and risks, we rely on the widely accepted license interpretation in the open-source community although the legal aspects of licenses are not considered. The analysis results are most beneficial for a further evaluation of the open source-related risks by a legal professional with knowledge in this area. We can gladly propose a legal professional from our international network who can work with you on legal concerns.

  • Will you provide me with remedial alternatives for the issues detected in my code?

    Yes, BearingPoint will provide a compliance status based on the open-source license and the technical use case for each open-source component detected.  For compliance issues, we will also offer technical recommendations for remediation. 

  • Will you assist me in comprehending the analysis report?

    BearingPoint will provide the findings and support you further in analyzing the results, compliance comments, mitigating solutions, and clarifying any findings accordingly, once the open-source analysis is complete and the compliance report is prepared.

Still not the Answers you were looking for?

Simply get in touch with our team. We will try to answer your remaining questions.

Contact our Team

Contact us

Talk to our Specialists and learn how our FOSS Management Services can help your Business.