Why business leaders must add software due diligence to their investment arsenal

Philippe Thomas, CEO at Vaultinum, explains why the current due diligence measures carried out by many investors are insufficient, given that software is increasingly a primary asset. Philippe discusses the main risks that threaten investors who do not implement comprehensive software due diligence and gives advice on how to change this. 
Philippe Thomas, CEO at Vaultinum, explains why the current due diligence measures carried out by many investors are insufficient, given that software is increasingly a primary asset. Philippe discusses the main risks that threaten investors who do not implement comprehensive software due diligence and gives advice on how to change this. 

In the Department for Business, Energy & Industrial Industry’s 2021 UK Innovation Strategy, the UK government marks technology as a priority sector, owing to its fundamental contributions to pressing national and global challenges. The sector’s importance has also been demonstrated by its growth, with investment in the UK’s tech startups and scaleups reaching a record £13.5bn in the first half of this year. This widespread belief that the tech industry has a crucial role to play in our economy and society makes getting tech investment right more important than ever; the stakes have never been higher. 

Due diligence is an essential step in the pre-acquisition and investment rounds phase of any deal, regardless of its contents. These efforts have historically focused on financial, legal, human resources, and operations, which are evidently of the utmost importance for investors. Whilst software due diligence is now implemented by some investors, it is generally not comprehensive, not carried out by experts, and done manually, meaning that many issues are not identified. Due diligence processes simply haven’t caught up to the growing collective understanding that software is significant, or some would even say a primary, asset in most deals taking place today. This urgently needs to change.

Making the move to comprehensive software due diligence 

As leaders will already be aware, due diligence is an investigative process undertaken before entering into an investment with another party. The importance of due diligence as a concept is widely understood but including software within its remit is not so well-known. Software due diligence is a process of identifying vulnerabilities associated with a software and its source code, covering areas such as maintainability, scalability, data security risks, and licensing. Acquiring an awareness of these risks helps investors and buyers mitigate catastrophic legal, financial, and reputational consequences in the future.

As with any form of due diligence, it is important that investors choose a reliable and specialized third party to provide this service. In order to run software due diligence, the third-party provider will need to gain access to the software’s source code, usually kept under lock and key. To ensure that the software remains protected throughout the due diligence process, investors must opt for a provider that is ISO27001 certified, has experience in securely archiving data, and uses siloed servers located in a place where regulation provides strong data protection. Once a provider has been chosen, the process can begin with an assessment of the organization’s existing understanding of security issues and protection measures. Then follows an in-depth analysis of every line of the source code, with a report being produced that offers a comprehensive picture of any risk areas and precise resolution recommendations. At the end of this process, investors will be much more knowledgeable about the software they are investing in and make a well-informed decision about whether to invest. If they do choose to invest, they will enter the investment equipped with a detailed understanding of the exact measures urgently required to secure their investment. 

Identifying potential risk points in a software

There are a number of potential issues that can be identified through software due diligence, which truly highlight the importance of its execution. Data vulnerabilities are perhaps some of the most visible software risks within the business community, owing to a sharp rise in publicity for data breaches that have occurred during mergers and acquisitions in recent years. An infamous example that took place in 2016 is that of Marriot International, a hotel chain that acquired Starwood Hotels & Resorts in a deal to the tune of US$13.3bn. Marriot were ultimately fined $123mn by Britain’s Information Commissioner’s Office when it was revealed that a 2014 data breach in Starwood’s reservation system exposed 400 million guests’ personal data. Even though the breach itself occurred prior to the merger, Marriot remained financially and legally liable for Starwood’s mistake, and the two businesses suffered lasting reputational injuries. If Marriot had carried out more comprehensive software due diligence prior to the merger, this may have been identified, and its catastrophic consequences avoided. 

A less publicized but nevertheless extremely important potential vulnerability is that of maintainability, which in turn affects a software’s scalability. Given that comprehensive software due diligence is able to analyze every line of a software’s code, it is able to flag any areas within the code that may currently or in the near future no longer be maintainable. In doing so, the analysis highlights any use of code that no longer functions as it was originally intended, or usage of open source software that has become out of date and cannot easily be maintained by another developer. Any such evidence signifies that the software lacks maintainability and suggests that it is unlikely to be scalable. As a result, investors can easily understand whether software is worth investing in or not; even if you pour capital into ‘dinosaur’ software, it may not return significant profits in the long run.

Finally, comprehensive software due diligence analyses the usage of open source software within a wider code base. Drawing on open-source software is not a red flag in itself; it speeds up development and provides a constant stream of new and innovative solutions generated by developers working together worldwide. However, pressure to develop fast can mean that developers lose sight of the licensing restrictions attached to open source software. If a license is particularly contaminating, businesses may be liable to pay a fee for the usage of open source code, or even be required to make the entire in-house developed code base public. Investors must be aware of any such licenses before they make an investment because they can vastly change the value and terms of the asset. 

READ MORE:

Entering an investment with an awareness of any potential vulnerabilities is essential for those investing in software, to avoid dramatic reputational, financial, and legal damage. Investors must begin to include comprehensive software due diligence, carried out by a trusted third party, into their pre-acquisition routine, before it’s too late. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Philippe Thomas

Philippe Thomas is the CEO of Vaultinum, a trusted independent third-party specialized in the protection and audit of digital assets. He has 20+ years of experience in the fintech industry, having started his career in open outcry market surveillance, extending into business development and becoming a COO, before starting his journey with Vaultinum in 2019. Vaultinum provide software escrow contracts, copyright deposit solutions, and software due diligence tools to top tier firms, private equities, and VCs worldwide.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...