due-diligence
Safeguard articles tagged "due-diligence" — guides, analysis, and best practices for software supply chain and application security.
8 articles
What open source scans miss in M&A due diligence
Open source composition scans like Black Duck catch known packages and licenses — but M&A due diligence needs to catch what those scans miss too.
Communicating security posture to customers/investors via...
How to turn SBOMs into a real vendor-risk communication tool for customers and investors, and where Mend.io's scan-first approach falls short.
Open source license risk in M&A due diligence
Open source license conflicts hide in most acquisition targets' codebases. Here's why manifest-based SCA tools like Mend.io miss them in M&A diligence — and what a real audit needs.
Reachability Analysis For EU CRA Due Diligence
EU CRA enforcement asks vendors and operators to demonstrate due diligence on software components. Reachability is the evidence that makes the demonstration honest.
SBOM-Driven Due Diligence for M&A
How SBOMs have become a standard input to technical due diligence for software acquisitions, what acquirers actually look for, and how sellers should prepare.
Enterprise AI Procurement Due Diligence Checklist
AI-for-security procurement covers more than feature comparison. The due diligence checklist that surfaces structural differences between vendors.
Best open source audit tools for M&A due diligence
A practical buyer's guide to open source audit tools for M&A due diligence, comparing ScanCode, FOSSology, ORT, Syft/Grype, FOSSA, and Black Duck.
How to Security Audit an Open Source Project Before Adoption
Adopting an open source dependency is a trust decision. This guide provides a structured methodology for evaluating the security posture of open source projects before adding them to your supply chain.