There are many reasons why our customers conduct software audits. Whether an organization is the target of an acquisition, part of a supply chain, or preparing for a funding round by auditing code to document their software intellectual property assets, Black Duck Audits can help. The Black Duck audit services group has conducted thousands of software audits and developed an efficient and straightforward process to work with you and any companies that you may be working with.
This website details the process that we use to scope and deliver an audit. It clarifies the paperwork required by all parties, includes tools and documents that will help us evaluate the level of effort for your engagements, and answers frequently asked questions (FAQ).
During the audit process, our auditors analyze the output generated by one or more automated code scans. This analysis provides detailed information pertaining to one or more of the following audit types:
Depending on which audits are being done, the Black Duck audit group combines this data with additional findings to compile a report that documents instances of open source and certain third-party components relating to licensing, encryption, security vulnerabilities, and/or code quality. We can provide the report to the appropriate personnel, including legal counsel, management, and/or engineering teams, for review, as directed by the customer.