SlideShare ist ein Scribd-Unternehmen logo

Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due Diligence?

Synopsys Software Integrity Group
Synopsys Software Integrity Group

Dan Sturtevant, Silverthread and Niles Madison at Synopsys discussed design quality and code quality on a recent webinar. In an acquisition where a software asset is a core part of the deal valuation, it’s important to understand the overall quality of the software prior to doing the deal. Buggy software is problematic and needs to be cleaned up, so assessing code quality is important. But also, with poorly designed software, every fix is costly and laborious. This can significantly impact the long-term viability of the application, and maintaining that software can seriously degrade ROI. That’s why understanding a software system’s design or architectural health and the likely 'cost of ownership' is key.. For more information, please visit our website at https://www.synopsys.com/open-source-audit

Software
1 von 21
Downloaden Sie, um offline zu lesen
© 2019 Synopsys, Inc.1 Do Design Quality and Code Quality Matter in M&A Tech Due Diligence? (Spoiler: Yes) Niles Madison, Synopsys Dan Sturtevant, Silverthread
© 2019 Synopsys, Inc.2 Speakers Niles Madison Senior Manager Black Duck Audits Group Dan Sturtevant Founder/CEO Silverthread
© 2019 Synopsys, Inc.3 Agenda M&A due diligence and quality risk Understanding code quality Understanding design quality Assessing quality in due diligence Q&A
© 2019 Synopsys, Inc.4 M&A due diligence and quality risk
© 2019 Synopsys, Inc.5 Functions of M&A due diligence • Confirm premises for doing the deal • Gather information to plan for integration • Identify unknown risks
© 2019 Synopsys, Inc.6 Software risk technical due diligence Product / strategy People Process / tools Architecture Code Strategic acquirer performs PE firms may contract out Our focus today is on risks in the software
© 2019 Synopsys, Inc.7 Architecture Dimensions of software risk Open source and third party Proprietary Software development process Legal Security Quality
© 2019 Synopsys, Inc.8 Poor-quality software can slow integration and blow the business case for an acquisition • Poor code quality: lots to fix • Poor design quality: fixing is slow (including fixing legal and security issues) Source: Silverthread, Inc. Unhealthy codebase Developer productivity 8 Features/year Developer time fixing bugs 69% Healthy codebase Developer productivity 20 Features/year Developer time fixing bugs 20% Occurrence Severity Description 62.02% BLOCKER High probability of impact on system behavior Must be fixed immediately 85.46% CRITICAL Lower probability of impact on system behavior Must be reviewed immediately 96.14% MAJOR High impact on developer productivity 95.55% MINOR Some impact on developer productivity 72.70% INFO Could be an issue 96.44% Any project with an issue (excluding INFO) Source: Black Duck Quality Audits
© 2019 Synopsys, Inc.9 Understanding code quality
© 2019 Synopsys, Inc.10 Quality risk Perhaps not as acute as security and license risk, but insidious • You won’t get sued or breached, but… – Products may: – Be hard to enhance/maintain – Suffer significant technical debt – Not scale – Be buggy – There can be a drag on every fix or feature – You may need to redesign/refactor – You may need to hire more senior developers
© 2019 Synopsys, Inc.11 Sample of metrics: • File issues vs. complexity • Average and number of high-complexity files/methods • Number of large packages, files, and methods • Amount of duplicated code (i.e., code redundancy/rework)
© 2019 Synopsys, Inc.12 Understanding design quality
© 2019 Synopsys, Inc.13 Code quality vs. design quality Individual lines of code or functional parts Architecture of a codebase CODE QUALITY DESIGN QUALITY TECHNICAL HEALTH Good Bad Good Bad vs. vs.
© 2019 Synopsys, Inc.14 Design quality matters goal • Agility • Predictability • Schedule • Safety • Cloud readiness • Cyber resilience Technical Programmatic Unhealthy codebase Developer productivity 8 Features/year Developer time fixing bugs 69% Healthy codebase Developer productivity 20 Features/year Developer time fixing bugs 20% • Revenue generation • Cost reduction • Optionality for new businesses Economics vs.
© 2019 Synopsys, Inc.15 Elements of architectural health Layered API Layer compromised API circumvented Cyclicality Healthy architectureUnhealthy architecture Modular Hierarchical dependence Module too big Source: Silverthread, Inc.
© 2019 Synopsys, Inc.16 Poor architectural health: Gaming company example Oct–Nov: Bigger cross-organization team investigates and finds source of problem. Hack put in place to enable Christmas ship. Fingers crossed. Video Game Engine: NY-based team Physics subsystem Xbox drivers PS4 drivers Game 1: Los Angeles–based team Vehicle subsystem Bad Guy subsystem Weapon subsystem 3 years ago: Some members of Engine team saved 1 month by introducing calls to code in Game 1, including: User: engine/physics/foo.cpp Uses: game/bad_guy/bar.cpp Line: 407 Type: Method Call Bad cyclicality introduced, violating platform / plugin architecture Platform & plugin architecture May: Game 1 team makes improvement, slightly alters behavior. No thought that this would affect Engine or Game 2. June: Game 2 team experiences new subtle bug. Spends 1 month trying to debug. Eventually traces it to change in Engine. July–Sept: Cross-organization team investigates bug together. Progress slowed by geographic distance. Bad cyclicality discovered. Behavior change traced to Game 1. Game 1 depends on Engine Game 2 depends on Engine 31 2 4 5 Game 2: UK-based team Rendering subsystem
© 2019 Synopsys, Inc.17 Assessing quality in due diligence
© 2019 Synopsys, Inc.18 Code quality audit • Method: Automated static code analysis / expert human review • Requires: Access to source code and libraries • Focus: Quality of coding at the file and method level relative to the industry • Evaluates: Coding practices, structure complexity, commenting, errors • Sample of metrics: – File issues vs. complexity – Average and number of high-complexity files/methods – Number of large packages, files, and methods – Amount of duplicated code (i.e., code redundancy/rework) Is the code well-written?
© 2019 Synopsys, Inc.19 Design quality audit • Method: Automated analysis / expert human review, powered by CodeMRI® from Silverthread • Requires: Access to source code and libraries • Focus: Quality of design at the architectural level • Evaluates: Architecture, modularity, layering, APIs, cyclicality • Sample of metrics: – Economic impact – Size and number of core (tangles) – File interdependencies Is the architecture healthy?
© 2019 Synopsys, Inc.20 Conclusions • It’s important to understand the holistic risk when evaluating software assets in M&A (and beyond) • Poor-quality design and code can slow integration and impede fixing and improving software • It’s important to assess all aspects of quality
© 2019 Synopsys, Inc.21 Q&A

Empfohlen

Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Synopsys Software Integrity Group
 
Webinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilitiesWebinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilitiesSynopsys Software Integrity Group
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedSynopsys Software Integrity Group
 
Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security Synopsys Software Integrity Group
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksSynopsys Software Integrity Group
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This WorksSynopsys Software Integrity Group
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Synopsys Software Integrity Group
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualSynopsys Software Integrity Group
 

Empfohlen

Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Synopsys Software Integrity Group
 
Webinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilitiesWebinar–5 ways to risk rank your vulnerabilities
Webinar–5 ways to risk rank your vulnerabilitiesSynopsys Software Integrity Group
 
Webinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedWebinar–Delivering a Next Generation Vulnerability Feed
Webinar–Delivering a Next Generation Vulnerability FeedSynopsys Software Integrity Group
 
Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security Webinar–Using Evidence-Based Security
Webinar–Using Evidence-Based Security Synopsys Software Integrity Group
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksSynopsys Software Integrity Group
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This WorksSynopsys Software Integrity Group
 
Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Webinar–You've Got Your Open Source Audit Report–Now What?
Webinar–You've Got Your Open Source Audit Report–Now What? Synopsys Software Integrity Group
 
Webinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualWebinar–Why All Open Source Scans Aren't Created Equal
Webinar–Why All Open Source Scans Aren't Created EqualSynopsys Software Integrity Group
 
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersSynopsys Software Integrity Group
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingSynopsys Software Integrity Group
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleSynopsys Software Integrity Group
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Synopsys Software Integrity Group
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewSynopsys Software Integrity Group
 
Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions Synopsys Software Integrity Group
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Software Integrity Group
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersSynopsys Software Integrity Group
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Webinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseWebinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseSynopsys Software Integrity Group
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Synopsys Software Integrity Group
 
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsSynopsys Software Integrity Group
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck by Synopsys
 
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CDSynopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CDSynopsys Software Integrity Group
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealitySynopsys Software Integrity Group
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodeDevOps.com
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
Webinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationWebinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationSynopsys Software Integrity Group
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...Synopsys Software Integrity Group
 

Weitere ähnliche Inhalte

Was ist angesagt?

Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersSynopsys Software Integrity Group
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Synopsys Software Integrity Group
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Software Integrity Group
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsSynopsys Software Integrity Group
 
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsSynopsys Software Integrity Group
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck by Synopsys
 
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CDSynopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CDSynopsys Software Integrity Group
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Black Duck by Synopsys
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodeDevOps.com
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 

Was ist angesagt? (20)

Webinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec MattersWebinar–Financial Services Study Shows Why Investing in AppSec Matters
Webinar–Financial Services Study Shows Why Investing in AppSec Matters
 
Webinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source LicensingWebinar–What You Need To Know About Open Source Licensing
Webinar–What You Need To Know About Open Source Licensing
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
Webinar–Is Your Software Security Supply Chain a Security Blind Spot?
 
Webinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in ReviewWebinar–The 2019 Open Source Year in Review
Webinar–The 2019 Open Source Year in Review
 
Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions Webinar–The State of Open Source in M&A Transactions
Webinar–The State of Open Source in M&A Transactions
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
 
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software AssetsWebinar – Streamling Your Tech Due Diligence Process for Software Assets
Webinar – Streamling Your Tech Due Diligence Process for Software Assets
 
Webinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and AbuseWebinar – Security Tool Misconfiguration and Abuse
Webinar – Security Tool Misconfiguration and Abuse
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
Webinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical AppsWebinar–Mobile Application Hardening Protecting Business Critical Apps
Webinar–Mobile Application Hardening Protecting Business Critical Apps
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 
Black Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open SourceBlack Duck & IBM Present: Application Security in the Age of Open Source
Black Duck & IBM Present: Application Security in the Age of Open Source
 
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CDSynopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
 
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...
 
Webinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 

Ähnlich wie Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due Diligence?

Webinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationWebinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationSynopsys Software Integrity Group
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...Synopsys Software Integrity Group
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisVMware Tanzu
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRobert Grupe, CSSLP CISSP PE PMP
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
Unlocking Engineering Observability with advanced IT analytics
Unlocking Engineering Observability with advanced IT analyticsUnlocking Engineering Observability with advanced IT analytics
Unlocking Engineering Observability with advanced IT analyticssource{d}
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsTechWell
 
OWASP Chicago Meetup Presentation - Threat Modeling-Process Maturity
OWASP Chicago Meetup Presentation - Threat Modeling-Process MaturityOWASP Chicago Meetup Presentation - Threat Modeling-Process Maturity
OWASP Chicago Meetup Presentation - Threat Modeling-Process MaturitySynopsys Software Integrity Group
 
A Comprehensive Breakdown of Low Code, No Code and Traditional Development.pdf
A Comprehensive Breakdown of Low Code, No Code and Traditional Development.pdfA Comprehensive Breakdown of Low Code, No Code and Traditional Development.pdf
A Comprehensive Breakdown of Low Code, No Code and Traditional Development.pdfExpert App Devs
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsTechWell
 
IBM Z for the Digital Enterprise 2018 - Automate Delivery Pipeline
IBM Z for the Digital Enterprise 2018 - Automate Delivery PipelineIBM Z for the Digital Enterprise 2018 - Automate Delivery Pipeline
IBM Z for the Digital Enterprise 2018 - Automate Delivery PipelineDevOps for Enterprise Systems
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24
 
Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit? Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit? Tiberius Forrester
 

Ähnlich wie Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due Diligence? (20)

Webinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your OrganizationWebinar–Building A Culture of Secure Programming in Your Organization
Webinar–Building A Culture of Secure Programming in Your Organization
 
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
RSA Conference Presentation–Creating a Modern AppSec Toolchain to Quantify Se...
 
Webinar–Open Source Risk in M&A by the Numbers
Webinar–Open Source Risk in M&A by the NumbersWebinar–Open Source Risk in M&A by the Numbers
Webinar–Open Source Risk in M&A by the Numbers
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Unlocking Engineering Observability with advanced IT analytics
Unlocking Engineering Observability with advanced IT analyticsUnlocking Engineering Observability with advanced IT analytics
Unlocking Engineering Observability with advanced IT analytics
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective Actions
 
OWASP Chicago Meetup Presentation - Threat Modeling-Process Maturity
OWASP Chicago Meetup Presentation - Threat Modeling-Process MaturityOWASP Chicago Meetup Presentation - Threat Modeling-Process Maturity
OWASP Chicago Meetup Presentation - Threat Modeling-Process Maturity
 
Webinar – Software Security 2019–Embrace Velocity
Webinar – Software Security 2019–Embrace Velocity Webinar – Software Security 2019–Embrace Velocity
Webinar – Software Security 2019–Embrace Velocity
 
Webinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis ReportWebinar–2019 Open Source Risk Analysis Report
Webinar–2019 Open Source Risk Analysis Report
 
A Comprehensive Breakdown of Low Code, No Code and Traditional Development.pdf
A Comprehensive Breakdown of Low Code, No Code and Traditional Development.pdfA Comprehensive Breakdown of Low Code, No Code and Traditional Development.pdf
A Comprehensive Breakdown of Low Code, No Code and Traditional Development.pdf
 
Agile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective ActionsAgile Project Failures: Root Causes and Corrective Actions
Agile Project Failures: Root Causes and Corrective Actions
 
Software Change estimation
Software Change estimationSoftware Change estimation
Software Change estimation
 
Webinar–Reviewing Modern JavaScript Applications
Webinar–Reviewing Modern JavaScript ApplicationsWebinar–Reviewing Modern JavaScript Applications
Webinar–Reviewing Modern JavaScript Applications
 
How to improve the quality of your application
How to improve the quality of your applicationHow to improve the quality of your application
How to improve the quality of your application
 
IBM Z for the Digital Enterprise 2018 - Automate Delivery Pipeline
IBM Z for the Digital Enterprise 2018 - Automate Delivery PipelineIBM Z for the Digital Enterprise 2018 - Automate Delivery Pipeline
IBM Z for the Digital Enterprise 2018 - Automate Delivery Pipeline
 
lecture 1-5.pdf
lecture 1-5.pdflecture 1-5.pdf
lecture 1-5.pdf
 
Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...Outpost24 Webinar - Creating a sustainable application security program to dr...
Outpost24 Webinar - Creating a sustainable application security program to dr...
 
Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit? Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit?
 

Mehr von Synopsys Software Integrity Group

Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileSynopsys Software Integrity Group
 
Webinar – Using Metrics to Drive Your Software Security Initiative
Webinar – Using Metrics to Drive Your Software Security Initiative Webinar – Using Metrics to Drive Your Software Security Initiative
Webinar – Using Metrics to Drive Your Software Security Initiative Synopsys Software Integrity Group
 
Webinar–Vulnerabilities in Containerised Production Environments
Webinar–Vulnerabilities in Containerised Production EnvironmentsWebinar–Vulnerabilities in Containerised Production Environments
Webinar–Vulnerabilities in Containerised Production EnvironmentsSynopsys Software Integrity Group
 

Mehr von Synopsys Software Integrity Group (6)

Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?Webinar–Segen oder Fluch?
Webinar–Segen oder Fluch?
 
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde AgileWebinar–Sécurité Applicative et DevSecOps dans un monde Agile
Webinar–Sécurité Applicative et DevSecOps dans un monde Agile
 
Webinar - Developers Are Your Greatest AppSec Resource
Webinar - Developers Are Your Greatest AppSec ResourceWebinar - Developers Are Your Greatest AppSec Resource
Webinar - Developers Are Your Greatest AppSec Resource
 
Webinar – Using Metrics to Drive Your Software Security Initiative
Webinar – Using Metrics to Drive Your Software Security Initiative Webinar – Using Metrics to Drive Your Software Security Initiative
Webinar – Using Metrics to Drive Your Software Security Initiative
 
Webinar–Vulnerabilities in Containerised Production Environments
Webinar–Vulnerabilities in Containerised Production EnvironmentsWebinar–Vulnerabilities in Containerised Production Environments
Webinar–Vulnerabilities in Containerised Production Environments
 
Infographic–A Look Back at the First Year of GDPR
Infographic–A Look Back at the First Year of GDPRInfographic–A Look Back at the First Year of GDPR
Infographic–A Look Back at the First Year of GDPR
 

Kürzlich hochgeladen

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 

Kürzlich hochgeladen (20)

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 

Do Design Quality and Code Quality Matter in Merger and Acquisition Tech Due Diligence?

  • 1. © 2019 Synopsys, Inc.1 Do Design Quality and Code Quality Matter in M&A Tech Due Diligence? (Spoiler: Yes) Niles Madison, Synopsys Dan Sturtevant, Silverthread
  • 2. © 2019 Synopsys, Inc.2 Speakers Niles Madison Senior Manager Black Duck Audits Group Dan Sturtevant Founder/CEO Silverthread
  • 3. © 2019 Synopsys, Inc.3 Agenda M&A due diligence and quality risk Understanding code quality Understanding design quality Assessing quality in due diligence Q&A
  • 4. © 2019 Synopsys, Inc.4 M&A due diligence and quality risk
  • 5. © 2019 Synopsys, Inc.5 Functions of M&A due diligence • Confirm premises for doing the deal • Gather information to plan for integration • Identify unknown risks
  • 6. © 2019 Synopsys, Inc.6 Software risk technical due diligence Product / strategy People Process / tools Architecture Code Strategic acquirer performs PE firms may contract out Our focus today is on risks in the software
  • 7. © 2019 Synopsys, Inc.7 Architecture Dimensions of software risk Open source and third party Proprietary Software development process Legal Security Quality
  • 8. © 2019 Synopsys, Inc.8 Poor-quality software can slow integration and blow the business case for an acquisition • Poor code quality: lots to fix • Poor design quality: fixing is slow (including fixing legal and security issues) Source: Silverthread, Inc. Unhealthy codebase Developer productivity 8 Features/year Developer time fixing bugs 69% Healthy codebase Developer productivity 20 Features/year Developer time fixing bugs 20% Occurrence Severity Description 62.02% BLOCKER High probability of impact on system behavior Must be fixed immediately 85.46% CRITICAL Lower probability of impact on system behavior Must be reviewed immediately 96.14% MAJOR High impact on developer productivity 95.55% MINOR Some impact on developer productivity 72.70% INFO Could be an issue 96.44% Any project with an issue (excluding INFO) Source: Black Duck Quality Audits
  • 9. © 2019 Synopsys, Inc.9 Understanding code quality
  • 10. © 2019 Synopsys, Inc.10 Quality risk Perhaps not as acute as security and license risk, but insidious • You won’t get sued or breached, but… – Products may: – Be hard to enhance/maintain – Suffer significant technical debt – Not scale – Be buggy – There can be a drag on every fix or feature – You may need to redesign/refactor – You may need to hire more senior developers
  • 11. © 2019 Synopsys, Inc.11 Sample of metrics: • File issues vs. complexity • Average and number of high-complexity files/methods • Number of large packages, files, and methods • Amount of duplicated code (i.e., code redundancy/rework)
  • 12. © 2019 Synopsys, Inc.12 Understanding design quality
  • 13. © 2019 Synopsys, Inc.13 Code quality vs. design quality Individual lines of code or functional parts Architecture of a codebase CODE QUALITY DESIGN QUALITY TECHNICAL HEALTH Good Bad Good Bad vs. vs.
  • 14. © 2019 Synopsys, Inc.14 Design quality matters goal • Agility • Predictability • Schedule • Safety • Cloud readiness • Cyber resilience Technical Programmatic Unhealthy codebase Developer productivity 8 Features/year Developer time fixing bugs 69% Healthy codebase Developer productivity 20 Features/year Developer time fixing bugs 20% • Revenue generation • Cost reduction • Optionality for new businesses Economics vs.
  • 15. © 2019 Synopsys, Inc.15 Elements of architectural health Layered API Layer compromised API circumvented Cyclicality Healthy architectureUnhealthy architecture Modular Hierarchical dependence Module too big Source: Silverthread, Inc.
  • 16. © 2019 Synopsys, Inc.16 Poor architectural health: Gaming company example Oct–Nov: Bigger cross-organization team investigates and finds source of problem. Hack put in place to enable Christmas ship. Fingers crossed. Video Game Engine: NY-based team Physics subsystem Xbox drivers PS4 drivers Game 1: Los Angeles–based team Vehicle subsystem Bad Guy subsystem Weapon subsystem 3 years ago: Some members of Engine team saved 1 month by introducing calls to code in Game 1, including: User: engine/physics/foo.cpp Uses: game/bad_guy/bar.cpp Line: 407 Type: Method Call Bad cyclicality introduced, violating platform / plugin architecture Platform & plugin architecture May: Game 1 team makes improvement, slightly alters behavior. No thought that this would affect Engine or Game 2. June: Game 2 team experiences new subtle bug. Spends 1 month trying to debug. Eventually traces it to change in Engine. July–Sept: Cross-organization team investigates bug together. Progress slowed by geographic distance. Bad cyclicality discovered. Behavior change traced to Game 1. Game 1 depends on Engine Game 2 depends on Engine 31 2 4 5 Game 2: UK-based team Rendering subsystem
  • 17. © 2019 Synopsys, Inc.17 Assessing quality in due diligence
  • 18. © 2019 Synopsys, Inc.18 Code quality audit • Method: Automated static code analysis / expert human review • Requires: Access to source code and libraries • Focus: Quality of coding at the file and method level relative to the industry • Evaluates: Coding practices, structure complexity, commenting, errors • Sample of metrics: – File issues vs. complexity – Average and number of high-complexity files/methods – Number of large packages, files, and methods – Amount of duplicated code (i.e., code redundancy/rework) Is the code well-written?
  • 19. © 2019 Synopsys, Inc.19 Design quality audit • Method: Automated analysis / expert human review, powered by CodeMRI® from Silverthread • Requires: Access to source code and libraries • Focus: Quality of design at the architectural level • Evaluates: Architecture, modularity, layering, APIs, cyclicality • Sample of metrics: – Economic impact – Size and number of core (tangles) – File interdependencies Is the architecture healthy?
  • 20. © 2019 Synopsys, Inc.20 Conclusions • It’s important to understand the holistic risk when evaluating software assets in M&A (and beyond) • Poor-quality design and code can slow integration and impede fixing and improving software • It’s important to assess all aspects of quality
  • 21. © 2019 Synopsys, Inc.21 Q&A