The M&A Professional Perspective
One of the primary ways that application security risk enters today’s enterprise is through the software acquisition process. Whether it is procurement, a merger, or corporate acquisition, an increasing percentage of modern enterprise software infrastructures was created by unknown third parties.
Given the dramatically heightened regulatory and compliance environment, one of the unique challenges now facing today’s M&A professional is preventing software security risk from entering the acquiring organization through the acquisition process. The risk is real as most software development processes in smaller target firms are less mature than larger and more established organizations, often focus on rapid feature development rather than secure design and implementation, and typically are unable to afford expensive security testing tools to do even basic security checking. These unknowns around software security are compounded by the acquisition process itself which can present challenges due to the sensitivities surrounding accessing source code of target company, the confidential nature of the transaction and security vulnerability information (particularly for public companies), and the legal risk associated with failed transactions.
Veracode’s cloud-based services platform provides M&A Professionals with a strategic capability to quickly and cost-effective assess the security posture of a target company’s software products without requiring access to source code and subjecting the Acquirer to increased legal risk. Trusted, independent and standards-based, Veracode’s automated M&A software security assessments are the fastest path to adding software security requirements to the M&A due diligence process.