Our client is an upcoming, on-demand transportation and ride-sharing mobile technology company based in Singapore. They mainly deal with GPS & Map tracking solutions but they also have several other products in their portfolio. They are very popular in Southeast Asia and operate in countries of Indonesia, Malaysia, Myanmar, Philippines, and Vietnam.
The company connects millions of consumers to millions of drivers, merchants, and businesses. They are currently taking on the largest problems that affect the region, from inequality, outdated infrastructure, to income disparity. Many Southeast Asian people face everyday limitations like traffic congestion and lack of public infrastructure. And so their app tries to solve everyday challenges to make life easier.
Background & Challenge
A few years ago, we engaged with this client to further our discussions on the open-source compliance front and the impacts of security vulnerabilities in the code. We were constantly in touch with the client and educating them for a year and a half concerning open source audits and compliance. Since the client’s company was mainly into GPS & Maps tracking, they got white-labeled and associated with OEM contracts with a few Tier 1 companies in the SEA region. Their maps were now embedded in top Tier 1 companies.
A few years after the initial engagement, the client had a requirement of conducting open-source audits. Through our steady relationship over the years, they were convinced by our capabilities and the vast amount of open-source audits Lyra has carried out for organizations big and small. They approached us for help with their Open Source Audits. They chose Lyra over others since we helped them and carried out a strong relationship with them ever since they were an early-stage start-up.
Usually, start-up developers take code either from the internet or from readily available repositories to build a product. Once the product was created and after a successful proof of concept, the client’s product got embedded in a couple of Tier 1’s. Due to the product’s wide range of features and capabilities, they further got engaged with a global Tier supplier in the automotive space. This Tier 1 supplier was now interested in acquiring the client’s company. This is when the client approached Lyra to help them in Open Source Audits concerning Mergers and Acquisitions.
With the codebase we received from the client, we first performed an open source audit to identify and map out the open-source components with the help of the enterprise solution for code scans. We used a wide variety of techniques to ferret out unknown open source. In most cases, our enterprise tool definitively identifies open source components, but sometimes, due to limited information in the code, they just provide clues for our expert auditors to analyze it even further. Our OSS auditors were tasked with identifying the list of associated licenses for those open source components. We were now able to then draw a list of components with OSS license compliance conflicts. We then analyzed and categorized these licenses under low, medium, and high risk. Once this was done, we shared the lists of components which had legal issues and license conflicts to the client and submitted an open source audit report for remediation of these issues.
As per the agreed timeline of 2 weeks to fix and remediate the license conflicts, the client came back to us within a week itself due to the urgency of getting things done quickly. After the remediation, we then did a final delta audit scan on the code to check and verify the fixes done by the client’s teams.
Usually, the life cycle for conducting an Open Source Audit lasts for 1 month but due to the urgency and significant time pressure for this M&A audit transaction, we at Lyra went far ahead in delighting our clients by completing it in just 5 days. Our open-source auditors worked around the clock to get the job done. Our vast experience and reputation in the field of audits, has enabled us to amaze our clients frequently with our responsiveness even when we are called in at the Nth hour.
Once we verified the issues remediated, we submitted a final open-source compliance report. Our client then shared this report with the global Tier 1 supplier in the auto space. As a virtue of this compliance report, our client was successfully acquired for a good valuation.
Interested in Open Source Audits for M&A transactions and remediation of legal and OSS compliance issues? Contact us at firstname.lastname@example.org