KPMG Adopts FlexNet Code Insight to Identify Open Source License Compliance and Security Risks
Flexera and KPMG LLP, the U.S. audit, tax and advisory firm, today announced an expanded strategic alliance to help development, legal and security teams with open source license and security management.
FlexNet Code Insight, Flexera’s next-generation open source security and compliance platform, is now the technology behind KPMG’s software composition analysis offering, which helps clients detect open source license compliance risk and security vulnerabilities.
“With the proliferation of open source software (OSS) in today’s development environment, we share Flexera’s commitment to serving and protecting organizations from open source licensing and security risk,” said Paul Baguley, Major Projects and Contract Advisory Services Principal at KPMG LLP. “We’re excited to expand our alliance to include Flexera’s leading technology in software composition analysis.”
“Flexera’s extremely proud to support KPMG’s new software composition analysis offering – aligning process, governance and technology. We couldn’t have asked for a better opportunity to expand our strategic alliance,” said Jeff Luszcz, Vice President of Product Management at Flexera. “Adding FlexNet Code Insight to KPMG’s analysis gives companies an easy path to open source management. Now, organizations can take a smart and automated approach to open source scanning and monitoring and stay ahead of vulnerabilities and license compliance issues.”
New KPMG Service Uncovers OSS Risks
KPMG’s new software composition analysis, featuring Flexera’s FlexNet Code Insight, helps suppliers and buyers of software and Internet of Things solutions uncover OSS risks through regular monitoring that reviews software developed, used and distributed by an organization. The service results in a detailed Software Bill of Materials (BOM) that defines the organization’s OSS footprint, vulnerabilities that need to be patched and licensing risks that require action. Fast, high-level scans can be performed to identify critical problems, and deeper scans and analysis are available on high-risk code. The analysis also helps companies navigating technical due diligence because of a pending merger or acquisition.
“Organizations need assurances that there are no significant open source compliance or security issues lurking in the software code of the company they’re acquiring,” added Luszcz. “KPMG and Flexera can provide the automated tools and experience in comprehensive OSS assessment that few M&A teams currently have. Ultimately, companies can avoid unexpected disclosures that have the potential to impact final acquisition valuation and remediation costs.”