3 Critical Considerations for Technical Due Diligence
Technical due diligence is the process of verifying a company’s technical capabilities, quality, and processes. It is typically performed by investors or buyers before a contract is made.
Technical due diligence exposes any liabilities in a product so that the value can be fairly assessed. It enables investors to verify the present value of their interest. It also provides an in-depth look at the growth potential of a product, including its scalability, resilience, and reliability.
Due diligence can also be performed internally to increase the value of a product. For example, teams can audit technical due diligence measures as a means of evaluating processes and performance. This information is then used to improve operations, upgrade infrastructures, and otherwise increase investment potential.
When performing technical due diligence, keep the following three considerations in mind.
Software code reviews
Software code reviews check code quality, functionality, and architecture. These reviews enable investors to understand the scalability of a project, evaluate the practices and procedures used, and measure the skill level of development teams.
Make sure that you have someone qualified to verify and test the code; if you don’t, hire someone to do it for you. Additionally, you should consider building any product you're considering from source code and deploying it to a test environment. This helps you confirm the functionality or viability of a product.
Security posture
If the parent company has not prioritized security during development or deployment, you stand to inherit significant liabilities. Pay attention to security practices in place, tooling implementation, level of expertise, and overall company strategy.
Make sure to weigh these factors with respect to the function of the product and how it is used. For example, if you are investing in financial software, security should carry more weight than with a system for something like internal scheduling.
Open source components
Nearly all software contains open source components of one sort or another. There is nothing wrong with this, provided that components are assessed for vulnerabilities and are used according to license. If not, you may be investing in a product that cannot be sold or distributed.
Request an inventory of any open source components in use from your investee. This inventory should include component names, versions, licenses, and implementations. If a component is only used internally, you are typically fine. However, if it is used in the product, you need to verify the health and licensing restrictions of the open source project.
Do Your Due Diligence
Technical due diligence is a process that promotes transparency, ensuring all relevant parties are provided with the information needed to calculate risks and evaluate proposals. While performing technical due diligence, there are many aspects you can investigate, but there are three considerations you should insist upon: software code review, security evaluation, and open source components compliance. These factors are crucial when investing in what is quickly becoming a digital-first economy.
