Audits are useful, but they can be overkill depending on the situation. They are never wrong, of course. I like to say that they are like insurance -- it's never wrong to buy it, but you might be insuring against risks that are very unlikely to arise. Disclosures are very important, not only for the information they convey, but how they demonstrate internal open source compliance processes. If a company (usually in an M&A, investment or sales deal) delivers a disclosure that is unprofessional or lacking information (or the clearly-inaccurate "we don't use any open source"), then it's often best to do an audit. But if the disclosure looks good, then an audit usually doesn't yield any additional material risks.
Thanks for the question!
For further actions, you may consider blocking this person and/or reporting abuse
A community for COSS builders, founders, consumers, investors, and fans.
Hi Melody!
Audits are useful, but they can be overkill depending on the situation. They are never wrong, of course. I like to say that they are like insurance -- it's never wrong to buy it, but you might be insuring against risks that are very unlikely to arise. Disclosures are very important, not only for the information they convey, but how they demonstrate internal open source compliance processes. If a company (usually in an M&A, investment or sales deal) delivers a disclosure that is unprofessional or lacking information (or the clearly-inaccurate "we don't use any open source"), then it's often best to do an audit. But if the disclosure looks good, then an audit usually doesn't yield any additional material risks.
Thanks for the question!