Skip to content

Due diligence

Due diligence is a legal term to describe the process of compliance and risk analysis. In the context of open source, the term is often used in a broader sense, to consider also the risks to an organization's reputation and liability.

The features of a due diligence analysis are heavily dependent upon the nature of the project, but may include:

  • Identification of the authors of the project in order to ascertain the copyright holders.
  • Determining the use and risk of dependencies, to prevent for instance use of unmaintained or otherwise unwanted dependencies for reasons such as license incompatibility.
  • Assessing the security and reputational risks associated with the project, to prevent for instance the creation of new attack vectors and their public coverage.
  • Clearing potential liability concerns, to prevent for instance targeting military (see CERN's restrictions in this area) or health applications.
  • Reviewing the code / design, to prevent for instance reputational damage due to publishing something of inadequate quality.

Due diligence features evolve through the lifetime of a project and should be re-assessed on a regular basis.