ADVISORY / BUYER SIDE
Open source license risk advisory services.
Open source license risk advisory services from an independent, buyer side firm. Whether you need to size exposure from a relicensing event, negotiate a commercial license, plan a migration, or run diligence on an acquisition, start with the engagement that matches your situation. Every engagement is paid only by you, with no vendor or reseller relationship.
These engagements share one method and differ only in focus. An assessment maps where affected components sit and sizes the exposure. An advisory engagement goes deep on a specific vendor or license, such as the HashiCorp Business Source License change or the Redis and Elastic moves. A negotiation engagement puts independent leverage behind your commercial license talks. A remediation engagement plans and validates the path off a risky dependency.
If you are not sure where to begin, a risk assessment is almost always the right first step, because every later decision rests on an accurate map. Each engagement below links to a fuller description. All of our work is commercial and licensing risk advisory, not legal advice; for interpretation of license terms we work alongside your own counsel.
Open source licensing risk assessment
ASSESSMENTMap your open source blast radius
ASSESSMENTOpen source license audit service
ASSESSMENTOpen source license compliance assessment
HASHICORP BSLTerraform BSL exposure assessment
HASHICORP BSLHashiCorp license change advisory
HASHICORP BSLBSL license risk advisory
DATABASESRedis license change advisory
DATABASESElastic license change advisory
DATABASESMongoDB SSPL risk review
SSPLSSPL license risk advisory
AGPLAGPL compliance risk review
SOURCE AVAILABLESource available license advisory
NEGOTIATIONCommercial license negotiation
REMEDIATIONOpen source migration advisory
REMEDIATIONOpen source remediation consultant
REMEDIATIONOpen source exit strategy advisory
GOVERNANCESoftware composition analysis advisory
GOVERNANCEOpen source policy development
GOVERNANCEOpen source program office advisory
M AND ADue diligence for acquirers
ADVISORYOpen source license risk consultant
BY ROLEOpen source risk for CISOs
BY ROLEOpen source risk for legal teams
BY ROLEOpen source risk for procurement teams
COMMON QUESTIONS
Questions buyers ask.
What does an open source license risk advisory engagement involve?
Most engagements start by mapping where affected components sit and how each is used, then sizing the exposure in plain commercial terms. From there we help you choose and execute a path: confirm safe use, move to a fork, stay on a converted version, or negotiate a commercial license.
Are you independent?
Yes. We are independent and buyer side. We take no payment from software vendors or resellers and hold no reseller relationships. We are paid only by the buyer, which keeps our advice aligned with your interests.
Which engagement should I choose first?
If you are responding to a specific relicensing event, choose the matching advisory. If you want the full picture across your estate, start with a risk assessment. If you are mid negotiation, the commercial license negotiation engagement adds independent leverage.
Is this legal advice?
No. We provide commercial and licensing risk advisory. For interpretation of a specific license and whether your use is permitted, we recommend your own counsel, and we routinely work alongside it.
How confidential is the work?
Engagements are confidential. Findings are shared with you and the stakeholders you choose. The goal is to map and contain exposure quietly, before a vendor or auditor raises it.
CONFIDENTIAL ASSESSMENT
Start with a confidential risk assessment.
Tell us what you run and what changed. We size the exposure and recommend a path. Independent, buyer side, paid only by you.
Not ready to talk? Read the free open source license risk guides first.