Software Due Diligence

The 10 Red Flags in a Target's Software Estate

The warning signs that tell a buyer where inherited licensing exposure is most likely hiding, none of which show on a clean set of invoices, and how to escalate each one before close.

The 10 red flags in a target software estate are the warning signs that tell a buyer where inherited licensing exposure is most likely to be hiding. None of them are visible in a clean set of maintenance invoices, and most are missed by financial, legal and IT diligence. Knowing them lets a deal team escalate the right areas quickly, before a publisher does it for them after close. This guide is the field companion to the broader software due diligence method.

A red flag is not proof of exposure. It is a signal that an area deserves measurement rather than a reassuring representation. Treated that way, the list below turns a large and unfamiliar estate into a ranked set of things to test.

The 10 red flags in a target software estate

The flags fall into a rough order of severity. The most serious is the simplest: no effective license position exists, which means the estate has never been measured against entitlement and any claim of compliance rests on assumption. Close behind are unmeasured virtualisation and undocumented entitlement, the two drivers behind most large on premises settlements.

How often each red flag signals material exposureBar chart showing the relative likelihood that each red flag in a target software estate points to material licensing exposure, led by unmeasured virtualisation and undocumented entitlement.How often each red flag signals material exposureHighUnmeasuredvirtualisationHighUndocumentedentitlementHighIndirectaccessMediumAuto renewingSaaSMediumOpen sourcesprawl

Indirect access is the flag that catches buyers by surprise most often. When connected systems reach a core ERP, a publisher can claim the users behind them require licensing. As of mid 2025, SAP pursued AB InBev for a reported 600 million dollars and Diageo for a reported 60 million in disputes tied to indirect and inherited licensing, which is why a connected system touching SAP or Oracle is always worth escalating.

The 10 red flags in a target software estate
Red flagWhat it signalsBuyer action
No effective license position existsThe estate has never been measured against entitlementBuild the position before relying on any compliance representation
Virtualisation with no core measurementLikely Oracle or IBM exposure pulled in by host countsMeasure cores in scope under each publisher partitioning rules
Entitlement evidenced only by the latest renewalInherited and historical licenses are undocumentedReconstruct the full entitlement history before signing
Connected systems touching a core ERPIndirect or digital access exposure on SAP or OracleMap every system that reaches a licensed product
Auto renewing SaaS with no usage reviewOverspend on unused seats and locked in contractsReconcile active versus paid seats before renewal
Open source with no inventoryUnmanaged license obligations in the productInventory components and review their obligations
A recent or pending publisher auditKnown exposure the seller may be understatingDemand the audit status and quantify the worst case
Software from past acquisitions never integratedStranded and duplicated licensing across entitiesReconcile the combined estate and remove duplication
Maintenance lapses on key productsReinstatement and back support costs raise the cure pricePrice the reinstatement cost into any cure estimate
No owner for software licensingNo one can defend the estate in an auditAssume the estate is unmanaged and scope accordingly

Why these flags hide from standard diligence

Each red flag shares a common trait: it lives in the gap between what a target pays and what it deploys, and that gap is exactly what financial, legal and IT diligence do not measure. An invoice shows spend, a contract shows terms, and an architecture review shows systems, but none of them counts cores against entitlement or maps indirect access. The flags are visible only to a review built to look at licensing as its own discipline, which is why they so often survive into ownership. The mechanism is explained in how latent licensing exposure hides from diligence.

Key takeaways

  • A red flag signals an area to measure, not proof of exposure, and turns a large estate into a ranked test list.
  • The most serious flag is the simplest: no effective license position exists, so compliance rests on assumption.
  • Unmeasured virtualisation and undocumented entitlement drive most large on premises settlements.
  • Indirect access through connected systems is the flag that surprises buyers most often.
  • All ten share one trait: they live in the gap between what a target pays and what it deploys.

How many flags should change the deal

A single red flag rarely sinks a deal, but a cluster of them changes how a buyer should read the whole estate. When several flags appear together, an unmeasured estate, undocumented entitlement and a pending audit, for example, the signal is no longer about one publisher but about an organisation that has never managed its software. That pattern justifies widening the scope, raising the contingency in the model, and insisting on broader indemnities, because the exposure is likely to extend beyond the areas the team had time to measure. Reading the flags collectively, not just individually, is part of turning them into a commercial judgement rather than a checklist.

How to act on the red flags

A red flag should trigger measurement, not a note in a report. When a flag appears, the area moves up the scope and is quantified into an exposure range, which then feeds the deal terms. A pending publisher audit, for example, is not just a disclosure to record. It is a known exposure to size against the worst case and to reflect in price or indemnity. The same applies to software inherited from the target own past acquisitions, which routinely carries stranded and duplicated licensing across entities.

From red flags to a priced position

The value of the list is that it shortens the path from a large unknown estate to a priced position. By escalating the flagged areas first, a buyer concentrates limited diligence time where exposure is most likely, and arrives at a quantified position faster. Those numbers then become levers, as set out in quantifying software audit exposure before you sign, and the publisher specific detail is in vendor specific diligence.

Recommendations for buyers

  1. Treat every red flag as a prompt to measure, not a representation to accept at face value.
  2. Escalate unmeasured virtualisation, undocumented entitlement and indirect access first, as they drive the largest settlements.
  3. Size a pending or recent publisher audit against the worst case rather than recording it as a simple disclosure.
  4. Reconcile software inherited from the target own past acquisitions, where stranded and duplicated licensing collects.

Used as a screen at the start of diligence, the ten flags make the rest of the software due diligence method faster and sharper. The full workstream is delivered through our software due diligence service.

Independent and buyer side. We act only for the acquirer. We hold no affiliation with any software publisher or reseller and are paid solely by you. This page is commercial and licensing guidance, not legal advice. Confirm any contractual interpretation with your own counsel.

Frequently asked questions

What are the red flags in a target software estate?

They are warning signs that inherited licensing exposure may be hiding, such as no effective license position, unmeasured virtualisation, undocumented entitlement, indirect access through connected systems, and auto renewing SaaS with no usage review.

What is the most serious red flag?

That no effective license position exists, meaning the estate has never been measured against entitlement. Any claim of compliance then rests on assumption rather than evidence.

Why do these red flags hide from standard diligence?

Because each lives in the gap between what a target pays and what it deploys. Financial, legal and IT diligence measure spend, contracts and systems, but not cores against entitlement or indirect access.

Why is indirect access such a common red flag?

Because connected systems that reach a core ERP can require licensing for the users behind them. As of mid 2025 SAP pursued AB InBev for a reported 600 million dollars in disputes tied to indirect and inherited licensing.

What should a buyer do when a red flag appears?

Escalate the area, measure it, and quantify it into an exposure range that feeds the deal terms. A red flag should trigger measurement, not just a note in the report.

Do red flags prove there is exposure?

No. A red flag signals an area that deserves measurement rather than a reassuring representation. Some flags resolve cleanly once tested, while others reveal material exposure.

Screen your target for these red flags.

We screen the target estate for the red flags that signal hidden exposure, measure the ones that matter, and hand you a quantified position before you sign.

Request a software due diligence