Software security issues aren’t going away anytime soon, as proven by the recently disclosed colossal breach at Marriott. Sure, we could rehash the typical post-mortem responses such as securing the software development life cycle, shifting left, DevSecOps, or other industry buzzwords associated with today’s security concerns. But in regard to Marriott’s recent breach, which affected over 500 million customers, it’s critical to look at a different aspect of security: the software exposure before and after mergers and acquisitions (M&A).