Synopsys Buys Black Duck, Eyes Open Source Security

Dan Gunderman

Chip innovator Synopsys Inc. has expanded its security portfolio with latest deal.

On Thursday, the company announced its acquisition of Black Duck Software Inc., in a half-a-billion-dollar deal that will find Synopsys bolstering defense in open source coding. Synopsys’ purchase amounts to around $565 million, or $548 million net of cash acquired.

Black Duck is a 15-year-old, Massachusetts-based company that focuses on security vulnerabilities and compliance issues with open source software. This is a format that has been adopted for upwards of 60% of today’s software applications.

Synopsys, of Mountain View, Calif., deals mostly in silicon chip design, verification, IP integration and application security testing.

In the announcement of the deal, Black Duck’s CEO, Lou Shipley, said, “As reliance on open source grew rapidly over the last decade because of its economic value, most organizations have struggled in their efforts to secure and manage it effectively.”

He continued, “Many high-profile, costly breaches resulted. Our rapid growth and success over the last four years is evidence that organizations are taking open source security very seriously.”

Synopsys expects Black Duck to add between $55 and $60 million to its 2018 revenue. This comes after the transaction will likely hit Synopsys’ stock value at around 12 cents per share. But the forecast is bright – the California-based company projects that the move will prove fruitful come 2019. It will break even by the second half of that year, and subsequently become accretive.

See related: Bitdefender, WatchGuard Join Forces On Malware Defense

Senior Vice President and General Manager of the Synopsys Software Integrity Group, Andreas Kuehlmann, said, “Our vision is to deliver a comprehensive platform that unifies best-in-class software security and quality solutions.”

He continued, “Development processes continue to evolve and accelerate, and the addition of Black Duck will strengthen our ability to push security and quality testing throughout the software development lifecycle, reducing risk for our customers.”

Since its founding, Black Duck has raised more than $75 million and has boasted big-name investors including Intel Capital, Sapphire Ventures, General Catalyst and next47, according to the Silicon Valley Business Journal.

The acquisition also adds credence to the argument that technology companies are increasingly on the lookout for ways to both test and widen their security offerings – in a year where breaches have been unprecedented. This is especially true in an open source format, where compliance issues can be more complex – as opposed to proprietary or closed source software.

In open source, modifications can be made to a code to facilitate both collaboration and growth, where cutting, pasting and sharing can uncover new ways to secure software. Conversely, closed source software relies on shuttered up code, so to speak, that cannot be dealt with openly (Microsoft, Adobe Photoshop, etc.). Only original authors have access to the code, whereas in open source, there is a heightened visibility.

Much of the software applications used today rely on open source codes, which for security purposes can mean a certain streamlining – as vulnerabilities may be spotted and/or adjusted faster than proprietary software.

Nevertheless, with each new or proliferating technology comes a set of barriers that need to be fleshed out, identified and handled swiftly – hence Shipley’s reference to breaches in the open source platform. It’s no secret, then, that enterprises seek to integrate a versatile, well-tested solution.