Synopsys to Enhance Software Integrity Platform with Acquisition of Black Duck Software

Black Duck provides automated alerts for any newly discovered vulnerabilities affecting the open source code

Synopsys Inc. and Black Duck Software Inc. have signed a definitive agreement for Synopsys to acquire privately held Black Duck, a leader in automated solutions for securing and managing open source software.

The addition of Black Duck's highly respected Software Composition Analysis solution will enhance Synopsys' efforts in the software security market by broadening its product offering and expanding its customer reach.

Under the terms of the definitive agreement, Synopsys will pay approximately $565 million, or $548 million net of cash acquired. In addition, Synopsys will assume certain unvested equity of Black Duck employees. The transaction will be funded by Synopsys with U.S. cash, and is subject to Hart Scott Rodino regulatory review and other customary closing conditions. The acquisition is expected to close in December 2017.

"Our vision is to deliver a comprehensive platform that unifies best-in-class software security and quality solutions," said Andreas Kuehlmann, senior vice president and general manager of the Synopsys Software Integrity Group.

"Development processes continue to evolve and accelerate, and the addition of Black Duck will strengthen our ability to push security and quality testing throughout the software development lifecycle, reducing risk for our customers. We look forward to working with Black Duck's experienced team as we drive our combined solution to the next level of value for our customers."

Software development is undergoing sweeping and rapid change, including the increasing use of open source software (OSS), which makes up 60 percent or more of the code in today's applications. While the use of open source code lowers development costs and speeds time to market, it has been accompanied by significant security and license-compliance challenges, because most organizations lack visibility into the OSS in use.

Black Duck's industry-leading products automate the process of identifying and inventorying the open source code, detecting known security vulnerabilities and license compliance issues. It also provides automated alerts for any newly discovered vulnerabilities affecting the open source code.

Customers are seeking to address security and quality as early as possible in the software development cycle to enable Continuous Integration/Continuous Delivery (CI/CD) and the move to the cloud. Given open source's prominence in application development, early identification of security and compliance issues increases the ability to deliver secure, high-quality software more quickly.

Barclays acted as exclusive financial advisor to Black Duck on this transaction.



Advertisement

Around The World