Software integrity vendor Synopsys announced on Nov. 1 that it is acquiring privately held Black Duck Software for $565 million, in a deal that is expected to close next month.
Black Duck Software develops a software composition analysis platform that is used by organizations to help them understand and secure their open-source software development efforts and deployments. The company was founded in 2002 and raised approximately $75.5 million in venture funding.
"Recent public security blunders have made it clear that open source code can be a vehicle or host for security vulnerabilities, and it's more important than ever for enterprises to understand and test the open-source content in their applications," Jim Ivers, vice president of marketing for the Software Integrity Group at Synopsys, told eWEEK.
Synopsys has a broad portfolio of software applications, including verification, design, silicon engineering and software integrity offerings. Black Duck will become part of the Software Integrity Group, whose goal is to help organizations verify and secure the integrity of software applications.
"This acquisition will add to the Synopsys portfolio, a well-known, complementary approach to software composition analysis that we believe will extend the depth of the Software Integrity portfolio," Ivers said.
Synopsys has been expanding its portfolio in recent years by way of acquisition. In November 2016, Synopsys acquired privately held security companies Cigital and Codiscope. In March 2014, it acquired static analysis vendor Coverity to help identify and detect software flaws.
While Synopsys has been growing, so too has Black Duck. The company reported in August that it attracted as many new customers in the first half of 2017 as it had in all of 2016. In addition, revenue for the Black Duck Hub open-source security platform was up 77 percent in the first half of 2017.
"We see great value in the Black Duck brand," Ivers said. "After the transaction closes, we will work closely with the Black Duck team to develop a go-forward integration plan that preserves and capitalizes on its brand value and elevates the combined entity. "
There may be some overlap between the Black Duck and Synopsys portfolios, according to Ivers, but the product sets are largely complementary. He added that while Black Duck will be integrated into the Synopsys Software Integrity Platform, Synopsis will explore additional places where the Black Duck technology can be integrated with static analysis tools, as well as Synopsys' Interactive Application Security testing (IAST) product.
"Until the acquisition closes, we cannot discuss specific integrations plans," Ivers said. "We believe the acquisition will extend the depth of the Software Integrity portfolio, strengthen the Synopsys brand and enhance our effectiveness in the IT security market.
"The acquisition creates cross-selling opportunities with other [Synopsys] Software Integrity tools and enables us to deliver leading software composition analysis technology to better serve our customers," he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.