Black Duck’s security technology automates the detection of vulnerabilities and compliance issues in open source software. It also provides automated alerts for any newly discovered vulnerabilities affecting the open source code.
Developers are increasingly using open source software because it lowers development costs and speeds time to market. But it also has security and license-compliance challenges because most companies lack visibility into the open source software that they are using.
“Recent, high-profile security breaches have made it clear that open source code can be a vehicle or host for vulnerabilities, and it’s more important than ever for enterprises to understand and test the open source content in their applications,” said Jim Ivers, VP of marketing for the Software Integrity Group at Synopsys, in an email. “Black Duck is an established leader in Software Composition Analysis (SCA) products, which enables organizations to identify open source components in their software and check those components for known security vulnerabilities and license compliance issues. With analysts reporting that open source software makes up 60 percent or more of the code in today’s applications, this capability is rapidly gaining prominence as an essential component of the secure software development lifecycle.”
Ivers added he expects the acquisition to “enhance [Synopsys’] effectiveness in the IT security market.”
The Black Duck software will be integrated into Synopsys’ Software Integrity Platform. Ivers said that after the deal closes, which is expected to happen in December, Synopsys will continue to “sell products as-is, while the teams work together to develop the combined roadmap.”
Synopsys expects Black Duck to contribute about $55 million to $60 million in fiscal 2018 revenue. It also expects the acquisition will dilute its 2018 non-GAAP earnings by about 12 cents per share, reaching break-even in the second half of 2019, and be accretive thereafter.