Today Black Duck signed a definitive agreement to be acquired by California-based Synopsys, Inc., one of the top 20 largest software companies in the world and a market leader in Electronic Design Automation and Semiconductor IP, with more than $2.5 billion in annual revenue and 11,000 employees.
The jaded reaction to the news might be: “Yeah, so what? A big successful tech company is about to swallow a small tech upstart. Happens all the time. Move along, nothing to see here.”
While it’s true that privately held, 400-employee Black Duck is tiny in comparison to Synopsys, there is much more to the transaction than meets the eye of a casual observer because Black Duck is the acknowledged global leader in automated solutions for securing and managing open source software, which just happens to be the lifeblood of 21st century application development.
Synopsys’ forward-thinking executives wisely recognized that by having Black Duck’s open source security and management software in their security solutions portfolio, they will have a key piece of technology to enhance their enterprise-level, end-to-end security platform on a global scale and complement perfectly their leading security and quality products and services offerings in their Software Integrity Group.
Black Duck may be diminutive in size, but our software delivers a big value punch because it solves a challenge that most companies are struggling with today.
Consider two things that will put the size of the deal in perspective – Synopsys will pay approximately $565 million ($550 million net of cash) to acquire Black Duck – and underscore its importance.
First, even before the Equifax hack highlighted the risk of known open source security vulnerabilities, worries about software security have been keeping CEOs and Boards of Directors awake at night for the last several years. Costly, brand eroding security breaches such as Equifax’s are to be avoided at all costs.
Second, open source software is preeminent in the development of modern applications because of its economic, time-to-market and innovation benefits. Once a speck in the tech universe, open source comprises up to 80% of the code in contemporary applications. Netflix, Amazon, Facebook and Uber are all leveraging open source to differentiate and dominate in their markets.
Yet, despite the global dependence on open source, most companies are ineffective in securing and managing it because they lack good visibility into the oceans of open source software they are using. Organizations simply cannot effectively secure, control and manage what they can’t see.
Black Duck, which has 15 years of experience and expertise in all things open source, is the best in the world at enabling companies to automatically identify and inventory their open source, detect known open source vulnerabilities and dynamically monitor the open source inventory, providing proactive alerts if newly discovered open source vulnerabilities affect it.
Black Duck’s capabilities combined with Synopsys’ static analysis, protocol fuzzing, interactive application security testing and world class application security services, will provide customers with a powerful comprehensive security testing solution. That’s a very big deal.
If my assertions about Black Duck’s value are all true, a fair question might be why didn’t we simply continue to go it alone and grow organically?
To be honest, we thought about that long and hard over the last 12-15 months and had many pro and con discussions, but, in the end, we realized that in saying “yes” we were acting in the best interest of Black Duck’s many important constituencies.
Saying “yes” is in the best interests of our customers, who will have access to a wider array of security solutions from a single trusted vendor; in the best interests of our large and patient investors who funded Black Duck in its earliest days more than a decade ago; and in the best interests of our individual shareholders, the majority of whom are employees.
Saying “yes” will create near-term and long-term globalmarket opportunities and employee-growth possibilities that simply would not have been possible as a small private company.
Saying “yes” puts us together with a well-respected company that not only shares our vision of building security and quality into the software development lifecycle and across the cyber supply chain, but also shares our commitment to employee development and high integrity relationships with customers.