Synopsys said on Thursday that it would pay $565 million for Black Duck Software, whose tools pinpoint security and licensing oversights in the growing thicket of open source code used in millions of gadgets.
Black Duck’s products scan through a company’s code to highlight the open source software within. They automatically detect known security vulnerabilities and license compliance issues. The firm, which employs around 400 people, also provides automated alerts for any new security vulnerability. Its customers include Intel, Siemens, and Magneti Marelli.
With the deal, Synopsys is trying to make life easier for engineers using increasing amounts of open source software like Yocto and Linux. Today, open source software makes up more than 60% of all application code, Synopsys said. It can reduce costs and programming time for start-ups and for companies making Internet of Things devices.
Black Duck’s software could also assist embedded engineers. Nine of out ten developers targeting the Internet of Things use code from open sources, according to a report published last year by Vision Mobile. In a recent Electronic Design survey, more than 60% agreed that support for open source tools is readily available. Another 60% disagreed that the code is less reliable than proprietary operating systems and other software.
Lou Shipley, chief executive of the Burlington, Massachusetts-based Black Duck, wrote in a blog post that “most companies are ineffective in securing and managing it because they lack good visibility into the oceans of open source software they are using. Organizations simply cannot effectively secure, control and manage what they can’t see.”
Synopsys sells electronic design automation software to chip companies, but it has also expanded into tools that test software quality and security. In 2014, it spent $375 million to buy Coverity, whose static analysis tools detect software flaws without executing a program. The company plans to close the Black Duck deal next month.
“Development processes continue to evolve and accelerate, and the addition of Black Duck will strengthen our ability to push security and quality testing throughout the software development lifecycle, reducing risk for our customers,” said Andreas Kuehlmann, senior vice president of Synopsys’ software integrity group, in a statement.
