Synopsys and Black Duck Software have signed a definitive agreement for Synopsys to acquire privately held Black Duck, provider of automated solutions for securing and managing open source software. The addition of Black Duck's Software Composition Analysis solution will enhance Synopsys' efforts in the software security market by broadening its product offering and expanding its customer reach.
Under the terms of the definitive agreement, Synopsys will pay approximately $565m, or $548m net of cash acquired.
In addition, Synopsys will assume certain unvested equity of Black Duck employees. The transaction will be funded by Synopsys with US cash, and is subject to Hart Scott Rodino regulatory review and other customary closing conditions. The acquisition is expected to close in December 2017.
"Our vision is to deliver a comprehensive platform that unifies best-in-class software security and quality solutions," said Andreas Kuehlmann, Senior Vice President and General Manager of the Synopsys Software Integrity Group.
"Development processes continue to evolve and accelerate, and the addition of Black Duck will strengthen our ability to push security and quality testing throughout the software development life cycle, reducing risk for our customers. We look forward to working with Black Duck's experienced team as we drive our combined solution to the next level of value for our customers."
Software development is undergoing sweeping and rapid change, including the increasing use of Open Source Software (OSS), which makes up 60% or more of the code in today's applications.
While the use of open source code lowers development costs and speeds time to market, it has been accompanied by significant security and license-compliance challenges, because most organisations lack visibility into the OSS in use.
Black Duck's products automate the process of identifying and inventorying the open source code, detecting known security vulnerabilities and license compliance issues.
It also provides automated alerts for any newly discovered vulnerabilities affecting the open source code.
Customers are seeking to address security and quality as early as possible in the software development cycle to enable Continuous Integration/Continuous Delivery (CI/CD) and the move to the cloud. Given open source's prominence in application development, early identification of security and compliance issues increases the ability to deliver secure, high quality software more quickly.
"Today, software security is top of mind for every organisation and their Boards of Directors. As reliance on open source grew rapidly over the last decade because of its economic value, most organisations have struggled in their efforts to secure and manage it effectively. Many high profile, costly breaches resulted. Our rapid growth and success over the last four years is evidence that organisations are taking open source security very seriously," said Lou Shipley, Chief Executive Officer of Black Duck.
"We're excited to join an organisation that shares our commitment to addressing security and quality issues at the earliest phases of the software development process. Doing so will enable us to provide leading solutions that enable customers to develop and deliver more secure and higher-quality software faster than ever before."
While Synopsys has not yet provided financial guidance for fiscal 2018, the preliminary review indicates that, due to the impact of purchase accounting and the associated deferred revenue haircut of approximately $25-30m, Synopsys expects Black Duck to contribute approximately $55-60m to fiscal 2018 revenue.
Synopsys currently expects the acquisition to be approximately 12 cents dilutive to 2018 non-GAAP earnings per share, reach break-even in the second half of 2019, and be accretive thereafter (all on a non-GAAP basis).
Investors should no longer rely on previous preliminary commentary regarding 2018 consensus estimates.
Barclays acted as exclusive financial advisor to Black Duck on this transaction.