Synopsys thinks it has found a beautiful swan in Black Duck Software. While the 14-year-old Boston-area company was by no means an “ugly duckling” before, it has transformed several times on the way to its half-billion-dollar sale to Synopsys—and it will likely continue to grow and change under its new parent company.
Mountain View, CA-based Synopsys announced plans Thursday to acquire Burlington, MA-based Black Duck for $565 million, or $548 million net of cash acquired. The cash deal, which is expected to close next month, validates Black Duck’s revamped strategy under CEO Lou Shipley, who joined four years ago and shifted the company to focus on cybersecurity tools for business software that uses open-source components.
Black Duck has said it was losing money when Shipley joined, but it apparently righted the ship. The business has been cash-flow positive for the past two years, and it expects to generate $75 million in revenue this year, up from $58 million last year, Black Duck told Xconomy in August.
The acquisition is an indication of the growing use of open-source code, and, subsequently, a rising need to find and fix vulnerabilities in open-source software. Up to 80 percent of applications now are composed of open-source code, Shipley says.
The deal is also an endorsement of the Boston-area cybersecurity sector, Shipley says.
“When a company comes to buy and pays a good price like that, it just shows the value we have in the market and the value of our workforce and the vibrancy of the” local sector, Shipley says. Other Boston-area cybersecurity deals this year include Veracode’s $614 million acquisition by CA Technologies (also in the field of application security), DataGravity’s sale to HyTrust, and Rapid7’s purchase of Komand.
Black Duck previously raised $74 million from investors, including Intel Capital, Fidelity Ventures, SAP Ventures, General Catalyst Partners, and Red Hat. Over the past few months, Black Duck was eyeing another investment round, and it had interest from venture capitalists and private equity firms, Shipley says. But the offer that Synopsys made was too good to pass up. Shipley says it was “a very good outcome for investors and employees.” (As part of the deal, Synopsys will assume an undisclosed amount of Black Duck employees’ unvested equity, according to a press release.)
Acquisitions often involve layoffs as the companies consolidate operations, but Shipley says there are “no plans” for layoffs and the “vast majority” of Black Duck’s approximately 400 employees will join Synopsys. Shipley is one of them, he says.
Shipley says his exact role and title haven’t been determined, but he will report to Andreas Kuehlmann, the senior vice president and general manager of Synopsys’s software integrity group. As for Black Duck, Shipley says he doesn’t know if the company will be structured as a subsidiary, but he believes Synopsys plans to keep the Black Duck brand name.
Founded in 1986, Synopsys (NASDAQ: [[ticker:SNPS]]) is best known for selling technology and services that help customers design and test silicon chips. The company has more than 11,000 employees, and it generated more than $2.42 billion in annual revenue last year, up 8 percent from $2.24 billion the year before.
Over the past three years, Synopsys has expanded into software tools aimed at helping developers ensure the quality and security of their code. Synopsys made several acquisitions to build up its offerings in this area, including buying San Francisco-based Coverity in 2014 for $375 million; Finland-based Codenomicon for an undisclosed price in 2015; and Cigital and its spinoff Codiscope last year for an undisclosed amount. Black Duck fills a hole in Synopsys’s capabilities, giving it a strong set of open-source security and license compliance products, Shipley says.
“I think they concluded it was better to buy than try to build,” he says. “They’re really serious about winning in the security and quality market. And we feel like we’re really lucky to join a market leader, and build a powerful company together.”