Posted by Phil Odence on March 27, 2018
Soon after Black Duck merged with Synopsys, I wrote about my initial impressions of the company, specifically as a home for the Black Duck On-Demand audit business. By way of update, in short, my initial, positive impressions hold. This is the right place for Black Duck and the audit business that so many in the industry have come to rely on.
, the Synopsys culture is extraordinarily well-aligned with the critical elements of our audit business: Maintaining trust through integrity, being hyper-responsive through execution and leading the market with superior services and tools. And all that with the same passion that drives my team every day. To be fair, those initial impressions were based on Synopsys’s “talking the talk.” However, a few months of “walking the walk” have only reinforced my conviction that we have a great home. Actually, these months have felt more like running the walk!
The company has been very sensitive to not compromising even an inch in these key areas. Thus, we have continued to run the business largely independently of the rest of the company. As we have been integrating into various Synopsys systems, the planning always starts with ensuring that nothing will impinge on our abilities. For example, selected team members have been testing Synopsys laptops for a month to ensure they can efficiently execute every aspect of their jobs before migrating over. And, be assured, we are extremely mindful of the importance of our discretion and confidentiality to customers. That is top of mind as we architect our networks, processes and systems going forward. We have assigned a top compliance attorney in Synopsys to maintain data-segregation within our trusted (as well as trusty) team.
Perhaps the most exciting aspect of the merger from the perspective of supporting M&A transactions is the opportunity to extend our offerings into security. Earlier this month, a Wall Street Journal article outlines the rising importance of cyber security in M&A and cites examples from ADP and The Home Depot.
Today, Black Duck On-Demand audits focus on open source components, licensing issues and known security vulnerabilities in those components. Albeit a critical aspect, this is only part of the software security story. The Software Integrity Group at Synopsys (SIG) offers a full range of services in software security that go beyond open source, from benchmarking security programs to reviewing software architecture to penetration testing to digging into the details of proprietary code to find critical coding errors. We are in the process of leveraging those capabilities to expand the menu of ways in which we can augment our customers’ due diligence efforts.
In the same way that Black Duck is the name in open source management, Forrester and Gartner have designated Synopsys the leader in software application security. An important component of that leadership is our vast security consulting resources and skills. Additionally, SIG augments our open source strength with additional security research capabilities. Did you know that our team in Finland discovered Heartbleed? (They were known as Codenomicon at the time, prior to their acquisition by Synopsys.)
It’s exciting to be associated with the leader and even more so to apply a new breadth of capabilities to helping clients who rely on Black Duck services to support their M&A due diligence.
As always, please feel free to contact me if you have questions or if I can be helpful. You can reach me at podence at synopsys.com.
Get the latest AppSec news and trends sent directly to you.