Black Duck Software to Be Acquired by Synopsys for $565M

Over the summer, Black Duck Software CEO Lou Shipley told Xconomy that a potential acquirer would have to propose a “really good deal” for his company to agree to a sale.

Apparently, Black Duck got that offer. The Burlington, MA-based cybersecurity company announced Thursday it has agreed to be acquired by Mountain View, CA-based Synopsys (NASDAQ: SNPS) for about $565 million in cash, or $548 million net of cash acquired. The deal is subject to regulatory review and other closing conditions, and it’s expected to close in December, according to a press release.

Founded in 1986, Synopsys helps design and test silicon chips, and it also works in application security testing, among other products and services. The company has more than 11,000 employees, and it generated more than $2.4 billion in revenue last year.

Meanwhile, Black Duck has gone through several transformations since it got started in 2003. Under founding CEO Doug Levin, Black Duck made a name for itself by providing tools to help software developers vet the open-source code they use and make sure their work complies with licenses. Later, under the leadership of Tim Yeaton, Black Duck recast itself as a resource for developers seeking open-source components that could speed up their projects. The company says it has accumulated one of the most comprehensive databases of open-source assets.

Shipley (pictured above) was brought in to replace Yeaton in late 2013. Shipley opted to expand Black Duck’s offerings and focus more on cybersecurity—helping companies find and fix vulnerabilities in the open-source components they use.

The cybersecurity shift apparently paid off. In August, Black Duck told Xconomy it expected to generate around $75 million in annual revenue in 2017, up from about $58 million last year and $25 million in 2013. Black Duck has been cash-flow positive for the past two years, Shipley said in August.

Black Duck has raised $74 million from investors. Shipley told Xconomy in August that Black Duck planned to raise more venture capital to fund acquisitions in areas like cloud security and “DevOps”—the tools and services for software development and IT operations.

Instead, Black Duck opted to sell to a bigger company, marking the latest acquisition of a Boston-area cybersecurity firm. Other deals this year in the local sector include Veracode’s $614 million acquisition by CA Technologies, DataGravity’s sale to HyTrust, and Rapid7’s purchase of Komand.

Meanwhile, there was renewed chatter this week that local cybersecurity firm Carbon Black is considering an IPO, according to sources that spoke with the Boston Business Journal.

Trending on Xconomy