3 reasons Synopsys is selling its app security business
Synopsys is selling its application security business to a private equity firm. Analyst David Vance explains why, as well as what it means for the industry.
Synopsys announced on May 6, 2024, that it is selling its application security business to private equity firms Francisco Partners and Clearlake Capital Group for $2.1 billion. The move was first mentioned during the company's fourth-quarter earnings call in November 2023.
With an increasing focus on the importance of cybersecurity, the move begs the questions, "Why?" and "Why now?"
Read on to learn the reasons behind the move and what it implies for the industry and Synopsys' application security business.
Synopsis of Synopsys
Synopsys, founded in 1986, has been a consolidator in the electronic design automation (EDA) space -- the category of software tools used to design semiconductor chips. Over the past 35-plus years, Synopsys has acquired dozens of technology companies.
In February 2014, Synopsys acquired a company outside of the EDA space: static code analysis vendor Coverity, for $375 million. It became the cornerstone of Synopsys' application security business unit, called Software Integrity Group (SIG).
Synopsys continued to invest in the area. In total, the company acquired 13 application security vendors between 2014 and 2023, including Codenomicon in 2015, Cigital in 2016, Black Duck Software in 2017 and WhiteHat Security in 2022. Through these acquisitions, Synopsys amassed a broad application security testing product portfolio and became the largest application security testing vendor by revenue, earning over $524 million in fiscal year 2023.
3 reasons Synopsys is spinning off SIG
With these successes, it might not be clear why Synopsys is selling its application security unit. Three major reasons contribute to the decision.
1. It's becoming a drag on the business
After Synopsys acquired Coverity in 2014, the company aspired to use its application security acquisitions to boost the overall business while also providing a growth advantage over its EDA competitors, such as Cadence Design Systems, Ansys and Mentor Graphics, now owned by Siemens.
The strategy of acquiring security products was a brilliant move at the time, albeit an unconventional one because Synopsys' core EDA business was not related to security and Synopsys' overall business was growing at a much slower rate compared to the rapidly growing security market.
Synopsys' security strategy was successful initially. The smaller SIG business unit grew at a faster rate than its larger core EDA business. As time went on, however, the scenario changed. Synopsys' more recent acquisitions weren't as successful revenue-wise as its earlier ones. Synopsys' failure to fully monetize some of its security acquisitions led to those acquisitions becoming a drag on the overall business instead of providing a lift.
While SIG was and still is growing, Synopsys hasn't found the same level of growth it experienced years ago. Spinning SIG out now provides a positive impact to the rest of Synopsys' business.
2. AI is boosting EDA
The 2023 AI explosion from technology companies, such as Microsoft, Google and Meta, created a wave of demand for semiconductor chips that power AI tools from chip manufacturers, such as Nvidia, AMD and Intel. This increased demand for semiconductors also increased demand for semiconductor design software -- Synopsys' core EDA business.
As a result, Synopsys has experienced a corresponding increase in demand for its EDA software that designs these chips. Synopsys no longer needs the boost SIG was originally intended to provide since its core EDA business is now experiencing increased growth.
3. Executive leadership changes
Executive leadership at Synopsys has experienced significant changes in recent years. In 2022, co-CEO Chi-Foon Chan and CFO Trac Pham retired. Shelagh Glaser became the new CFO. In January 2024, Sassine Ghazi was appointed CEO and former CEO Aart de Geus stepped back to an executive chairman role.
These changes are meaningful. The new leadership clearly doesn't appear to view SIG as a priority or critical to the overall business as the previous regime did. The SIG sale and the company's January 2024 announcement of intent to acquire EDA vendor Ansys makes it clear that Synopsys is focusing on its core EDA business going forward.
The future of application security and developer ecosystems
From an acquirer perspective, the sale of SIG to Francisco Partners and Clearlake is complementary to their existing investments. Francisco Partners and Clearlake own a stack in DevOps vendor Perforce Software, which has static code analysis products that slightly overlap with SIG. Francisco Partners also has an investment in application testing vendor SmartBear Software, which is also complementary to SIG.
As developer and application security markets continue to converge, it will be interesting to see if Francisco Partners and Clearlake combine SIG with its other investments to drive operating efficiencies for their customers. It will also be interesting to see how the acquisition helps the company compete against application security vendors, such as Checkmarx, Veracode, Mend.io and Contrast Security, as well as developer ecosystem vendors, such as GitHub and GitLab. Time will tell.
David Vance is a senior analyst covering risk and vulnerability management for TechTarget's Enterprise Strategy Group. He has more than 25 years of IT and cybersecurity experience helping clients be more successful in the market. David Vance previously worked at Synopsys.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.