Synopsys, Inc. today announced it has signed a definitive agreement to acquire Codenomicon. The additional talent, technology and products will expand Synopsys’ presence in the software security market segment and extend the Coverity® quality and security platform to help software developers throughout various organizations quickly find and fix security vulnerabilities and protect applications from security attacks.
Based in Finland, Codenomicon Oy is well-known and highly respected in the global software security world with a focus on software embedded in chips and devices. Its customer base includes some of the world’s leading organizations in telecommunications, finance, manufacturing, software development, healthcare, automotive and government agencies. A team of security engineers at Codenomicon independently discovered the infamous Heartbleed bug while improving a feature in their security testing tools and reported it to the National Cyber Security Centre in Finland (NCSC-FI). A Codenomicon engineer is credited with naming the bug.
“Businesses are increasingly concerned about the security of their applications and protecting customer data. Adding the Internet of Things to the mix increases the complexity of security even further. During the past 15 months, the world was hit by major security breaches such as Heartbleed, Shellshock, etc.,” said Chi-Foon Chan, president and co-CEO of Synopsys. “By combining the Coverity platform with the Codenomicon product suite, Synopsys will expand its reach to provide a more robust software security solution with a full set of tools to help ensure the integrity, privacy and safety of an organization’s most critical software applications.”
Codenomicon’s solutions will help Synopsys deliver a more comprehensive security offering for the software development lifecycle by adding its Defensics® tool for file and protocol fuzz testing, and its AppCheck™ tool for software composition analysis and vulnerability assessment.
The Codenomicon Defensics tool used to discover the Heartbleed bug automatically tests the target system for unknown vulnerabilities, helping developers find and fix them before a product goes to market. It is a systematic solution to make systems more robust, harden them against cyber-attacks and mitigate the risk of 0-day vulnerabilities. The Defensics tool also helps expose failed cryptographic checks, privacy leaks or authentication bypass weaknesses. The Defensics tool is heavily used by buyers of Internet-enabled products to validate and verify that procured products meet their stringent security and robustness requirements.
The Codenomicon AppCheck tool adds software composition analysis (SCA) capabilities to the Coverity platform, helping customers reduce risks in third-party and open source components. When using the AppCheck tool, customers are able to obtain a software bill of materials (BOM) for their application portfolios, and identify components with known vulnerabilities.
“Since our inception, Codenomicon has focused on making the world a safer place by giving organizations the visibility and real-time intelligence necessary to effectively protect their software assets against security vulnerabilities,” said Rauli Kaksonen, co-founder of Codenomicon. “By adding our pioneering solutions to Synopsys’ Coverity platform, we can extend these benefits to a broader audience and help reduce risk across a range of industries and applications.”
The terms of the deal, which is not material to Synopsys financials, have not been disclosed. The transaction is subject to customary closing conditions and is expected to close within 30 days.
Synopsys, Inc. (synopsys.com) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As the world’s 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP, and is also a leader in software quality and security testing with its Coverity® solutions. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest quality and security, Synopsys has the solutions needed to deliver innovative, high-quality, secure products.
This press release contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, including statements regarding the pending acquisition of Codenomicon, the expected benefits of the transaction, and the expected integration of Codenomicon’s products and technology. Forward-looking statements are subject to both known and unknown risks and uncertainties that may cause actual results to differ materially from those expressed or implied in the forward-looking statements, and that are outside Synopsys’ control. Synopsys cautions stockholders and prospective investors not to place undue reliance on these statements. Such risks and uncertainties include, among others: the ability of the parties to consummate the acquisition in a timely manner or at all; the satisfaction of the conditions precedent to consummation of the acquisition; the effect of the announcement of the pending acquisition on Synopsys’ and Codenomicon’s respective businesses, including possible delays in customer orders; Synopsys’ ability to operate or integrate Codenomicon’s business and technologies with its own successfully, which may include a potential loss of customers, key employees, partners or vendors; difficulties in entering into new markets in which Synopsys is not experienced; and uncertain customer demand and support obligations for integrated product offerings. Other risks and uncertainties that may apply are set forth in the Risk Factors section of Synopsys’ most recently filed Quarterly Report on Form 10-Q. Synopsys assumes no obligation to update any forward-looking statement contained in this press release.
Investor Contact: Lisa Ewbank - Synopsys, Inc.