Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

11/3/2017
09:40 AM
100%
0%

Synopsys to Buy Black Duck Software for $565 Million

The acquisition signifies the growth of open source software and need to secure software early in development.

Synopsys, a firm focused on silicon chip design and application security testing, will acquire Black Duck Software, which builds products to automate the process of securing and managing open source software. The acquisition will be funded in cash and is expected to close in December.

As part of the deal Synopsys will pay $565 million, or $548 million of cash acquired, and assume certain unvested equity of Black Duck employees.

This transaction is another sign software development is shifting to open source, which has grown due to its lower development cost and quick speed to market. However, poor visibility into open source software (OSS) has businesses concerned about security and compliance.

OSS makes up 60% or more of code in today's applications, Synopsys reports in a release. It seems Synopsys is planning to leverage Black Duck's technology, which scans open source code for security vulnerabilities and compliance issues, to stay ahead of the game in software security.

Read more details here.

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13616
PUBLISHED: 2020-05-26
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
CVE-2020-13614
PUBLISHED: 2020-05-26
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.
CVE-2020-13615
PUBLISHED: 2020-05-26
lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates.
CVE-2020-9046
PUBLISHED: 2020-05-26
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.
CVE-2020-12388
PUBLISHED: 2020-05-26
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.