Why Synopsys wants to sell its application security testing business

Nearly a month after Synopsys snapped security IP supplier Intrinsic ID, the Silicon Valley-based firm is reported to have reached closer to selling its software integrity group (SIG), which specializes in application security testing for software developers.

A Reuters report published last week claims that a private equity consortium led by Clearlake Capital and Francisco Partners is in advanced talks to acquire the SIG unit for more than $2 billion, and the deal is anticipated to be announced as early as this week. Synopsys telegraphed the intention to divest its security software business late last year.

The acquisition as well as divesture activities have a strong imprint of Sassine Ghazi’s vision for the company’s future roadmap. Source: Yahoo Finance

Synopsys CEO Sassine Ghazi told the press in March 2024 that around three dozen buyers had shown interest in the SIG unit, and the company was narrowing down the list of potential suitors to half a dozen. Synopsys board has already approved the initiation process for the sale of the SIG unit.

Synopsys has significantly grown its application security test business after acquiring software testing firm Coverity in 2014. Next year, it scooped software security vendor Codenomicon, followed by the acquisition of open-source security vendor Black Duck Software in December 2017.

In June 2021, Synopsys snapped application security risk management firm Code Dx, and a year later, it acquired WhiteHat Security to offer automated protection for web applications in production environments. So, while Synopsys has significantly grown its application security testing business over the years and is one of the key players in this market, why does it want to sell it now?

First, it’s a highly competitive market, and Synopsys has seen its profit margins steadily decline over the past years. Second, and more importantly, Synopsys is streamlining its focus on EDA and IP businesses, so a move away from the application software business seems logical in that context.

A few months before acquiring Intrinsic ID’s IP business for physical unclonable function (PUF) incorporated into system-on-chip (SoC) designs for security capabilities like identification, Synopsys made waves by buying Ansys, an EDA outfit hyper-focused on simulation software. This acquisition is expected to extend Synopsys’ core EDA business into several growing adjacent markets.

When Synopsys made the Ansys and Intrinsic ID acquisitions in a quarter, there were vibes that this EDA firm was on way to become an industry giant. However, the news about the SIG unit’s potential sale shows that the $79 billion company has a well-thought-out plan in which EDA and IP businesses will likely define its future roadmap.

“We believe there’s a higher return on investment in the 90% of our portfolio spread between the design automation and design IP business segments,” Ghazi told investors in November 2023. The company’s software service businesses, like application security testing, clearly fall in the remaining 10%, and buyout firms will be having a closer look at such businesses in 2024.

Related Content

• Synopsys plus Ansys: The making of an EDA giant?
• Exclusive: Sassine Ghazi on the launch of Synopsys.ai
• embedded diary: Synopsys to acquire Ansys for $35 billion
• Synopsys Acquires RISC-V Processor Simulation Tools Firm
• Synopsys Adds AI-Driven Tools, Acquires PUF Security Firm

The post Why Synopsys wants to sell its application security testing business appeared first on EDN.