The electronic design automation (EDA) and semiconductor IP company will take on privately-held Black Duck in a deal worth approximately $565 million, or $548 million net of cash.
Synopsys said on Friday that the acquisition "will enhance Synopsys' efforts in the software security market by broadening its product offering and expanding its customer reach."
Black Duck employees, of which there are roughly 400, will join the California-based Synopsys team. The acquired firm's security software, which automates the detection of vulnerabilities and weaknesses in open-source software, is expected to give Synopsys clients better visibility into the shape of their open-source usage and applications -- as well as any potential security risks.
"Our vision is to deliver a comprehensive platform that unifies best-in-class software security and quality solutions," said Andreas Kuehlmann, senior vice president and general manager of the Synopsys Software Integrity Group. "Development processes continue to evolve and accelerate, and the addition of Black Duck will strengthen our ability to push security and quality testing throughout the software development lifecycle, reducing risk for our customers."
"We look forward to working with Black Duck's experienced team as we drive our combined solution to the next level of value for our customers," the executive added.
Black Duck CEO and President Lou Shipley said in a blog post that there is "much more to the transaction than meets the eye," and while Black Duck "may be diminutive in size, our software delivers a big value punch because it solves a challenge that most companies are struggling with today."
Synopsys is yet to provide any financial guidance for the 2018 financial year but says that due to the purchase investors may expect a downward adjustment. However, Black Duck is expected to contribute between $55 -- $60 million to the years' revenue.
The deal is expected to dilute 12 cents per share, with a break-even in the second half of 2019, and then potentially a shift back to profit afterward.
The acquisition is expected to close in December 2017, subject to regulatory approval.
Previous and related coverage
The vulnerability, as bad as it gets, allows attackers to remotely take over enterprise software without authentication.
Webmasters should update immediately to prevent website takeovers.
The hotel chain's data breaches exposed hundreds of thousands of customer credit card numbers.