Synopsys, Inc. today announced it has signed a definitive agreement to acquire Codenomicon. The additional talent, technology and products will expand Synopsys’ presence in the software security market segment and extend the Coverity quality and security platform to help software developers throughout various organizations quickly find and fix security vulnerabilities and protect applications from security attacks.
Based in Finland, Codenomicon Oy is well-known and highly respected in the global software security world with a focus on software embedded in chips and devices. Its customer base includes some of the world’s leading organizations in telecommunications, finance, manufacturing, software development, healthcare, automotive and government agencies. A team of security engineers at Codenomicon independently discovered the infamous Heartbleed bug while improving a feature in their security testing tools and reported it to the National Cyber Security Centre in Finland (NCSC-FI). A Codenomicon engineer is credited with naming the bug.
“Businesses are increasingly concerned about the security of their applications and protecting customer data. Adding the Internet of Things to the mix increases the complexity of security even further. During the past 15 months, the world was hit by major security breaches such as Heartbleed, Shellshock, etc.,” said Chi-Foon Chan, president and co-CEO of Synopsys. “By combining the Coverity platform with the Codenomicon product suite, Synopsys will expand its reach to provide a more robust software security solution with a full set of tools to help ensure the integrity, privacy and safety of an organization’s most critical software applications.”
Codenomicon’s solutions will help Synopsys deliver a more comprehensive security offering for the software development lifecycle by adding its Defensics tool for file and protocol fuzz testing, and its AppCheck tool for software composition analysis and vulnerability assessment.
The Codenomicon Defensics tool used to discover the Heartbleed bug automatically tests the target system for unknown vulnerabilities, helping developers find and fix them before a product goes to market. It is a systematic solution to make systems more robust, harden them against cyber-attacks and mitigate the risk of 0-day vulnerabilities. The Defensics tool also helps expose failed cryptographic checks, privacy leaks or authentication bypass weaknesses. The Defensics tool is heavily used by buyers of Internet-enabled products to validate and verify that procured products meet their stringent security and robustness requirements.
The Codenomicon AppCheck tool adds software composition analysis (SCA) capabilities to the Coverity platform, helping customers reduce risks in third-party and open source components. When using the AppCheck tool, customers are able to obtain a software bill of materials (BOM) for their application portfolios, and identify components with known vulnerabilities.
“Since our inception, Codenomicon has focused on making the world a safer place by giving organizations the visibility and real-time intelligence necessary to effectively protect their software assets against security vulnerabilities,” said Rauli Kaksonen, co-founder of Codenomicon. “By adding our pioneering solutions to Synopsys’ Coverity platform, we can extend these benefits to a broader audience and help reduce risk across a range of industries and applications.”
The terms of the deal, which is not material to Synopsys financials, have not been disclosed. The transaction is subject to customary closing conditions and is expected to close within 30 days.