by Andre Girard | 11/16/2017
The surge of consolidation VDC expected would reshape the software composition analysis (SCA) solution market advanced in earnest with the announcement Synopsys (NASDAQ: SNPS) intends to purchase segment-leading Black Duck Software. The deal, expected to close in December 2017, mirrors the 2014 acquisition of Coverity, which netted Synopsys the revenue share leader of a rapidly expanding test tool market segment. Synopsys first entered the SCA market by acquiring Protecode in 2015. Other M&A activity in the sector include the Flexera Software acquisition of Palamida and the purchase of Veracode by CA Technologies.
The size and complexity of code bases are accelerating rapidly as companies turn to software as a primary means to interact with customers and deliver system functionality. Development teams in the embedded/IoT and enterprise/IT markets alike are using a growing volume of open source software (OSS) to help meet the resulting escalation in their code creation needs. The growing prevalence of OSS code, combined with the burgeoning awareness of the legal and security risks it can introduce, is encouraging more development teams to formalize their testing and acceptance policies.
Revenue generated in the SCA market is projected to increase at a compound annual growth rate (CAGR) over 30% through 2020 as the tools are adopted to help manage OSS use. To date, much of the SCA tool revenue has been driven by large organizations (companies with over 1,000 engineers), despite these companies having OSS use rates that are not markedly different from small organizations (1-50 engineers). The far more profound financial and operational impact from vulnerabilities and licensing liabilities, puts greater pressure on large companies to install governance over the use of OSS components.
VDC projects the next wave of SCA revenue growth will be fueled by the mid- and even small-sized companies. These organizations face the same pressures of encouraging the use of open-source software. The priorities guiding their vendor and tool selection, however, differ. Ease of use, along with the availability of quality services and support offerings, will be more critical to the smaller companies that often have less internal technical expertise. If training and implementation support services are not available—either directly or through partners—SCA tool suppliers may not be considered for selection by these mid- and small-sized organizations.
Combining Black Duck’s strong training and auditing/analysis offerings with the extensive services business in Synopsys Software Integrity Group positions Synopsys to capture a large share of these new users – further extending the market leading position of the Black Duck SCA offerings. To best appeal to these customers, market educational efforts should explain the role SCA tools play, not only in discovering liability issues, but also in improving security and quality of code bases.
For further investigation and analysis of the software composition analysis tool market, please see our recently published report, Deployment Automation & Software Supply Chain Management for the IoT.