PE Firm Accuses Synopsys of Breaching Exclusivity Agreement – Source: www.databreachtoday.com

Application Security
,
Governance & Risk Management
,
Next-Generation Technologies & Secure Development

Sunstone Partners: We Had a Letter of Intent to Buy Synopsys’ Security Testing Unit

Michael Novinson (MichaelNovinson) •
April 12, 2024    

A California private equity firm sued Synopsys and accused the systems design behemoth of breaching an exclusivity agreement by shopping its $525 million software integrity business.

See Also: The State of Vulnerability Management

Sunstone Partners Management said it signed a letter of intent in fall 2023 to acquire Synopsys’ security testing services unit, which tests software code for security vulnerabilities and quality defects and is part of Synopsys’ software integrity business. But before the exclusivity period between Sunstone and Synopsys ended, the later began exploring strategic alternatives for the entire software integrity unit (see: Synopsys Greenlights Sale of $525M Application Security Unit).

“Synopsys knew that its November 30 public statement was an admission of breach of contract,” Sunstone wrote on a 14-page complaint filed March 20 with the Delaware Chancery Court. “It just did not care.”

Sunstone Seeks Financial Damages from Synopsys

Sunstone said it spent millions of dollars over a period of months on work associated with a potential acquisition of Synopsys’ security testing services unit. After Synopsys’ announced Nov. 30 it was exploring strategic alternatives for the entire software integrity group, the private equity firm asked Synopsys to reimburse the fees and expenses Sunstone claimed to have incurred. But Synopsys refused.

“We have filed suit against Synopsys,” Sunstone told Information Security Media Group in a statement. “We did not take that lightly. We have never done anything like this before, and do not expect that we would ever do this again in the absence of extraordinary circumstances.”

Synopsys declined to comment on Sunstone’s lawsuit to ISMG, but on April 3 filed a motion to dismiss the suit, alleging Sunstone failed to state a claim upon which relief can be granted. Sunstone’s lawsuit against Synopsys was first reported by Bloomberg Wednesday. Synopsys’ board of directors signed off March 20 on selling its software integrity business to focus exclusivity on design automation and IP.

An Acquisition Aborted

Sunstone in October 2023 signed a term sheet to acquire Synopsys’ security testing services business, according to a source familiar with the situation. But before that deal could close, Synopsys announced a strategic review for its entire software integrity business and effectively put the kibosh on its talks with Sunstone, according to the complaint.

“Soon after its earnings call on November 30, Synopsys wrote in an email to Sunstone that ‘we have much bigger fish to fry right now,’ namely the recently announced “decision regarding the whole SIG business,'” Sunstone wrote in the complaint. “For its part, Sunstone was left holding the bag.”

Bloomberg reported last month that Advent International, Hellman & Friedman and Thoma Bravo are weighing bids for Synopsys’ software integrity unit, which generated $525 million of sales in the most recent fiscal year and could be worth $3 billion or more. Thoma Bravo bought Synopsys rival Veracode for $950 million in 2019 and sold a majority stake to TA Associates in 2022 at a $2.5 billion valuation.

“We have never done anything like this before.”



– Sunstone Partners Management

Hellman & Friedman, meanwhile, bought rival Checkmarx in April 2020 at a $1.15 billion valuation, meaning the acquisition of Synopsys’ software integrity business would likely pave the way for a business combination.

Sunstone has also invested in a handful of security companies over the years, including penetration testing and attack surface management vendor NetSPI as well as Avertium, a managed cybersecurity services company created by the private equity firm in 2019. In the 2010s, Sunstone backed threat intelligence firm AlienVault, DNS security firm BlueCat and encryption firm Voltage.