For decades, when a customer complained of security flaws in semiconductors, every company from manufacturing to design said, "That's a software problem." But for the Electronic Design Automation (EDA) software industry that's good news and a new profit center.
These companies used to refer to design for security as a means for protecting intellectual property, ironically resulting in semiconductor products that feature multiple and sometimes massive security flaws that were easily exploited. Customers want those holes plugged in the design process, before manufacturing.
Governments and the automotive industry, the two smallest customers of the world's semiconductor companies (1% and 11.4%, respectively, according to the Semiconductor Industry Association) want chips and electronic systems secure by design. In turn, the chip companies are demanding design tools that help them meet those requirements.
EDA companies, like Synopsys (SNPS -1.73%), Siemens Design (SIEGY -0.94%), and Cadence Design (CDNS -1.98%), are expanding into software development. Moreover, they are hawking their wares at security conferences like RSA Conference creating new sources of revenue with little retooling in an industry traditionally dependent on semiconductor industry success.
Security needs drive value
The EDA industry was, at one time, a hotbed of innovation, IPOs and acquisitions, but consolidation and moribund investment interest cooled 10 years ago. However, customer demand for security by design and the success of security-focused groups within these companies are reinvigorating the prospects
Synopsys recently completed the purchase of WhiteHat Security, a provider of application security Software-as-a-Service (SaaS) for $330 million in cash. That purchase was neutralized after the company saw revenue of more than $400 million in their Software Integrity Group in the past 12 months.
Smaller, private companies in the niche are rebranding themselves and retargeting verification tools to find security flaws. Cycuity, founded as Tortuga Logic a decade ago, was one of the first companies to recognize the value of that technology for security. Verification tools ensure semiconductor design works as intended before they go into manufacturing.
Old tech creates revenue
Typically, security engineers manually review thousands of lines of code from the hardware design team to find vulnerabilities. If an issue is found, the hardware design team makes changes and the cycle repeats. That is a costly process that hardware teams resent. Instead, verification tools can be used to identify the vulnerabilities during the design process.
The field of hardware security verification is growing and often specialized, making competition light. Optima Design Automation focuses entirely on secure automotive chip design. That makes them an attractive acquisition target for Synopsys, Cadence and Siemens, each with their own suite of verification products.
Success for the EDA industry has been inexorably tied to the success of the semiconductor industry for decades, suffering greater losses during downswings but not experiencing many of the benefits of upswings. Right now, the industry is seeing record profits as the semiconductor industry gears up production as they come out of pandemic mode. But adopting security-focused product development could give them a significant boost in value that can ride out any potential market downturn. It's worth keeping your eye on their developments.
