Over the last several years, Black Duck has become a major player in the overall software security market with absolute leadership in open source security. The company has grown dramatically, selling to both large players in tech and smaller startups. Their brand has ranked #3 in open source behind only Red Hat and IBM. There’s little ambiguity about why Synopsys saw significant advantage in adding Black Duck to their flock and we couldn’t be more thrilled for the entire team there today!
This wasn’t an overnight success story. In fact, it’s been over a decade since we invested in Black Duck. Doug Levin and his partner, Palle Pedersen, first came to us 12 years ago just as the use of open source code began to gain real traction in companies across the tech spectrum. Many open source projects required developers to give away any software that incorporated even the smallest snippet of code covered by a General Public License (GPL).
Doug saw GPL-covered code as a tremendous risk for embedded systems, hardware and software companies alike. He envisioned a way to scan for software covered by GPL that would help companies identify, contain and properly use open source within their products. He and Palle showed us a crude working demo. We partnered with Roger Heinen of Flagship Ventures (a well respected technology leader formerly of Microsoft and Apple) to give Doug a $5M term sheet. And Black Duck, named for a favorite toy that Doug had as a kid, was born.
The value in what Doug and his team were building was immediately apparent even at this early stage. Matthew Szulik, the CEO of RedHat, offered to buy the company. Believing RedHat might be too big of a company for his idea to succeed, we worked with Doug to turn RedHat’s acquisition offer into a Series A investment alongside GC. We were off to the races!
Doug did an amazing job building a team and evangelizing the idea of open source compliance. He recruited Karen Copenhaver, a very notable open source attorney, who as a true believer in the mission, spoke with every major tech company counsel about the appropriate use of open source. Protex, the company’s first product, gained immediate traction with a number of high profile customers including Oracle and SAP and later on, Fidelity, who was not only a major customer, but also led the Series B.
Adoption of Black Duck’s products continued to grow as both a tool used in M&A when an acquirer wanted to vet the software of an acquisition and as an integrated part of a company’s development cycle. (And though the product was subscription-based, it was installed locally. If you can remember way, way back, this was before the cloud movement and there was no way companies were letting their code outside their firewall.)
Eventually, Doug saw the need to bring in someone with experience leading large, fast moving companies and he helped recruit Tim Yeaton, former CMO at Red Hat, to help the company widen its product base and improve its enterprise offering. Tim also kicked off a multiyear development effort to build a cloud version of their product which the company knew would be the major approach in the future.
Three years after Tim became CEO, he headed back to Red Hat to lead cloud initiatives while keeping his seat on the Black Duck board. We then recruited in Lou Shipley, a well known Boston CEO, to take the helm. Lou specialized in high performance sales models and had a great track record of selling to larger banks and commercial enterprises. He also understood that as open source was going more mainstream, the major issue was moving from compliance to security.
It’s been an incredible ride with Lou. He’s done an amazing job leading three major initiatives: he moved the product from an installed software model to a cloud model; he pushed the focus to security features and capabilities; and he changed the selling model from an enterprise field model to a high performance inside team model. These changes dramatically scaled the customer base, the revenues and bookings, and the overall impact the company had on the market, and brought us to the success we’re seeing today.
GC is very proud of having been the lead investor in Black Duck’s success. We took an early bet on Doug’s vision, led the financing for the company’s growth prospects, and we brought Lou in to build out a terrific management team and product. We have always believed that the early vision of the company would become mainstream. In true GC fashion, we tapped talent from both coasts to support Lou in expanding the company’s product into the security space. By taking the long view, we knew that the company would be transformative.
Black Duck has an amazing opportunity today through the acquisition by Synopsys to reach new heights with their vision and capabilities. Our role as early investors and advisors has reached the right outcome. The future for Black Duck is very bright and we remain their most ardent cheerleaders.
The best is yet to come,