Cybersecurity is becoming a selling point of semiconductors

For decades, when a customer complained about security flaws in semiconductors, every company, from manufacturing to design, said, “It’s a software problem. But for the electronic design automation (EDA) software industry, this is good news and a new profit center.

These companies referred to design for security as a way to protect intellectual property, which ironically resulted in semiconductor products with multiple and sometimes massive security flaws that were easily exploited. Customers want these holes plugged in the design process, before manufacturing.

Governments and the automotive industry, the two smallest customers of global semiconductor companies (1% and 11.4%, respectively, according to the Semiconductor Industry Association) want electronic chips and systems that are secure by design. In turn, chipmakers are asking for design tools that help them meet these requirements.

EDA companies, like Synopsis (SNPS 0.41%), Siemens design (HEAD OFFICE 0.32%)and cadence design (CDNS 0.17%), thrive in software development. Additionally, they sell their wares at security conferences like the RSA conference, creating new revenue streams with little retooling in an industry traditionally dependent on the success of the semiconductor industry.

Security must generate value

The EDA industry was, at one time, a hotbed of innovation, IPOs and acquisitions, but consolidation and moribund investment interest cooled 10 years ago. However, customer demand for security by design and the success of security-focused groups within these companies are invigorating the outlook.

Synopsys recently completed the purchase of WhiteHat Security, an application-as-a-service (SaaS) security software provider for $330 million in cash. That purchase was neutralized after the company recorded revenue of over $400 million in its software integrity group over the past 12 months.

Small, private companies in the niche are rebranding and retargeting verification tools to find security holes. Cycuity, founded as Tortuga Logic a decade ago, was one of the first companies to recognize the value of this technology for security. Verification tools ensure that semiconductor designs perform as expected before they go into manufacturing.

Old Technology Creates Revenue

Typically, security engineers manually review thousands of lines of code from the hardware design team to find vulnerabilities. If a problem is detected, the hardware design team makes changes and the cycle repeats. It’s an expensive process that hardware teams hate. Instead, verification tools can be used to identify vulnerabilities during the design process.

The field of hardware security verification is growing and often specialized, making the competition light. Optima Design Automation focuses entirely on the secure design of automotive chips. This makes it an attractive acquisition target for Synopsys, Cadence and Siemens, each with their own suite of verification products.

The success of the EDA industry has been inexorably tied to the success of the semiconductor industry for decades, suffering greater losses during downturns but missing out on many of the benefits of upswings. Right now, the industry is seeing record profits as the semiconductor industry ramps up production out of pandemic mode. But embracing security-focused product development could give them a significant boost in value that can overcome any potential market downturn. It is worth keeping an eye on their developments.

Lou Covey has no position in the stocks mentioned. The Motley Fool fills positions and recommends Cadence Design Systems and Synopsys. The Motley Fool has a disclosure policy.

Comments are closed.