Advertisment

Our objective is to provide a platform that can do software sign off

author-image
Shrikanth
New Update
Snip

Synopsys is headquartered in California with revenues in excess of $2 billion and has more than 10,000 employees. Here in India Synopsys has a highly skilled employee base of more than 2000 spread across Bangalore, Hyderabad, Mumbai, New Delhi and Noida. India is a key R & D center for Synopsys and Indian engineers manage various aspects of EDA tool development. Recently Synopsys has increased its focus on Software Integrity and security and taking on to market with industry’s most advanced automated tools. This has been possible due to two of its acquisitions Codenomicon and Coverity. Dr. Aart de Geus, Chairman and co-Chief Executive Officer, Synopsys in an exclusive conversation with DATAQUEST talks about the company’s software transition. Excerpts.

Advertisment

How and when did Synopsys transformed from an EDA company to software driven one?

Well, in 2014 we acquired Coverity and several other companies and in 2015 ones like Codenomicon gave us the software leverage that manifested into a software platform. But the thinking started much earlier than that. I observed that the number of software engineers in semiconductor companies is growing very rapidly and there is huge constant exponential growth in complexity. In hardware the penalty is pretty high for a mistake - meaning that you have to redo multiple things again, which could easily cause loss of multiple millions of dollars. While in software, often times a patch will fix it and that cannot be replicated in hardware.

Furthermore in the recent years, it became clear that security aspect is rapidly growing in importance for all the negative reasons. In many ways, the visible point was sometime back when a Jeep SUV was hacked by someone from a mobile phone and it became instantaneously clear that software security is a necessity for safety and anything that touches human lives.

Advertisment

Synopsys is one of the most sophisticated software companies in the world. We have 400 million lines of very complex software. We felt that we have learnt many lessons and we could ultimately translate that into a business.

At a broader level, we are seeing conversations on DevOps - do you think developments like these will create more quality awareness amongst the developers?

Yes, awareness is growing rapidly. Quality awareness has always been a difficult sell. Quality is always, better the best. But better also means more work. By the time you have security issues, it is no longer a question of better or worse, the question is to get rid of it. Suddenly, the picture turns very black and white except that there is no way to address the security issue if you don’t simultaneously have a quality orientation. That is why the combination of organic and inorganic pieces that we assembled becomes very interesting because it becomes a platform upon which people can do automatic quality verification and security checks.

Advertisment

If you look at business risk and IT risk - how are you approaching these two pillars and creating a seamless quality regime?

The business risk for customers is by definition is always subject to judgment of the management. If I develop a car and I sell it to you and say many good things about the car’s features including safety, if you have an accident, you may sue me but it is my business risk to decide how much to invest in this. Car is an extreme example because it can do you some bodily harm. If you buy a camera and if it goes bad after 2 years you might have negative impression about the product and want to buy a new camera. In all products, there are always judgment calls on how far you want to go. This changes, when there are automatic methods to check this, so automatically if you could have verified a number of things on my product. I am surely delinquent from a business point of view, I can argue that I am delinquent from a legal point of view or not and that differs from case to case. The point is automation is actually a great way to reduce the number of issues.

Per se Synopsys, how are you approaching the market and what is the message you are driving home?

Advertisment

Interestingly, with the acquisition of Coverity and subsequently others, we immediately inherited two pieces of market. One was the software that was somewhat related to electronics and those customers we knew very well, may be not all the software teams in those customers. Synopsys sells to every electronic and semiconductor companies in the world and in many cases are the largest suppliers. We all know about the complexity. When we talk to a semiconductor company, it immediately rings the bell because they understand how for many years we managed to go from chips with a few transistors to with billions of transistors and therefore when we argue that it is time to look at software we have an immediately strong dialog.

What’s interesting is that with Coverity, it opened us to new verticals like energy, health, and finance companies with whom we have never talked to. They do a lot of application software not necessarily related to hardware implementation but have the same characteristics. Bad quality creates problems and bad quality and security create big problems. For us, that is the new market and thus an opportunity for Synopsys to have an impact in areas where we were not present before.

Is there any sweet spot vertical you are looking at for software security?

Advertisment

Yes, we are starting to focus on few areas and one that has got an immense immediate attention is automotive precisely because of the events of the last summer (car hacking). The automotive industry has very good set of practices and certifications for safety, except that safety was always thought of from the hardware angle. Now with the massively increasing software content, the fragility of safety is directly linked essentially to software flaws or vulnerabilities. It is an interesting area because the industry that is already much attuned to certain standards and certifications as part of how they do business.

The other area, which is a growing focus, is the health sector- for instance machines can get hacked here, that’s pretty dangerous in a healthcare scenario. We are also looking at verticals like government, communications and financial services.

How are you approaching IoT and m2m? What is the potential opportunity for Synopsys?

Advertisment

Well what IoT is for many people is really electronics that can suddenly connect to the physics of the situation via sensors. The sensors can be from very simple things such as temperature and pressure all the way to cameras. Cameras can be even X-rays cameras or infrared etc. The second point of IoT is to connect via Internet and therefore generating potentially big data, which might be analyzed but can also be manipulated.

I think the singular most interesting thing, which is happening simultaneously and will see the impact in the next couple of years is that IoT being simultaneously being paired with the next major phase of semiconductors. Concepts of artificial intelligence or what I prefer to call as digital intelligence because it is actually broader are very rapidly taking ground in almost every domain. And interestingly enough, one of the slowest adopters of new technologies, the automotive industry has suddenly turned into a role model of fastest adopters. You have Google cars, which are autonomously driving around, and these are unbelievable examples of AI becoming real.

These are examples of digital intelligence capabilities that were expected to take much longer to happen but defied timelines by realizing soon. The question is how do we tie this together? If we have substantial amount of digital intelligence software running on every distributed devices and which could be potentially vulnerable from a security point of view. Each of these devices is like a kitchen window in a bank. A bank is not supposed to have a kitchen window as they are a vulnerability point.

Advertisment

When you look at economic impact of faulty software the ramifications are multipronged- right from dip in customer satisfaction to impact on bottom lines - what is you take here?

The quality issue has always been there except what is becoming more and more different today than years ago. Its about the exponential complexity of growth not only in the software itself but also in the number of dimensions of software connected to the hardware, connected to other software which I call systemic complexity has also grown massively. The worst the software quality is the more risks of having natural openings to somebody who really know what he or she is doing and once you penetrate. In sum the impact of faulty software is huge.

If you look at the larger technology landscape, the market is at an intersection of a major disruption where a nexus of forces are shaping and reshaping business strategies, old school thinking is no longer good, what would be your priorities for next 12 months given this new normal landscape?

A combination of immensely powerful silicon technology makes it possible to see a whole wave of pattern recognition, learning, reasoning (digital intelligence capabilities), while simultaneously connectivity will continue massively. That opens the door for opportunities, the business that we are in, we are at the heart of heart of high-tech, meaning we enable the most advanced chips in the world, and we are now aiming to apply the same techniques that we have learnt for many years on hardware in the software world. For instance, ‘Sign off’ in hardware means there is a set of processes and batch of tests that you have to do before you go to manufacturing. Our objective is to provide a platform that can do software sign offs and not with the promise that it is 100% but with a promise that it gets better with every release.

synopsys security software-qaulity
Advertisment