JFrog announced that it has entered into a definitive agreement to acquire Vdoo Connected Trust in a cash and stock-based deal valued at approximately $300 million.
JFrog has accelerated its efforts to provide security offering to support DevOps users as they respond to the disruption in the market for continuous software delivery. As part of the JFrog Platform, Vdoo will accelerate JFrog’s vision of becoming the company behind all software updates and creating a world of Liquid Software by expanding its end-to-end DevOps Platform offering, providing holistic security from the development environment all the way to edges, IoT and devices.
Vdoo’s security experts and vulnerability researchers will join the JFrog team to continue to develop advanced security solutions for developers and security engineers. With years of extensive experience in software architecture and vulnerability research, reverse engineering, and binary code analysis, Vdoo’s team and JFrog will seek to deliver a complete DevSecOps solution to secure the full software packages lifecycle.
Holistic approach to security meets market demand
Many of today’s DevOps solutions are missing proper security capabilities that are fully integrated into the software lifecycle. Security tools are disparate, each with its own data set, which creates friction between development and security teams, slowing the releases of software updates – especially when continuously delivering to the edge or across a large fleet of devices. As a result, many of these security tools are not delivering on the promise of fast, automated, and secure releases.
The market demands a holistic process that secures software components all the way to the edge, consolidates security data for efficient decision-making, saves time and resources, and blesses an end-to-end delivery system with the highest integrity for security-certified releases — from any source to any endpoint.
“We are excited to have Vdoo join the JFrog family,” said Shlomi Ben Haim, co-founder and CEO of JFrog. “It is clear to us that the joint vision of changing the way software is being created, released, and updated to the edge will be our compass as we offer the market a binary-focused solution to secure their organization’s software assets. This move will amplify JFrog’s current success with our security solution, JFrog Xray, and create the expectation that ‘fearless releases’ will be the experience for both Security and Development teams.”
“This proposed acquisition is a great fit for both our companies,” said Netanel (Nati) Davidi, co-founder and CEO of Vdoo. “We share a vision around DevOps and security: if any DevOps company isn’t also a security company, it is solving only a small piece of the puzzle. We’re proud that our team has focused on being hybrid and holistic, and integrated across all dimensions throughout the software delivery life cycle. We look forward to continuing to power this Liquid Software mission as part of JFrog, and anticipate industry-changing innovations from the joint team.”
The DevSecOps value, delivered
Vdoo’s technology for analyzing and securing software packages will fuel JFrog’s security and runtime technology expansion, with the anticipated following benefits to JFrog customers, security engineers and the developer community:
- Saving resources with improved efficiency and high accuracy: Contextual threat analysis with advanced algorithmic applicability scanning that prioritizes critical security gaps across multiple vectors
- Zero-day detection: Ability to automatically detect zero-day new vulnerabilities, malware, exploits, backdoors, supply chain risks, and other threats before they become public
- Accelerated mitigation: Actionable mitigation recommendations across multiple attack vectors cut to the bottom line, avoiding teams’ “alert-fatigue” and noise when having to sift through thousands of possible vulnerabilities
- IoT and embedded device security: Extending security to embedded software on devices/IoT, along with firmware scanning and uniquely identifying vulnerabilities in compiled C/C++ application components
- Configuration security: Detecting configuration risks and implementation gaps (over 400 types of tests)
- Runtime protection for embedded devices: Alerting and blocking exploitation attempts in real-time</li
- Deeper, research-based coverage: Identify known and unknown security risks and improved prioritization and mitigation capabilities
- Standards compliance: Matching any security risk found to more than 40 (to date) different security standards and regulations
JFrog’s security road map
As part of the integration process, JFrog will triple the size of its security experts team – including engineering, marketing, and sales – with employees that will be located in Israel, Germany, Japan and North America.
In 2021, JFrog will expand JFrog Xray vulnerability detection to include Vdoo’s extensive data and improved scanning across multiple dimensions, including configuration and applicability scanning. In addition, JFrog expects to fully integrate Vdoo’s technology into its DevOps platform to provide all-in-one, continuous, holistic secured platform in 2022.
In the immediate term, Vdoo’s SaaS product will remain in operation, with new development of features and functions focusing on the JFrog Platform solution. Following the completion of the acquisition, JFrog and Vdoo will work with customers to ensure business continuity and streamlined migration to the joint offering.
Under the terms of the definitive agreement, JFrog has agreed to acquire Vdoo for a total purchase price of $300 million subject to adjustments as set forth in the purchase agreement for cash free debt free basis, to be paid in a combination of cash and share consideration. Of the purchase price, approximately $90 million will be paid with JFrog ordinary shares based on the average close price of the shares during the last 15 trading days.
JFrog reiterates Q2 and FY2021 guidance
JFrog reiterated the financial guidance provided on May 6, 2021.
For the second quarter ended June 30, 2021, JFrog expects revenues of $47.6 million to $48.6 million, with non-GAAP operating income of $0.5 million to $1.5 million and non-GAAP EPS of $0.00 to $0.01, assuming approximately 104 million weighted average diluted shares outstanding. For Full Year 2021, revenues are expected to be $198 million to $204 million, with non-GAAP operating income between $5 million and $7 million and an approximately 3% increase in weighted average diluted shares.
Subject to the closing of the proposed acquisition, JFrog anticipates its consolidated operating expenses to increase by approximately $9-10 million for the remainder of 2021.