feature article
Subscribe Now

Burning the Secret Sauce

When Paranoia Impedes Progress

“Our new RuleBuster DRC tool has successfully verified a one billion transistor 65nm design for… uh… a very large semiconductor company.”  The presenter blushes a bit, looks annoyed, and then continues with his next PowerPoint slide.  The six people in the audience all know who he’s talking about, and they’re dutifully impressed.  He’s met the letter of the law on the agreement his company signed, although he is now far from the spirit of it.

When you make your living designing and selling electronic design automation (EDA) tools, issues of confidentiality and paranoia fly at you from all directions.  Some of the world’s largest semiconductor companies (Can we say Intel’s name here?  Whoops, there it goes!) have long-standing policies of not allowing suppliers to admit that their products were used by that company.  Apparently the “Intel Inside” marketing campaign style doesn’t apply both ways.  You won’t find a lot of chips from these manufacturers with “Synopsys Inside, Magma Inside, Cadence Inside, Mentor Inside, etc.” stamped on the top, even though products from all four of these companies (and likely more) were likely involved in getting that chip into the socket.

We don’t mean to single out Intel here – a lot of semiconductor and systems companies have similar policies and similar motivations.  They feel that the tools, services, and IP that go into bringing their products to life all become part of their “Secret Sauce” and that withholding that information keeps their rivals at a competitive disadvantage.

Yeah, right.

Let’s say hypothetically that you work for a competitive semiconductor company (Oh, it looks from our subscriber rolls like many of you do.  Welcome!), and you’re dealing with the problem of layout verification.  Let’s have a quick show of hands as to how many of you wouldn’t know to check some of the four companies listed above?  Oh, not too many hands in the air.  OK, you two – go Google “layout verification” – yep, Mentor, Synopsys, CDN (that’s stock-market-ese for Cadence), a bunch of academic references…  Whew! That big trade secret took us awhile to crack.

Nonetheless, EDA and IP companies often have their hands tied by their customers, protecting the identities of users of the same products they’re spending millions to advertise.  Every member of the marketing and field team that works with the customer in question must be briefed and warned, PowerPoint presentations must be scrubbed, and press releases are audited to make sure that word doesn’t leak out that they have happy, successful customers using their products.  When they go to meet with a new prospective customer, the question will inevitably arise –

“Do you have other customers using this product?”

“Definitely.”

“Who are they?”

“Can’t say, but trust me, they love it.”

“Gee, thanks.  That’s very helpful.”

It would be easy to stop the blame with the systems and semiconductor companies, but this virus runs much deeper than that.  The EDA companies themselves are similarly afflicted.  Go to any tradeshow, like, say, the Design Automation Conference (to choose a random example), and look at what’s in the booths on the show floor.  The answer is… “Fluff.”  You’ll see lots of signage about how each company is “The Leader in Franistan Reticulation,” accompanied by pitches from paid actors who rattle off technology terms without a clue as to their meaning and sixty-inch plasma monitors showing slick flash videos of animated characters rollerblading along metal traces and falling victim to evil electro-migration.

Not exactly what we need to get our jobs done.

If you want any real information, you need to sign up for access to the sacred suites.  This is a process that ranges in difficulty – we’d estimate somewhat harder than getting through airline security, but easier than escaping from a federal detention facility.  Once inside, of course, you’ll be greeted by the Good catered food and lots of other potential customers wearing their badges backward and trying to look inconspicuous.  You’ll slide into a seat in the back of a mini-meeting room, and, when the presenter pauses briefly from pushing power optimization to a new level of abstraction, you quietly ask “Do you have any customers using this product?” Oh, wait.  We’ve been there already.

I once worked on a giant software development project at an EDA company, and my team was hamstrung by complex security requirements mandated to keep our archrivals from guessing what we were up to.  Our engineers jumped through hoops and ran through virtual obstacle courses trying to get their jobs done while protecting the secret sauce.  It often seemed like we spent more time babysitting our security measures than we did developing code. 

Of course, two of the members of the team were married to employees of competitive companies, our own company had a massive marketing campaign designed to create a buzz about the new technology we were developing, we had filed patent applications that made it perfectly clear what we were working on, and some of our engineers were presenting papers at technical conferences explaining details of the algorithms.  Nonetheless, our source code was safe.  So safe, in fact, that the folks that wrote it couldn’t often get it to compile successfully.  We wondered aloud whether the best defense against our unseen industrial spies might be to just tar-up the source code and send it to them.  They’d probably be tied up for years just getting the make files set up right.

The kind of proprietary paranoia that causes these misguided company behaviors is not without foundation.  There are well publicized cases of EDA company engineers defecting with entire product lines and trying (with varying degrees of success) to sell them to competitive companies.  For the most part, large technology companies are too smart to take advantage of these unethical and illegal offers.  On the rare occasion when they’re not, prison terms are not unheard of. 

On the semiconductor side, there are well-established companies that make their living doing nothing but reverse-engineering high-profile devices.  Once the buffing compounds and scanning electron microscopes start to work, no secret is safe for long.  Competitors can purchase detailed reports for a small fortune, but the insight gained is seldom profound. 

Particularly in these days of domination by fabless companies, few people have any real process advantage.  Everybody starts from the same “go” square with the same semiconductor processes available to them, the same third-party IP to speed up their design cycle, and the same array of EDA tools to stitch it all together and make sure it works.  Real competitive advantage is typically gained by the tiny percentage of software and hardware in the design that’s truly original and by the novel application of all those standard ingredients to make something that solves an important customer problem well.

However, the mapping between the security measures and the actual threats faced by these companies trying to protect their intellectual property and competitive advantage is tenuous at best.  The real reason that trade secrets migrate around the industry is the incessant turnover of engineering talent and the constant migration of key technologists from one company to another.  Perhaps if companies focused more on keeping their key talent in place, they’d have far fewer leaks of critical technology to the competition.  After all, if it wasn’t easier for us as engineers to get a bigger salary, a better title, a faster promotion, or more recognition by changing companies than it is to stay where we are, we wouldn’t often go through the trauma of a job change.  All too often, however, companies skimp on these things with their loyal, long-term employees while simultaneously pulling out the stops to recruit that seemingly indispensable engineer that’s leaving their competitor.  Unfortunately, you almost always get the behavior you reward.

Leave a Reply

featured blogs
Dec 10, 2018
I titled my preview of the RISC-V Summit RISC-V Summit Preview: Pascal or Linux? since it is clear that RISC-V is really the only game in town inside academia, but it still hasn't conquered the... [[ Click on the title to access the full blog on the Cadence Community si...
Dec 7, 2018
That'€™s shocking! Insulation Resistance and Dielectric Withstanding Voltage are two of the qualification tests that Samtec performs in-house during part qualification testing. These tests will ensure that when a connector is used in environmental conditions at the rated wo...
Nov 28, 2018
The futuristic concept of testing for a variety of inconsistencies in blood with just a drop seemed within reach with the promising company Theranos....
Nov 14, 2018
  People of a certain age, who mindfully lived through the early microcomputer revolution during the first half of the 1970s, know about Bill Godbout. He was that guy who sent out crudely photocopied parts catalogs for all kinds of electronic components, sold from a Quon...