RSA SECURITY INC/DE/ - 10-K Annual Report

Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of the registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.

The approximate aggregate market value of the common stock held by non-affiliates of the registrant was $2,474,938,600 based on the last reported sale price of the registrant’s common stock on The Nasdaq National Market as of the close of business on January 29, 2001. There were 38,710,100 shares of common stock outstanding as of January 29, 2001, without taking into account the three-for-two stock split, payable in the form of a stock dividend on the registrant’s common stock to holders of record as of March 9, 2001, which was announced in February 2001. Adjusted for such three-for-two stock split, there were 58,065,150 shares of common stock outstanding on January 29, 2001.

This Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended, and Section 27A of the Securities Act of 1933, as amended. For this purpose, any statements contained herein that are not statements of historical fact may be deemed to be forward-looking statements. Without limiting the foregoing, the words “believes,” “anticipates,” “plans,” “expects” and similar expressions are intended to identify forward-looking statements. The factors discussed under the caption “Certain Factors That May Affect Future Results,” among others, could cause actual results to differ materially from those indicated by forward-looking statements made herein and presented elsewhere by management. Such forward-looking statements represent management’s current expectations and are inherently uncertain. Investors are warned that actual results may differ from management’s expectations.

RSA, Keon, SecurID, BSAFE, ACE/ Server, RC2, RC4 and RC5 are registered trademarks, and RSA Security, RSA Secured, RC6, and The Most Trusted Name in e-Security are trademarks of RSA Security Inc. All other trademarks or trade names referred to in this Annual Report on Form 10-K are the property of their respective owners.

RSA Security Inc. is a leading provider of electronic security (“e-security”) solutions. We help organizations ensure the authenticity of the people, devices and transactions involved in electronic business (“e-business”) through the use of our authentication, encryption and public key infrastructure (“PKI”) solutions. We sell to enterprise customers seeking turnkey security solutions, and to developers seeking software development components for embedding security in software applications or hardware devices.

As used in this Report, “we,” “us,” “our” and “RSA Security” refer to RSA Security Inc. and its subsidiaries.

Historically, e-security solutions have been deployed primarily to protect corporate networks from malicious intrusion and to preserve the integrity of data as it passed over insecure networks. E-security was typically the focus of businesses in security-conscious industries such as banking, telecommunications, aerospace and defense. Today, e-security is widely regarded as a fundamental requirement for conducting all forms of e-business, including commerce and communications conducted through corporate intranets, extranets and other Internet-based applications. Many organizations, in a wide range of industries, are conducting e-business to reduce costs, compete more aggressively, and more efficiently meet the increased business demand for speed, accuracy and delivery of information.

E-business requires e-security to create the same trust relationships that currently exist on paper in the brick-and-mortar world, so organizations can conduct e-business with the same confidence with which they conduct traditional commerce. There are several essential requirements for e-security:


	•	User Identification and Authentication. First, a user’s identity must be reliably authenticated. This ensures that unauthorized users do not gain access to computer networks and applications, and also ensures that organizations are certain of the identities of those with whom they are doing business. There are a number of popular methods of user identification, including:


	•	something secret the user knows, such as a word, phrase, personal identification number (“PIN”), code or fact;

	•	something physical the user possesses, such as a key, token, smart card, badge or other form of discrete “authenticator,” which is resistant to counterfeiting; or

	•	something unique to the user, such as a fingerprint, signature, retinal pattern, voice print or other measurable personal characteristic or “biometric.”


		We believe the use of a strong, two-factor user authentication system, combining two of the three generally accepted methods of user identification, is required for reliable e-security.

	•	Access Control and Privilege Management. Once the user’s identity has been established, an organization must verify that the user is authorized to access the specific information he or she is seeking. One of the key challenges facing organizations is the proliferation of passwords required for users to access disparate operating systems, applications and databases. Products providing access control and privilege management must protect and manage access to corporate information and applications, and control user privileges at multiple levels within the enterprise, including networks, applications and data levels. We believe that PKI systems can help organizations meet these criteria.

	•	Data Privacy, Integrity and Authentication. In addition to authenticating the identity of users and ensuring that only authorized users access, view or modify certain data, a comprehensive e-security solution must ensure that the data transmitted over networks are not disclosed to unauthorized persons (data privacy), have not been altered or compromised by unauthorized manipulation (data integrity) and were actually transmitted by the purported sender (data authentication). Such data privacy, integrity and authentication solutions are provided by encryption technologies.


	•	Legal Standing. Finally, organizations need to be confident that the transactions they conduct online have the same legal standing as those they conduct using traditional, paper-based processes. Many countries around the world, including the United States, have recently passed laws that give “electronic” or “digital” signatures the same legal standing as hand-written signatures for many types of binding transactions. A PKI solution is intended to enable users to digitally “sign” forms and documents to create legally binding transactions.

We are a leading provider of e-security solutions. Our products are designed to help organizations ensure the authenticity of the people, devices and transactions involved in e-business. Our core competencies are in strong, two-factor user authentication solutions, encryption software and public key infrastructure solutions. We believe that through the unique synergies offered by our RSA SecurID®, RSA BSAFE® and RSA Keon® product lines, we directly address the most critical e-security requirements for e-business.

Since our inception in 1986, we have focused on the fundamental need for user identification and authentication, with an emphasis on solutions for secure remote access to enterprise networks. In July 1996, to further our strategy and extend our product line, we acquired RSA Data Security, Inc., a leader in cryptography solutions that address the need for data privacy and integrity.

In July 1997, we acquired DynaSoft AB, a vendor of platform-independent security solutions for distributed client/server networks. The DynaSoft BoKS product family included public key technologies for access control and privilege management. In January 1999, we introduced the RSA Keon product line, a family of public key infrastructure-based products, initially based on the BoKS technology and designed to provide organizations with application security and flexible electronic commerce solutions. As part of this introduction, we renamed the DynaSoft BoKS product family “RSA Keon.” In September 1999, we introduced the next-generation, standards-based implementation of the RSA Keon solution.

Also in September 1999, we changed our name from Security Dynamics Technologies, Inc. to RSA Security Inc. We took this step because we had combined the management structure of Security Dynamics Technologies, Inc. and RSA Data Security, Inc. into an integrated team, with sales executives dedicated to meeting the needs of both enterprise and developer markets, unified marketing and engineering organizations, and a tight linkage within customer and professional services to serve customers developing solutions, deploying solutions or both.

In January 2000 we formed our RSA Capital segment, whose activities relate to our existing and future investments in e-businesses and other technology companies.

In February 2001, we acquired Xcert International, Inc., a company that develops and delivers digital certificate-based products for securing e-business transactions. We acquired Xcert to increase our PKI market share and revenue, to enhance our ability to secure applications that serve the business-to-business and Internet markets, and to add talent that will assist with the acceleration of our PKI product calendar. As a result of the acquisition, Xcert’s Sentry CA line of products became part of our RSA Keon PKI product family.

Our objective is to continue to be a leading provider of e-security solutions. Key elements of our strategy to achieve this objective include:


	•	Focus on Solutions. We believe customers purchase e-security solutions only when they can use them to enable new business applications or secure existing applications. We offer comprehensive e-security solutions that are focused on four application targets: wireless, Web transactions, VPNs and reduced sign-on.


	•	Wireless applications offer unique security challenges. Wireless transmissions, as with any form of communication, may be susceptible to interception and tampering. Portable devices with no fixed connection offer tempting access points to hackers. Portable devices also contain valuable


		information and credentials that must be protected in case of theft or loss of a device. We believe RSA SecurID authentication solutions are an effective way to secure wireless Web access to valuable company information and provide proof of identity for a secure Web transaction. Since RSA BSAFE products are the de facto security infrastructure throughout the Internet, they provide seamless interoperability between wireless devices and all “wired” applications and services.

	•	Web transactions typically take the form of payment processing, secure document delivery, forms processing and supply chain management. These applications are at the forefront of PKI deployments and each requires data confidentiality and integrity, legally binding transactions and strong user authentication. We believe the unique combination of our RSA SecurID authentication solutions, RSA Keon PKI solutions and RSA BSAFE cryptographic software provides customers with a high level of e-security for Web transactions.

	•	VPNs represent another significant application for our e-security solutions, as PKI, encryption and user authentication provide enhanced security by protecting data privacy and integrity during transmission, as well as mutually authenticating the individuals and devices engaged in communication sessions involving high-value information. We believe that adding a PKI solution to an organization’s VPN provides additional leverage in the return on investment calculations that are a crucial factor in any technology purchase decision.

	•	Reduced sign-on is a compelling application for PKI because it consolidates authentication mechanisms and streamlines the log-on process, reducing frustration for the end user. We believe that it also offers organizations a substantial, near-term return on their investment by reducing the huge support costs associated with password management. Plus, using PKI for reduced sign-on can offer a long-term migration path to conducting digitally signed transactions for those organizations migrating to a B2B environment.


	•	Leverage Product Synergies. We believe that one of our competitive advantages is the synergy shared by our RSA SecurID, RSA BSAFE and RSA Keon product lines. We believe we are the only e-security vendor that can offer application-specific solutions comprised of products from complementary authentication, encryption and PKI product lines. The synergy shared by our product lines gives us the opportunity, once we sell one product to a customer, to sell additional complementary products from other product lines to the same customer. As a result, our customers have increased choice and greater flexibility when deciding how to deploy e-security solutions with their current and future applications.

	•	Maintain Technological Leadership. We plan to continue to add new capabilities and features to our e-security products to meet our customers’ evolving needs. We expect to maintain a leading role in basic cryptographic research, develop new encryption technologies and maintain close working relationships with leading academic centers and custom development teams. We intend to support the proliferation of PKI as a key element of e-business through the marketing of and participation in industry initiatives such as the PKI Forum, an industry-led collaboration to accelerate the adoption of PKI technology and PKI-based solutions as a trusted, secure foundation for e-business applications.

	•	Expand Market Opportunities. We intend to expand our market opportunities through investments and partnerships, industry initiatives and marketing designed to heighten awareness of e-security issues. Through our RSA Capital segment, we make investments in companies that are delivering the infrastructure, tools and applications to accelerate the growth of e-business. Through our RSA Secured partner program, we have established strategic partnerships with more than 500 industry-leading vendors and plan to continue to foster and leverage these partnerships and enter into additional relationships with companies that can provide complementary technologies for our solutions. We also seek to heighten awareness regarding e-security issues through marketing programs such as our annual RSA Conference.

	•	Expand Indirect Sales and Support Channel. We currently sell our products through a direct sales force and through relationships with a significant number of original equipment manufacturers and developers, value-added resellers (“VARs”) and distributors. We believe that an expanded indirect


		sales and support channel enables us to enter new markets and gain access to a larger installed base of potential customers in a cost-effective manner.

	•	Expand International Presence. We believe that international markets present a large, relatively new market for e-security products. Sales outside North America as a percentage of total revenue were approximately 34.6% in 1998, 30.3% in 1999 and 33.2% in 2000. We have offices throughout the United States, Canada, Europe, Asia, Japan and Australia and plan to continue to expand our international business by establishing new offices, hiring additional sales personnel, establishing additional distribution arrangements, primarily in Europe and Asia, and developing local presences in new markets.

Through our e-Security Solutions segment, we deliver a range of products and technologies that are designed to help organizations ensure the authenticity of the people, devices and transactions involved in e-business. Our core competencies are in three product lines — RSA SecurID, RSA BSAFE and RSA Keon — which deliver two-factor user authentication, encryption and public key infrastructure solutions, respectively. We derive our operating revenue primarily from two distinct product groups: Enterprise solutions, which includes RSA SecurID authenticators, RSA ACE/ Server software, RSA Keon software, and maintenance and professional services, and Developer solutions, which includes RSA BSAFE cryptographic software and protocol products, RSA Keon components, and maintenance and professional services.

RSA SecurID solutions provide centrally managed, strong, two-factor user authentication services for enterprise networks, operating systems, e-business Web sites and other information technologies infrastructure, designed to ensure that only authorized users gain access to data, applications and communications. Supporting a range of authentication devices, including hardware tokens, key fobs, smart cards, cellular telephones, personal digital assistants and software tokens, RSA SecurID solutions are designed to create a barrier against unauthorized access, protecting network and data resources from potentially devastating accidental or malicious intrusion. RSA SecurID installations are managed through RSA ACE/ Server® authentication management software, which has the ability to scale deployments for hundreds of thousands of users.

RSA SecurID user identification and authentication products combine two methods of user identification — something secret the user knows (a personal identification number) and something the user physically has (the RSA SecurID authenticator). To gain access to a protected resource, a user enters his or her PIN and the “authenticator code” that is automatically computed and displayed on the user’s RSA SecurID authenticator. The PIN and the authenticator code together form the user’s “pass code.” With a valid pass code, the authorized user is identified, authenticated and granted access to appropriate information resources.

Each RSA SecurID authenticator contains our proprietary technology and is programmed with a secret, randomly generated seed number unique to the individual user’s authenticator. The seed number and Greenwich Mean Time are used to generate code sequences at set intervals (typically every 60 seconds) which are then matched to the RSA ACE/ Server software using the same seed number and Greenwich Mean Time to generate a server code corresponding to the user’s authenticator code.

RSA BSAFE software is a family of platform-independent cryptographic security developer tools and components that are designed to enable software developers to reliably incorporate e-security into a wide range of software applications and hardware devices. RSA BSAFE encryption components are used to secure applications for electronic commerce and services over the Internet and intranets, enterprise security, entertainment, wireless communications, delivery of digital information over cable and other uses. We believe that the RSA BSAFE product line is the most widely deployed cryptographic software in the world, with more than 800 million licenses in use today. RSA BSAFE products include:


	•	RSA BSAFE Crypto-C and Crypto-J, popular core cryptography components for the C and Java programming languages;

	•	RSA BSAFE Cert-C and Cert-J, standards-based certificate processing tools for C and Java;

	•	RSA BSAFE S/ MIME-C, for adding e-security to messaging applications;

	•	RSA BSAFE SSL-C and SSL-J, protocol tools that are designed to enable secure point-to-point communications over the Internet, based on C and Java; and

	•	RSA BSAFE WTLS-C, for adding cryptographic and certificate management technologies to wireless applications, devices and systems.

Our RSA Keon PKI solutions are a family of interoperable, standards-based PKI software modules for managing digital certificates and creating an environment for authenticated, private and legally binding electronic communications and transactions. RSA Keon software is designed to be easy to use and interoperable with other standards-based PKI solutions, and to feature enhanced security through its synergy with the RSA SecurID authentication and RSA BSAFE encryption product families.

RSA Keon technology provides a common foundation for securing Internet and e-business applications. The RSA Keon family contains software modules for both enterprise customers who need turnkey solutions, and for enterprise customers and developers who want to build their own standards-based, native PKI applications or take advantage of PKI-aware applications. RSA Keon components include:


	•	RSA Keon Certificate Server, a powerful and flexible module for issuing digital certificates, managing their life cycle and making them available in public directories. The RSA Keon Certificate Server is an advanced system for conducting business online, and supports PKI-aware applications such as email or browsers. The RSA Keon Certificate Server also includes RSA Keon One Step, a software module designed to simplify the registration and issuance of certificates.

	•	RSA Keon Advanced PKI, a set of software modules designed to be built on top of the RSA Keon Certificate Server, or any other standards-based certificate source, such as VeriSign Onsite, Netscape Certificate Management Software or Baltimore UniCERT. RSA Keon Advanced PKI provides a variety of services designed to remove common barriers to PKI deployment by making digital certificates transparent across multiple applications, enforcing security policies for certificate and credential use and enabling the integration of multiple certificate and directory sources. RSA Keon Advanced PKI comprises the RSA Keon Security Server and RSA Keon Desktop components, as well as RSA Keon agents, RSA Keon Application Integration software developer kits and RSA BSAFE Cert-C and Cert-J encryption tools for integrating non-PKI applications with RSA Keon software.

	•	RSA Keon Web PassPort, a standards-based product that is designed to make PKI easy to use. RSA Keon Web PassPort is designed for environments where a desktop footprint is not appropriate and interoperability with applications like browsers, mail clients, and Web authorization systems is a must. The small, downloaded plug-in seamlessly integrates with browsers, mail clients, and other applications to enable digital signing, user-authenticated SSL, secure email (S/ MIME) and VPNs.

	•	RSA Keon Sentry CA, a PKI product line that became part of the RSA Keon family as a result of our acquisition of Xcert International, Inc. RSA Keon Sentry offers advanced CA features, including hardware-based key recovery, scalability to 8 million seats, a distributed RA/ CA architecture and


		flexible trust management options including cross-certificate support. RSA Keon Certificate Server and RSA Keon Sentry CA each possess a different set of features, making each stronger in particular applications. We plan to offer and enhance both products, while working towards the release of an integrated CA product that marries the best features of both. We expect to release this integrated product in the fourth quarter of 2001.

Historically, we have placed a premium on establishing interoperability between our products and those of other vendors. To that end, we invest in and support a strategic partnering program under the name of “RSA Secured.” The RSA Secured partner program is designed to help vendors integrate or establish interoperability between partner products and our products, including the RSA SecurID, RSA BSAFE and RSA Keon product lines. The RSA Secured partner program includes a specific program for each of our product lines:


	•	We test and certify interoperability between our RSA SecurID and RSA ACE/ Server products and the products from vendors of remote access devices, Internet firewalls, network and applications software and virtual private network products. We have certified over 225 vendor applications as part of our RSA Secured SecurID Ready program, making this program one of the largest certified strong authentication partner programs in the industry.

	•	We also offer interoperability testing and certification for vendors seeking to ensure interoperability between their products and our RSA Keon PKI solutions. We have certified over 135 vendor applications as part of our RSA Secured Keon Ready program, making this program one of the largest certified partner programs in the PKI industry. We believe that the mandatory certification testing in our RSA Secured SecurID and Keon Ready programs sets these interoperability programs apart from those of our competitors, some of whom do not test the interoperability between their products and their partners’ products.

	•	We offer specific programs for licensees of our RSA BSAFE technology, who incorporate RSA BSAFE software into their products.

Collectively, through all of the RSA Secured partner programs, we have strategic relationships with more than 500 vendors — including Apple Computer, AT&T, Check Point, Cisco Systems, Compaq, IBM, Intel, Microsoft, Nortel Networks, Novell, Oracle, Sun Microsystems and others — who have integrated our technologies into more than 1,000 products. The end-user customers of the vendors who have joined the RSA Secured partner program can purchase authenticators and license RSA ACE/ Server software directly from us. We believe that these relationships help RSA Security and its customers expand their enterprise network coverage and assist us in increasing our customer base.

We have created marketing programs to foster the use of the RSA Secured logo on vendor products that incorporate our technologies or are interoperable with our products. These programs include but are not limited to listings in online directories, use of logos on product packaging and promotional materials, RSA Secured advertising, and access to marketing funds and joint promotional activities, such as tradeshows, advertising, direct mail and joint press releases.

We have established a multi-channel distribution and sales network to serve the e-security market. We sell and license our products directly to end users through our direct sales force and indirectly through a network of original equipment manufacturers (“OEMs”), VARs and distributors. In addition, we support our direct and indirect sales efforts through strategic marketing relationships and public relations programs, trade shows and other marketing activities.

In support of our sales efforts, we conduct sales training courses and comprehensive targeted marketing programs, including direct mail, public relations, advertising, seminars, trade shows, interactive marketing, telemarketing and ongoing customer and third-party communications programs. We also seek to stimulate

Our direct sales staff focuses on major accounts, provides technical advice and support with respect to our products and works closely with our customers, developers, VARs and distributors.

We also market, sell and license our products indirectly through our RSA SecurWorld™ network of OEMs, VARs and distributors. As of December 31, 2000, we had distributor and reseller relationships with approximately 350 OEMs, VARs and distributors.

Generally, we sell our RSA BSAFE products to developers through our direct sales force, rather than through distributors. We have historically sold our RSA BSAFE products primarily to developers, but our sales staff is currently focusing on increasing sales of these products to enterprise customers as well.

To enhance demand for our products, we have participated in the development of various industry-specific protocols that incorporate our RSA BSAFE cryptographic data security technologies. We also host our own annual industry conferences, the RSA Conference, and participate in other conferences to increase demand for our products. Through our RSA Laboratories division, we maintain a leading role in basic cryptographic research, develop new encryption technologies and maintain close working relations with leading academic centers and customer development teams.

Our business has historically tended to be seasonal, with the last quarter of the year having the highest amount of revenue and the first quarter of the year having the lowest amount of revenue. We believe that the higher amounts of revenue in the last quarter is due to our quota-based compensation plans, year end budgetary pressures on our customers and the tendency of some of our customers to implement changes in enterprise network or data security just before the end of the calendar year. In addition, revenue tends to slow in the summer months, particularly in Europe, when businesses defer purchase decisions.

As of December 31, 2000, we had sold more than 8,000,000 RSA SecurID authenticators to more than 7,000 customers worldwide. Historically, our principal customers have been in the telecommunications, pharmaceutical, financial and healthcare industries as well as academic institutions, research laboratories and government organizations. These customers generally work with highly confidential information and are sophisticated and knowledgeable purchasers of e-security systems. We believe that as corporate networks proliferate and become more complex, the number of industries concerned with e-security will grow.

As of December 31, 2000, we had licensed our RSA BSAFE encryption engine and patented technology to more than 900 organizations that typically incorporate the encryption technology into their products. RSA BSAFE encryption technology is embedded in current versions of Microsoft Windows NT®, Microsoft Internet Explorer®, Netscape Navigator®, Quicken® by Intuit®, Lotus Notes® and numerous other products, including mobile phones, pagers and other wireless products of Ericsson, Nokia, Matsushita, Symbian and Openwave Systems (formerly Phone.com). We also license RSA BSAFE encryption technology directly to enterprise customers for incorporation into their business, financial and electronic commerce networks. RSA BSAFE technologies are part of existing and proposed standards for the Internet and World Wide Web, ITU, ISO, ANSI and IEEE.

No customer accounted for more than 5% of our total revenue in 1998, 1999 or 2000.

We maintain a customer support help desk, technical support organization and professional services group at our headquarters in Bedford, Massachusetts and at other locations throughout the world. We offer telephone and Web support for certain of our products 24 hours a day, seven days a week. We continue to add advanced technical support and professional service personnel to our staff to address anticipated additional demands arising from the deployment of our e-security solutions into larger and more complex user

Our standard practice is to provide a warranty on all RSA SecurID authenticators for the customer-selected programmed life of the authenticator (generally three to four years) and to replace any damaged authenticators (other than authenticators damaged by a user’s abuse or alteration) free of charge. We generally sell each of our other products to customers with a warranty for product defects for specified periods. At the time of purchase, customers may elect to purchase a maintenance contract for 12-month renewable periods. Under these contracts, we agree to provide corrections for documented program errors; version upgrades for both software and, if applicable, firmware; telephone consultation; and Web-based access to solutions, patches and documentation.

Our product development efforts are focused on enhancing the functionality, reliability, performance and flexibility of our existing products. We are developing architectures and technologies to continually enhance the administrative capabilities and scalability of our RSA ACE/ Server and RSA Keon products and to increase interoperability with additional network operating systems, applications and directory services. We are also developing tools to assist customers, strategic partners and other third-party integrators in integrating our products with custom and other third-party network or system applications.

We are working to increase our competitive position by developing standards-based protocols and solutions that address the needs of specific market segments and build on our industry-leading RSA BSAFE technology. In the latter case, we may choose to enter into strategic partnerships with other parties to develop and/or market the products. In addition, we have developed enhanced RSA BSAFE Cert-C and Cert-J tools to enable both developers and enterprise developers to make new applications PKI “aware.”

In addition to enhancing our existing products, we continue to identify and prioritize various technologies for potential future product offerings. We may develop these products internally or enter into arrangements to license or acquire products or technologies from third parties. There can be no assurance, however, that we will be successful in enhancing or developing existing products or identifying and successfully acquiring new technologies.

Our product development staff, which consists of approximately 290 employees working in five development centers worldwide, engages in software and hardware engineering, testing and quality assurance and technical documentation. We also engage outside contractors where appropriate to supplement our in-house expertise or expedite projects based on customer or market demand.

RSA SecurID Authenticators. We currently contract for the manufacture of RSA SecurID authenticators with two suppliers, one in China and one in Thailand. We have generally been able to obtain adequate supplies of RSA SecurID authenticators in a timely manner and believe that alternate vendors can be identified if current vendors are unable to fulfill our needs. However, delays or failure to identify alternate vendors, if required, or a reduction or interruption in supply or a significant increase in the manufacturing costs could adversely affect our financial condition or results of operations and could impact customer relations.

RSA Security Software. RSA ACE/ Server, RSA BSAFE and RSA Keon software products are distributed on standard magnetic diskettes, compact disks and tapes together with documentation. We contract with media duplication subcontractors for the majority of our media duplication. We have the capability to do all media duplication in-house, but limit this use to small production runs such as beta programs.

Although we generally use standard parts and components for our products, some components are currently available only from limited sources. For example, Sanyo Electric Co., Ltd. and Epson Electronics are our only suppliers for the microprocessor chips contained in our RSA SecurID products. If we were unable to obtain a sufficient supply of these or any other components, then we might be unable to fill customer orders and might have to expend significant resources to find new suppliers. As a result, we attempt to maintain a three-to-four-month supply in inventory. We believe that it would take approximately six months to identify and commence production of suitable replacements for the microprocessor chip used in RSA SecurID authenticators.

The market for e-security products is highly competitive and subject to rapid change. We believe that competition in this market is likely to intensify as a result of increasing demand for e-security products. We currently experience direct and indirect competition from a number of sources, including software operating systems suppliers and application software vendors that incorporate a single-factor static password security system into their products; vendors of hardware tokens competitive with RSA SecurID products; smart card security device vendors; biometric security device vendors; PKI and cryptographic software firms; and application access providers. In some cases, these vendors also support our products and those of our competitors. In the future, we may also face competition from these and other parties that develop e-security products based upon approaches similar to or different from those we employ, including operating system or network suppliers not currently offering competitive e-security products. There can be no assurance that the market for e-security products will not ultimately be dominated by approaches other than the approaches we offer.

We believe that the principal competitive factors affecting the market for e-security products include technical features, ease of use, interoperability, quality/reliability, level of security, customer service and support, distribution channels and price. Although we believe that our products currently compete favorably with respect to such factors, there can be no assurance that we can maintain our competitive position against current and potential competitors, especially those with significantly greater financial, marketing, service, support, technical and other competitive resources.

We rely on a combination of patent, trade secret, copyright and trademark laws, software licenses, nondisclosure agreements and technical measures to protect our proprietary technology. We also generally enter into nondisclosure and assignment of inventions agreements with our employees and confidentiality and/or license agreements with our distributors, strategic partners and customers and potential customers, and limit access to and distribution of our software, documentation and other proprietary information.

Our 23 issued U.S. patents expire at various dates ranging from 2005 to 2018. Our 31 foreign patents expire at various dates between 2005 and 2013. We have also filed patent applications on inventions embodied in new technologies that we developed and on inventions that may be useful in the field of e-security. There can be no assurance that any of these applications will result in an issued patent.

We have registered, or are seeking to register, our trademarks and service marks in countries where we are selling our products. However, from time to time third parties have opposed our pending trademark and service mark applications, and we may face such opposition in the future to our current or future applications. Furthermore, some national trademark offices may not permit us to register the marks on terms that we find acceptable. We will seek to enforce our trademark and service mark rights against third parties who are marketing goods or services under marks that we consider confusingly similar to our marks. However, there can be no assurance that we will prevail in any enforcement action. We may also seek to purchase or license trademarks from third parties, but there can be no assurance that we will be able to purchase or license trademarks on commercially favorable terms or at all.

All of our products are subject to U.S. export control laws and applicable foreign government import, export and/or use restrictions. Minimal U.S. export restrictions apply to all products, whether or not they perform encryption functions.

Exports of commercial products using encryption are regulated by the Export Administration Regulations of the U.S. Department of Commerce. Under regulations issued by the Department of Commerce in January 2000, encryption products of any key length, including general purpose encryption toolkits such as our RSA BSAFE products, may be exported, after a one-time technical review, to all end-users other than governmental end-users. Encryption products may be exported to governmental end-users under special Encryption Licensing Arrangements or individual export licenses that may be issued at the discretion of the Department of Commerce. In October 2000, the Department of Commerce further revised the Export Administration Regulations to remove the export licensing requirement for shipments to governmental end-users in 23 countries, including most of the United States’ major trading partners. We believe that we have completed the necessary technical reviews of the products and services we currently export, but products we acquire such as the Xcert products, may require technical review before we can export them. Following export of certain of our products, we will be subject to various post-shipment reporting requirements.

The export regulations may be modified at any time, and in the event of any such modification, there can be no assurance that we will be authorized to export encryption products from the United States without a license in the future. In the event of such a modification, we might be at a disadvantage in competing for international sales compared to companies located outside of the United States that would not be subject to such restrictions.

In January 2000, we formed our RSA Capital segment, whose activities relate to our existing and future investments in e-businesses and other technology companies. Through the RSA Capital segment, RSA Security directly or through its subsidiaries makes investments that we believe may provide a strategic advantage to our operating business. In addition, our Board of Directors has authorized us to form and invest at least $100 million in a venture capital fund. The venture capital fund will focus primarily on maximizing its returns on its investments rather than the investments’ strategic value to our operating business, and will invest in entities where we believe that our expertise and reputation may contribute to the success of the entity.

The RSA Capital segment competes for investment opportunities with investment companies, venture capital firms, incubators and other investors who may have the ability to devote greater financial resources to investments than we do or who may be able to offer greater strategic support to companies in which they invest than we can.

Information on our industry segments may be found in Note 13 of the Notes to Consolidated Financial Statements.

At December 31, 2000, we employed 1,093 employees. Of these employees, approximately 293 were involved in research and development, 420 in sales and marketing, 145 in customer service and support, 35 in production, 58 in information technology and 142 in administrative, human resources and finance. Of the administrative and finance employees, 12 employees are devoted to our RSA Capital segment. No employees are covered by any collective bargaining agreements. We believe that our relationships with our employees are good.

Our principal administrative, sales and marketing, research and development and support facilities aggregate approximately 210,000 square feet of office space and are located in Bedford, Massachusetts under non-cancelable ten year leases expiring in August 2008. We entered into an operating lease agreement in

November 2000 for a new corporate headquarters facility that is currently under construction. The new headquarters facility will be located in Bedford, Massachusetts, and construction of the approximately 328,000 square foot facility is expected to be completed in April 2002. We intend to sublease our existing principal facilities once we move into the new facility. At this time, we do not believe we will incur any material losses from any sublease of our existing principal facilities leases. We also lease approximately 58,000 square feet of office space for research and development and sales and marketing in San Mateo, California under non-cancelable ten-year leases expiring in 2008. In addition, we lease facilities for administration, field sales, research and development, manufacturing and customer support throughout the United States, Canada, Asia, Australia and Europe.

During 2000, we purchased an approximately 31,000 square foot office building in Bracknell, United Kingdom. This building is used as our administration, sales and marketing headquarters for our European operations.

In connection with the consolidation of certain operations commenced in January 1999, we sublet to third parties a total of approximately 50,000 square feet of our facilities at various locations, expiring through June 2002.

On or about December 11, 1998, a purported class action was filed in the United States District Court for the District of Massachusetts on behalf of all purchasers of our common stock during the period from and including September 30, 1997 through July 15, 1998: Fitzer v. Security Dynamics Technologies, Inc., Charles R. Stuckey, Jr., D. James Bidzos, Arthur W. Coviello, Jr., John Adams, Marian G. O’Leary and Linda B. Saris, Civil Action No. 98-CV-12496-WGY. The plaintiffs subsequently dismissed without prejudice the claims against Ms. Saris. The plaintiffs asserted that the defendants misled the investing public concerning demand for our products, the strengths of our technologies, and certain trends in our business and sought unspecified damages, interest, costs and fees of their attorneys, accountants and experts. On September 28, 2000, the United States District Court granted the defendants’ motion to dismiss, and entered a judgment dismissing the plaintiffs’ claims with prejudice. On October 18, 2000, the plaintiffs filed in the District Court a notice of appeal from the judgment. After the notice of appeal was filed, the defendants made a motion to the District Court to modify the judgment of dismissal, and to add certain material to the record on appeal. The District Court denied the defendants’ motion, and defendants’ appeal from the denial of the motion has been consolidated with the plaintiffs’ appeal. Even if the plaintiffs’ request for appeal is granted and the District Court’s decision is reversed, we believe that this suit will not have a material adverse effect on our continuing operations and consolidated financial position.

On or about May 20, 1999, Kenneth P. Weiss, the founder and a former director, officer and employee of RSA Security, filed a demand for arbitration alleging that (a) we constructively terminated Mr. Weiss in May 1996 in violation of his Employment Agreement with RSA Security, and (b) we breached our obligations under Mr. Weiss’ Employment Agreement by refusing to release certain assignments of patents. Mr. Weiss subsequently amended his complaint to remove the constructive termination claim. Mr. Weiss sought unspecified damages, interest, costs and fees of his attorneys and experts, as well as the return of his rights in certain patents he created and assigned to RSA Security in the course of his employment. Hearings in the proceeding took place over ten days in the fall and winter of 2000. On February 26, 2001, the arbitration panel entered an order denying all of Mr. Weiss’s remaining claims.

costs and fees of his attorneys, accountants and experts, as well as injunctive relief. We believe that Mr. Moran’s claims are without merit, and intend to defend the lawsuit vigorously. We believe that the disposition of this matter will not have a material adverse effect on our continuing operations and consolidated financial position.

On or about August 16, 2000, James V. Biglan, a stockholder of RSA Security, filed a shareholder derivative action in the Court of Chancery of New Castle County in the State of Delaware derivatively on behalf of RSA Security v. Charles R. Stuckey, Jr., D. James Bidzos, Richard L. Earnest, Dr. Taher Elgamal, James K. Sims, Robert P. Badavas, Joseph B. Lassiter, III, Arthur Coviello, Jr., VeriSign, Inc. and RSA Security Inc., f/k/a Security Dynamics Technologies, Inc., Civil Action No. 18190NC. Mr. Biglan asserts that our Board of Directors breached its fiduciary duty to RSA Security by failing to obtain certain international patents, by failing to enforce the terms of certain agreements with VeriSign, Inc., by permitting the violation of federal securities laws by RSA Security and certain insiders, and by appointing Mr. Stuckey as President of RSA Investments. Mr. Biglan seeks unspecified damages, interest, costs and fees of his attorneys, accountants and experts, as well as injunctive relief. We believe that Mr. Biglan’s claims are without merit, and intend to defend the lawsuit vigorously. We believe that the disposition of this matter will not have a material adverse effect on our continuing operations and consolidated financial position.

On or about September 29, 2000, the Court of Chancery of New Castle County in the State of Delaware consolidated Mr. Moran’s and Mr. Biglan’s cases.

On or about February 2, 2001, Leon Stambler filed a complaint for patent infringement in U.S. District Court for the District of Delaware against RSA Security, VeriSign, Inc., First Data Corporation, Openwave Systems Inc., and Omnisky Corporation, Case Number 01-0065. In his complaint, Mr. Stambler alleges that certain products marketed by each of the defendants infringe various patents that he owns, and he seeks unspecified damages as well as a preliminary and permanent injunction enjoining the defendants from infringing the claims asserted. It is possible those other defendants who are our licensees will seek indemnification from us for these claims pursuant to the licenses in effect between those defendants and us. Although we believe that Mr. Stambler’s claims are without merit and we intend to defend the lawsuit vigorously, we cannot predict the ultimate outcome of this matter; however, we believe that the disposition of this matter will not have a material adverse effect on our continuing operations and consolidated financial position.

From time to time, we have been named as a defendant in other legal actions arising from our normal business activities, which we believe will not have a material adverse effect on us or our business.

Mr. Coviello has served as Chief Executive Officer of RSA Security since January 2000, President since March 1999, Executive Vice President from September 1995 to March 1999, Chief Operating Officer from January 1997 to March 1999 and Chief Financial Officer and Treasurer from October 1995 to August 1997. Before joining RSA Security, Mr. Coviello served in various capacities with CrossComm Corporation, a developer of internetworking products, and as its Chief Operating Officer and Chief Financial Officer from March 1992 to January 1994.

Mr. Stuckey has served as Chairman of the Board of Directors of RSA Security since July 1996, President from January 1987 to March 1999, Chief Executive Officer from March 1987 to January 2000, and President of RSA Investments Inc., a wholly owned subsidiary of RSA Security, since January 2000.

Dr. Adams joined RSA Security as Senior Vice President, Engineering in March 1996 and was appointed Chief Technology Officer in October 1999. Before joining RSA Security, Dr. Adams served in various capacities with Digital Equipment Corporation, including Vice President and Technical Director of its Network Operating Systems Division, from 1991 to 1996.

Mr. Kennedy joined RSA Security as Chief Financial Officer, Senior Vice President, Finance and Treasurer in August 1999 and was appointed Senior Vice President, Finance and Operations in October 2000. Before joining RSA Security, Mr. Kennedy was Chief Financial Officer of décalog, NV, a developer of enterprise investment management software, from 1998 to 1999. From 1993 to 1998, he served as Vice President of Finance, Chief Financial Officer and Treasurer of Natural MicroSystems Corporation, a telecommunications company.

Ms. Saris joined RSA Security as Vice President, Finance and Operations, Treasurer and Chief Financial Officer in June 1989. She was appointed Senior Vice President, Customer Support, Information Services and Operations in July 1998 and Senior Vice President, New Ventures in October 2000. From January 1997 to July 1998, Ms. Saris served as Vice President, Customer Support and Operations of RSA Security and from October 1995 to January 1997, as its Vice President, Operations.

Mr. Schnell joined RSA Data Security, Inc., a former subsidiary of RSA Security that merged with RSA Security in September 1999, as Vice President of Marketing in March 1996. He was appointed Senior Vice President, Marketing of RSA Security in July 1998 and Senior Vice President, Marketing and Corporate Development in October 2000. Before joining RSA Data Security, Mr. Schnell was Vice President, Marketing of Photonics Corporation from June 1994 to July 1995 and held a number of positions, including Director of Sales, AppleSoft Software, and Director and General Manager of the electronic software retail unit at Apple Computer, Inc.

Mr. Schuster joined RSA Security as Vice President, EMEA in January 1998. He was appointed Senior Vice President, Enterprise Sales in March 1999 and Senior Vice President, Worldwide Sales and Professional Services in October 2000. Before joining RSA Security, Mr. Schuster served as Vice President, Sales and Marketing for North Europe, Mideast and Africa of Novell, Inc. from January 1996 to December 1997.

Ms. Seif joined RSA Security as General Counsel in March 1998. She was appointed Vice President and Secretary in June 1998 and Senior Vice President in January 2000. Before joining RSA Security, Ms. Seif was Vice President and General Counsel of Firefly Network, Inc., a personal information software company, from 1996 to 1998. In November 1993, Ms. Seif joined Ziff-Davis Publishing Company as Senior Corporate Counsel. Through several combinations, Ziff-Davis Publishing Company became AT&T’s New Media Services division, where Ms. Seif served as Vice President — Legal Affairs until 1996.

Mr. Uniejewski joined RSA Security as Vice President of Product Marketing in October 1998. He was appointed Senior Vice President, Engineering in October 1999 and Senior Vice President, Engineering and Customer Support in October 2000. Before joining RSA Security, Mr. Uniejewski served in various positions at Gradient Technologies, including Vice President of Engineering from 1996 to 1998. From 1994 to 1996 he served as Director of Marketing of Cisco Systems’ ATM business unit.

Ms. Vitale joined RSA Security as Director of Human Resources in June 1996. She was appointed Vice President, Human Resources in April 1997 and Senior Vice President, Human Resources in January 2000. Before joining RSA Security, Ms. Vitale served as Director of Employment and Employee Relations at New England Business Services from July 1994 to June 1996.

The following sales prices have been adjusted to reflect the three-for-two stock split, declared in February 2001, payable in the form of a common stock dividend to holders of record on March 9, 2001, which will be effected on or about March 23, 2001. Our common stock has been trading on The Nasdaq National Market under the symbol “RSAS” (formerly “SDTI”) since our initial public offering on December 14, 1994. The following table sets forth for the fiscal periods indicated the high and low sales prices per share of our common stock as reported on The Nasdaq National Market.

There were 292 stockholders of record of our common stock as of February 8, 2001. We estimate that we have a total of approximately 24,500 stockholders, including stockholders who hold their shares in “street name.”

We have never declared or paid any cash dividends on our capital stock. We currently intend to retain earnings, if any, to support our growth strategy and do not anticipate paying cash dividends in the foreseeable future. Payment of future dividends, if any, will be at the discretion of our Board of Directors after taking into account various factors, including our financial condition, operating results, current and anticipated cash needs and plans for expansion.

This Report contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended, and Section 27A of the Securities Act of 1933, as amended. For purposes of these Acts, any statement that is not a statement of historical fact may be deemed a forward-looking statement. For example, statements containing the words “believes,” “anticipates,” “plans,” “expects,” and similar expressions may be forward-looking statements. There are a number of factors that could cause our actual results to differ materially from those indicated by these forward-looking statements, including without limitation, the factors set forth below under the caption “Certain Factors That May Affect Future Results.” All references to common stock and per share amounts have been adjusted on a retroactive basis to reflect the three-for-two common stock split, declared in February 2001, payable in the form of a common stock dividend to holders of record on March 9, 2001, which will be effected on or about March 23, 2001.

We sell our two-factor user authentication, encryption and public key management products and solutions to corporate (“Enterprise”) users seeking turnkey security solutions, and to original equipment manufacturers and developers (“Developer”) seeking software development components for embedding security in a range of software applications or hardware devices. In addition to providing e-security solutions, in January 2000 we formed our RSA Capital segment, whose activities relate to our existing and future investments in e-businesses and other technology companies.

Through our e-Security Solutions segment, we derive our operating revenue primarily from two distinct product groups: Enterprise solutions, which includes RSA SecurID® authenticators, RSA ACE/ Server® software, RSA Keon® software, and maintenance and professional services, and Developer solutions, which includes RSA BSAFE® cryptographic software and protocol products, RSA Keon components, and maintenance and professional services.

Typically, our Enterprise solutions customers complete an initial purchase of a product, then come back to purchase additional or replacement authenticators and software as their use of the product expands to include more users, such as their vendors, suppliers, customers and clients. At each customer’s request, we program our RSA SecurID authenticators to operate for a fixed period of up to four years. We typically base our RSA ACE/ Server and RSA Keon software license fees on the number of users authorized under each customer’s license.

With respect to Developer solutions, RSA BSAFE software licensing terms vary by product, but typically include both an initial fee and ongoing royalties paid as a percentage of the Developer’s product or service revenue. Often, our existing Developer customers go on to license new software or technology from us or wish to increase the field of use rights for the technology they have already licensed. In such a case, we amend our license agreement with the customer and charge additional licensing fees, thus deriving additional revenue.

With respect to our RSA Capital segment our investments have historically consisted of equity instruments, and we expect that most of our future investments will consist of equity instruments as well. RSA Capital holds investments in several public companies, which if their sale is not prohibited by contractual or statutory restrictions, are accounted for as available for sale marketable securities, as well as investments in a number of private companies and restricted public companies, which are accounted for using the cost method. RSA Capital also holds an interest in Crosby Finance, LLC, a qualified special purpose entity, which is accounted for as a held to maturity security. Expenses incurred in connection with these investments are primarily for general and administration, management, and legal matters.

Our direct sales to our customers in countries outside of the United States are primarily denominated in the local currency. As a result, fluctuations in currency exchange rates could affect the profitability and cash flows in U.S. dollars of our products sold in markets outside of the United States. Historically, foreign currency exchange rate fluctuations have had minimal impact on our profitability and cash flows. Our sales through indirect distribution channels are generally denominated in U.S. dollars, and therefore are not subject to foreign currency fluctuations.

We have contracted with outside manufacturing organizations to produce our RSA SecurID authenticators, and some of our products contain technology that is licensed from third parties. Therefore, our cost of revenue consists primarily of costs associated with the manufacture and delivery of RSA SecurID authenticators and royalty fees that we pay for the licensed technology. Cost of revenue also includes professional service, customer support, and production costs. Production costs include the programming labor, shipping, inspection and quality control functions associated with the RSA SecurID authenticators.

Information on our industry segments may be found in Note 13 of the Notes to Consolidated Financial Statements.

The following table sets forth certain consolidated financial data as a percentage of revenue:

Total revenue increased 28.5% in 2000 to $280.2 million from $218.1 million in 1999. The growth in product revenue in 2000 versus 1999 occurred in both Enterprise solution and Developer solution product groups, with the most significant growth in total product revenue arising from the sale of authentication products, whose revenue increased approximately 26% in 2000 over 1999, and accounted for 41% of total revenue for the year ended December 31, 2000. Services revenue increased 54% in 2000 over 1999, primarily due to increased maintenance revenue from increased sales of products. We believe that the revenue increases

are an indication of the continuing increasing importance of e-security solutions to the online economy, and are also in part due to our product line synergies which enable us to sell additional products to existing customers.

Sales to Enterprise solution customers increased 28.3% in 2000 over 1999 and accounted for approximately 75% of the increase in total revenue in 2000 over 1999. For 2000, RSA SecurID authentication products accounted for 77%, RSA Keon products accounted for 7% and services associated with products in the Enterprise solutions product group accounted for 16% of total Enterprise solution revenue. We sold approximately 2.6 million RSA SecurID authenticator units in 2000, which represents a 36% increase over 1999. The increase in number of units sold, combined with a 6% decrease in the average selling price per unit in 2000 versus 1999, contributed to the increased revenue from our RSA SecurID authentication product line. Enterprise solution RSA Keon software revenue increased approximately 168% in 2000 over 1999. We believe that the revenue generated from our authenticator product line continues to provide overall growth for us, and newer product lines, such as the RSA Keon product line, have had significant growth in emerging PKI markets.

Sales to Developer customers increased 29.1% in 2000 over 1999 and accounted for approximately 25% of the increase in total revenue in 2000 over 1999. For 2000, RSA BSAFE cryptography products accounted for 80%, RSA Keon components accounted for 8% and services associated with products in the Developer solutions product group accounted for 12% of total Developer solution revenue. We believe that the increase in Developer revenue can be attributed to the continuing demand for products that ensure the authenticity of transactions conducted online.

International revenue increased 41% in 2000 to $93.1 million from $66.0 million in 1999, accounting for 33.2% of total 2000 revenue. Revenue increased in all international markets, with the most substantial growth in Europe and Asia Pacific. We believe international revenue will continue to increase as our presence in international markets gets stronger and the international demand for our products matures.

Our total gross profit increased 30.2% in 2000 to $225.2 million from $173.0 million in 1999. The gross profit from sales of products was 86.1% in 2000 versus 83.8% in 1999. The gross profit from products, as a percentage of total revenue, was 73.2% in 2000 versus 73.3% in 1999. The increase in gross profit from products can be primarily attributed to the increased sales volume on software products, which have higher profit margins. The gross profit on services was 48.2% in 2000 versus 47.6% in 1999. The gross profit from services, as a percentage of total revenue, was 7.2% in 2000 versus 6.0% in 1999. The increase in gross profit from services in 2000 can primarily be attributed to increased maintenance revenue due to increased sales of products.

Research and development expenses increased 19.6% in 2000 to $45.0 million from $37.6 million in 1999. The majority of the increase in research and development expenses resulted from increased payroll expenses associated with the employment of additional staff.

Marketing and selling expenses increased 14.3% in 2000 to $102.8 million from $89.9 million in 1999. Approximately $16.2 million of the increase in marketing and selling expenses in 2000 as compared to 1999 was from increased payroll, commission and overhead costs associated with the employment of additional staff and increased revenue. The increase in payroll and overhead costs was offset by a decrease of approximately $3.3 million in spending on marketing programs. The decrease in spending on marketing programs during 2000 compared to 1999 can be attributed to the costs incurred in connection with the corporate rebranding in 1999, which cost $12.5 million, of which approximately $11.8 million was for marketing programs and was included in marketing and selling expenses, and the remainder was included in general and administrative expenses.

General and administrative expenses increased 29.9% in 2000 to $35.4 million from $27.3 million in 1999. Of the increase in general and administrative expenses, approximately $5.7 million was from increased payroll and overhead costs associated with the employment of additional staff, and approximately $2.4 million was from increased professional fees related to the protection of intellectual property and other legal and accounting matters.

In 1999, we commenced and substantially completed consolidation of certain operations in an attempt to achieve operational efficiency. We recorded costs of $11.4 million associated with this restructuring during the year ended December 31, 1999. These costs consisted primarily of severance costs for employees who were employed primarily in research and development and general and administrative activities for the formerly separate operations of Intrusion Detection, Inc. (“IDI”), facility exit costs and other direct costs. Facility exit costs consist primarily of estimated shortfalls of sublease rental income compared to minimum lease payments due under a lease agreement. During 2000, we reversed $2.1 million of previously recorded restructuring costs due to revised estimates of the facility exit costs, including associated legal costs and other direct costs. Remaining costs of approximately $347,000 were accrued and unpaid at December 31, 2000 and consisted of facility exit costs.

Interest income increased 28.6% in 2000 to $12.9 million from $10.0 million in 1999. The increase is primarily due to interest earned on higher average cash and marketable debt securities balances.

Income from investing activities was $272.9 million for 2000 which includes gains from the sale of VeriSign, Inc. (“VeriSign”) common stock under the put and call program of $86.1 million, net gain from termination and settlement of the put and call option program of $46.0 million, gain from sale of assets to Crosby Finance, LLC (the “LLC”), a qualifying special purpose entity, of $101.4 million, and gain from sale of Trintech Group Plc. (“Trintech”) ordinary shares of $39.4 million. During 2001 we expect to recognize income from investing activities of approximately $41.0 million from the settlement of forward contracts held by the LLC. We routinely evaluate the realizable value of our investments using qualitative and quantitative factors including discounted cash flow analysis and liquidation value assessments.

In the third and fourth quarters of 1999, we sold put and call options on our shares of VeriSign common stock to independent third parties in order to protect a portion of our marketable securities position. On December 31, 1999, our entire position in VeriSign common stock, which totaled 5,500,000 shares, was covered by these put and call options. On November 27, 2000, we exercised our right to terminate the put and call options on our then remaining 4,000,000 shares of VeriSign common stock. The settlement of the put and call options resulted in the sale and delivery of 1,363,084 shares of VeriSign common stock to one of the independent third parties, resulting in net cash proceeds of zero.

Also on November 27, 2000 we entered into three forward contracts and one variable delivery forward contract (the “Derivative Instruments”) with respect to our remaining 2,636,916 shares of VeriSign common stock. Upon execution of the variable delivery forward contract, we received cash proceeds of $137.8 million. Upon maturity of each of the forward contracts we expect to receive net proceeds of $17.8 million in each of the first three quarters of 2001.

Immediately following the execution of the Derivative Instruments, we contributed our 2,636,916 shares of VeriSign common stock to the LLC, of which we are a 99% member. At the same time, we entered into an agreement with the LLC and the counterparty to the Derivative Instruments, pursuant to which all of our rights and obligations in the Derivative Instruments were assumed by the LLC. The LLC is a bankruptcy-remote qualifying special purpose entity, established to securitize the shares of VeriSign common stock, and

the transfer has been accounted for as a sale under Statement of Financial Accounting Standards No. 125, “Accounting for Transfers and Servicing of Financial Assets and Extinguishments of Liabilities.” Accordingly, we do not consolidate the LLC for accounting purposes. At December 31, 2000, our interest in the LLC was $76.0 million which has been recorded as a held to maturity security and included on our balance sheet as an investment.

Minority stockholders owned an aggregate 26% of our Japanese subsidiary until November 1999, when we purchased the interests for $3.6 million. The excess purchase price over fair value of assets of $1.1 million was recorded as goodwill and is being amortized over ten years. Minority interests in our subsidiary’s net loss were $16,000 in 1999.

The provision for income taxes increased to $124.0 million in 2000 from $119.0 million in 1999, primarily due to higher pre-tax income. Our effective tax rate decreased to 37.6% in 2000 from 39.3% in 1999 primarily due to the effect of state taxes on investment income. Due to the transfer of licensing rights to a foreign subsidiary and other tax structure changes, we believe our effective tax rate will decrease during 2001.

Total revenue increased 27.3% in 1999 to $218.1 million from $171.3 million in 1998. The growth in product revenue in 1999 versus 1998 occurred in both Enterprise solution and Developer solution product groups, with the most significant growth in total product revenue arising from sales of authentication products, whose revenue increased approximately 24% in 1999 from 1998, and accounted for 42% of total revenue for the year ended December 31, 1999. Services revenue increased 59% in 1999 over 1998 primarily due to increased maintenance revenue from increased sales of products. We believe that the revenue increases are an indication of the increasing importance of security solutions to the online economy, and are also in part due to our product line synergies which enable us to sell additional products to existing customers.

Sales to Enterprise solution customers increased 24.1% in 1999 over 1998 and accounted for approximately 69% of the increase in total revenue in 1999 over 1998. For 1999, RSA SecurID authentication products accounted for 84%, RSA Keon products, which were introduced during 1999, accounted for 3% and services associated with products in the Enterprise solutions product group accounted for 13% of total Enterprise solution revenue. We sold approximately 1.9 million RSA SecurID authenticator units in 1999, which represents a 38% increase over 1998. The increase in number of units sold, combined with a 9% decrease in the average selling price per unit in 1999 versus 1998, contributed to the increased revenue from our RSA SecurID authentication product line. We believe that the revenue generated from our authenticator product line provides overall growth for us.

Sales to Developer customers increased 38.6% in 1999 over 1998 and accounted for approximately 31% of the increase in total revenue in 1999 over 1998. For 1999, RSA BSAFE cryptography products accounted for 90% and services associated with products in the Developer solutions product group accounted for 10% of total Developer solution revenue. We believe that the increase in Developer revenue can be attributed to the continuing demand for products that ensure the authenticity of transactions conducted online.

International revenue increased 11.4% in 1999 to $66.0 million from $59.3 million in 1998, accounting for 30.3% of the total 1999 revenue. Revenue increased in all international markets, with the most substantial growth in Europe and Asia Pacific.

Our gross profit increased 32.5% in 1999 to $173.0 million from $130.6 million in 1998. The gross profit from sales of products was 83.8% in 1999 versus 80.0% in 1998. The gross profit from products, as a percentage of total revenue, was 73.3% in 1999 versus 71.9% in 1998. The increase in gross profit from products in 1999 can be primarily attributed to the increased sales volume on software products, which have higher profit margins. The gross profit on services was 47.6% in 1999 versus 42.6% in 1998. The gross profit from services, as a percentage of total revenue, was 6.0% in 1999 versus 4.3% in 1998. The increase in gross profit from services in 1999 can primarily be attributed to increased maintenance revenue due to increased sales of products.

Research and development expenses increased 17.7% in 1999 to $37.6 million from $32.0 million in 1998. The majority of the increase in research and development expenses resulted from increased payroll expenses associated with the employment of additional staff.

Marketing and selling expenses increased 34.7% in 1999 to $89.9 million from $66.8 million in 1998. Approximately $8.8 million of the increase in marketing and selling expenses in 1999 as compared to 1998 was from increased payroll costs associated with the employment of additional staff, approximately $2.5 million of the increase was from increased sales commissions on increased revenue, and approximately $11.8 million of the increase was from costs associated with our corporate rebranding.

General and administrative expenses increased 43.4% in 1999 to $27.3 million from $19.0 million in 1998. Approximately $6.4 million of the increase in general and administrative expenses was from increased payroll and overhead costs associated with the employment of additional staff, and approximately $1.9 million of the increase was from increased professional fees related to the protection of intellectual property and other legal and accounting matters.

In 1999, we commenced and substantially completed consolidation of certain operations in an attempt to achieve operational efficiency. We recorded costs of $11.4 million associated with this restructuring during 1999. These costs consisted primarily of severance costs and other direct costs of $9.4 million for employees who were employed primarily in research and development and general and administrative activities for the formerly separate operations of IDI, and facility exit costs of $2.0 million. Facility exit costs consist primarily of estimated shortfalls of sublease rental income compared to minimum lease payments due under a lease agreement. Costs of approximately $2.9 million were accrued and unpaid at December 31, 1999 and consisted of facility exit costs of $1.7 million and termination benefits and other direct costs, payable through the third quarter of 2000, of $1.2 million.

Interest income increased 15.3% in 1999 to $10.0 million from $8.7 million in 1998. The increase is primarily due to interest earned on higher cash and marketable securities balances.

Income from investing activities increased approximately 700% in 1999 to $286.0 million from $35.4 million in 1998. Income from investing activities in 1999 arose primarily from the sale of VeriSign common stock and the sale of Trintech ordinary shares and an increase in value of VeriSign common stock from the write-up under the equity method basis. These gains are net of our equity in VeriSign’s loss and an

investment allowance of $2.5 million on other investments. Until June 30, 1999, we had accounted for our investment in VeriSign under the equity method. After June 1999, investments in VeriSign common stock were accounted for as marketable securities available for sale. We routinely evaluate the realizable value of our investments using qualitative and quantitative factors including discounted cash flow analysis and liquidation value assessments.

The provision for income taxes increased to $119.0 million in 1999 from $23.6 million in 1998, primarily due to higher pre-tax income. Our effective tax rate decreased to 39.3% in 1999 from 45.0% in 1998 primarily due to the effect of state taxes on investment income.

We had $301.9 million in cash and cash equivalents at December 31, 2000, consisting primarily of investments in U.S. Government treasuries and agencies with maturities of less than 90 days. This represents an increase of $179.7 million in cash and cash equivalents during the year ended December 31, 2000 as compared to our cash and cash equivalents balance at December 31, 1999. The elements of the increase in cash and cash equivalents during 2000 include cash provided from operating activities of $3.4 million, cash from sales of marketable securities, net of purchases of marketable securities of $391.8 million, primarily from the sales of VeriSign common stock and Trintech ordinary shares, net cash proceeds from the sale of put options and settlement of forward equity contracts of $16.2 million and cash provided from the proceeds of employee exercises and purchases under our stock option and employee stock purchase plans of $38.3 million. These cash increases were offset by cash used to repurchase our common stock of $217.1 million, cash used to purchase investments of $11.7 million and cash used to purchase property and equipment of $39.5 million, including the purchase of a new facility for our European headquarters.

We expect to receive net cash proceeds of $17.8 million in each of the first three quarters of 2001 upon maturity of each of the forward contracts that are held in Crosby Finance, LLC.

At December 31, 2000, we had an available unused line of credit agreement with a major financial institution. The line of credit provides for up to $10.0 million in borrowing at either fixed or variable rates linked to either the London Interbank Offered Rate or the Prime Rate, until June 30, 2001, subject to annual extension provisions.

We anticipate that we will continue to make significant expenditures to repurchase our common stock. We have maintained common stock repurchase programs since October 1998. Under the current program, we are authorized to repurchase up to 9.75 million shares of our common stock through October 3, 2001. Repurchased shares are used for stock option and employee stock purchase plans, and for general corporate purposes. We purchased 5.9 million shares of our common stock during the year ended December 31, 2000, for an aggregate amount of $217.1 million, or an average cost of $36.78 per share.

During the year ended December 31, 2000, we received $17.6 million from the sale of put options on our common stock and those proceeds were used to facilitate our share repurchase program. The proceeds were recorded as additional paid-in capital. At December 31, 2000, we had outstanding put options covering 2.25 million shares of common stock, at strike prices ranging from $34.23 to $40.85 per share. These options can only be exercised on certain dates, and expire through the second quarter of 2002. We have the option to

We have also entered into forward purchase contracts for 1.5 million shares of our common stock in order to set purchase prices for our future repurchase of shares under our share repurchase program. The contracts have forward purchase prices ranging from $38.40 to $43.30 and provide for quarterly resets of the forward purchase price through the first quarter of 2001. The settlement on a reset date or at the end of the contract is recorded as a component of equity. During 2000, the forward purchase price for 858,750 shares was reset to $38.40 and we paid the net differential of $1.4 million, which has been recorded as a decrease to additional paid-in capital.

In February 2001, we acquired Xcert International, Inc. a company that develops and delivers digital certificate-based products for securing e-business transactions. We acquired all of the outstanding capital stock of Xcert for approximately $67.5 million in cash. The transaction will be accounted for as a purchase.

Our plans for future uses of cash also include additional investments in preferred and common stock of other companies, additional acquisitions of other entities or technologies, and additional purchases of property and equipment.

We believe that cash generated from operating activities will be sufficient to fund our working capital requirements through at least the next twelve months. We anticipate that current cash on hand, cash from sale of marketable securities and the cash generated from the exercise of employee options and employee stock purchase plans, will be adequate to fund our planned capital and financing expenditures for at least the next twelve months.

The effective date of Statement of Financial Accounting Standards (“SFAS”) No. 133, “Accounting for Derivative Instruments and Hedging Activities” and SFAS No. 138 “An Amendment of FASB Statement No. 133” is January 1, 2001. SFAS No. 133 and No. 138 will require us to recognize all derivatives on the balance sheet at fair value. Derivatives that are not hedges must be adjusted to fair value through income. If a derivative is a hedge, depending on the nature of the hedge, changes in the fair value of the derivative will either be offset against the change in fair value of hedged assets, liabilities, or firm commitments through earnings or recognized in accumulated other comprehensive income until the hedged item is recognized in earnings. The ineffective portion, if any, of a derivative’s change in fair value will be immediately recognized in earnings. As of the effective date, SFAS No. 133 and amendments will not have a material effect on our consolidated financial position, results of operations or cash flows.

During 2000, the Emerging Issues Task Force (“EITF”) issued Issue No. 00-7, “Application of EITF Issue No. 96-13, Accounting for Derivative Financial Instruments Indexed to, and Potentially Settled in, a Company’s Own Stock, to Equity Derivative Transactions that Contain Certain Provisions that Require Cash Settlement if Certain Events Occur” and EITF Issue No. 00-19, “Determination of Whether Share Settlement is Within the Control of the Issuer for Purposes of Applying Issue No. 96-13.” EITF No. 00-7 addresses embedded settlement features and stated that contracts which could require cash payment cannot be accounted for as equity of the issuer. EITF No. 00-19 stated that equity contracts could be recorded as equity of the issuer provided the contract meets EITF No. 00-7 requirements and the issuer has enough available shares to satisfy the settlement terms of the contract. If the issuer does not have enough available shares to satisfy the contract, the issuer would be required to reclassify the contract, or portion of the contract, as a liability. The adoption of EITF No. 00-7 and EITF No. 00-19 did not have a material impact on our consolidated financial position, results of operations or cash flows.


	Gains from sales of VeriSign common stock of $27,038, $31,072, $27,965 and $46,000 in the first, second, third and fourth quarters of 2000, respectively. Gain from the contribution of VeriSign shares to Crosby Finance, LLC of $101,427 in the fourth quarter of 2000. Gains from sales of VeriSign common stock of $74,489, $54,802, $86,837 and $60,177 in the first, second, third and fourth quarters of 1999, respectively. The Company’s proportionate share of VeriSign’s quarterly losses of $358 and $167 for the first and second quarters of 1999, respectively. Gains from the write-up under the equity method of the Company’s investment in VeriSign of $12,576 in the second quarter of 1999. Losses relating to the investment valuation allowance on the Company’s investments of $2,537 in the third quarter of 1999.

	Gains from sales of Trintech ordinary shares of $13,941, $23,013 and $2,397 in the second, third and fourth quarters of 2000, respectively, and $133 in the fourth quarter of 1999.

	Loss from sale of other investments of $474 in the fourth quarter of 2000.

	Costs associated with the Company’s corporate rebranding of $5,363 and $7,137 in the third and fourth quarters of 1999, respectively. Costs associated with RSA Capital were $354, $789, $1,193 and $1,570 in the first, second, third and fourth quarters of 2000, respectively, and $147 in the fourth quarter of 1999.

	Costs associated with the Company’s restructuring of $6,550, $3,800 and $1,000 for the first, third and fourth quarters of 1999, respectively. Revised estimates associated with the Company’s restructuring resulted in a reversal of accrued restructuring costs of $2,079 during the second quarter of 2000.

	Income tax provisions for non-recurring items were $10,684, $18,420, $19,950 and $54,818 in the first, second, third and fourth quarters of 2000, respectively, and $31,644, $30,173, $23,972, and $20,757 in the first, second, third and fourth quarters of 1999, respectively.

Our operating results tend to fluctuate from quarter to quarter. Our quarterly operating results may vary significantly from quarter to quarter depending on a number of factors, including, among other factors:


	•	the size, timing and shipment of individual orders for our products;

	•	customers deferring their orders in anticipation of new products;

	•	changes in our operating expenses;

	•	the timing of the introduction or enhancement of our products and our competitors’ products;

	•	market acceptance of new products;

	•	changes in the mix of products sold;

	•	foreign currency exchange rates;

	•	changes in product pricing, including changes in competitors’ pricing policies;

	•	development of our direct and indirect distribution channels;

	•	integration of any future acquisitions;

	•	the timing of personnel departures and new hires and the rate at which new personnel become productive; and

	•	general economic conditions.

We may not be able to grow or sustain our profitability from quarter to quarter. Because our operating expenses are based on anticipated revenue levels and a high percentage of our expenses are fixed, a small variation in when revenue is recognized or recognizable can cause significant variations in operating results from quarter to quarter.

In addition, some market analysts and economists have recently predicted that the U.S. economy may be weakening. A general economic slowdown could have serious consequences for our business and operating results. Among other things, a general economic slowdown could reduce our working capital by causing our customers and potential customers to stop buying our products and services, causing a reduction in the value of our investments and making it more difficult for us to raise capital by selling our stock to investors.

Our stock price has been volatile and is likely to remain volatile. During 2000, our stock price ranged from a per share high of $62.04 to a low of $23.50, as adjusted to reflect the three-for-two stock split declared in February 2001. At the close of the market on February 7, 2001, our stock price was $38.67, adjusted to reflect the three-for-two stock split declared in February 2001. Announcements, litigation developments and our ability to meet the expectations of brokerage firms, industry analysts and investors with respect to our operating and financial results may contribute to this volatility. We may not discover, or be able to confirm, revenue or earnings shortfalls until the end of a quarter, which may result in an immediate drop in our stock price. Securities class action litigation is often instituted against publicly traded companies after a period of volatility in the market price of the companies’ securities. In December 1998, some of our stockholders filed a class action against us and some of our officers and directors. This litigation, and other litigation if instituted, could result in substantial costs and a diversion of our management’s attention and resources.

Demand for our products depends highly on the continued growth of the market for e-security solutions. The market for e-security solutions is at an early stage of development. Demand for our products depends on, among other things:


	•	the continued evolution of electronic commerce as a viable means of conducting business;

	•	the ability of network infrastructures to support an increasing number of users and services;

	•	the public’s perception of the need for secure electronic commerce and communications over computer networks;

	•	market acceptance and use of public and private key cryptography, digital signatures and digital certificates in communication and commerce;


	•	the perceived quality, price, availability and interoperability of our products over our competitors’ products;

	•	the pace of technological change, both in the development and use of computer networks generally and in the hardware and software environments in which our products operate, and our ability to keep up with these changes; and

	•	general economic conditions.

A well-publicized actual or perceived breach of network or data security could trigger a heightened awareness of computer abuse, resulting in an increased demand for security products such as those we offer. On the other hand, an actual or perceived breach of network or data security at our facilities or at a customer’s facilities, whether or not caused by the failure of one of our products, could hurt our reputation and cause potential customers to turn to our competitors’ products.

Electronic security technologies are under constant attack. The strength of our cryptographic and other e-security technologies is constantly being tested by computer professionals, academics and “hackers.” Any significant advance in the techniques for attacking cryptographic systems could make some or all of our products obsolete or unmarketable. Our cryptographic systems depend in part on the application of certain mathematical principles. The security afforded by our encryption products is based on the assumption that the “factoring” of the composite of large prime numbers is difficult. If an “easy factoring method” were developed, then the security of our encryption products would be reduced or eliminated. Even if no breakthroughs in factoring are discovered, factoring problems can theoretically be solved by a computer system significantly faster and more powerful than those currently available. If these improved techniques for attacking cryptographic systems are ever developed, our business or results of operations could be adversely impacted.

In addition, our RSA ACE/ Server software and RSA SecurID authenticators contain a proprietary algorithm. From time to time, we have learned of attempts by third parties to reverse engineer this algorithm to find vulnerabilities. If a third party successfully “hacks” the algorithm and makes its findings public, then we may need to dedicate engineering and other resources to eliminate the published vulnerabilities. In addition, some of our customers could require that we replace some or all of their RSA SecurID authenticators with authenticators containing a more secure algorithm. If we are required to make these replacements or if we cannot address the vulnerabilities in our algorithm in a timely fashion, then our business and results of operations could be adversely impacted.

Changes in e-security technology and standards could render our products obsolete. The market for e-security products is rapidly evolving. E-security technology is constantly changing as we and our competitors introduce new products and retire old ones and as customer requirements quickly develop and change.

In addition, the standards for e-commerce and network security continue to evolve. If any segments of our market adopt technologies or standards that are inconsistent with our products and technology, sales of our products in those market segments could decline.

Our future success will depend in part upon our ability to enhance our existing products and to introduce new, competitively priced products with features that meet changing customer requirements, all in a timely and cost-effective manner. However, we may not be successful in introducing new or enhanced products. A number of factors, including the following, could have a negative impact on the success of our products:


	•	quality, reliability or security failure problems, which could result in returns, delays in collecting accounts receivable, unexpected service or warranty expenses, reduced orders and a decline in our competitive position;

	•	delays or difficulties in product development;

	•	undetected software errors or bugs in the final products shipped to our customers, which could cause market acceptance of our products to be lost or delayed, recalls of hardware products incorporating the software or loss of data;


	•	our competitors’ introduction of their new products ahead of our new products, or their introduction of superior or cheaper products;

	•	the market’s failure to accept new technologies, including digital certificate and public and private key management technologies;

	•	our failure to include features in our products that our customers or U.S. or foreign government regulators may require;

	•	our failure to anticipate changes in customers’ requirements; and

	•	the implementation of standards that are inconsistent with the technology embodied in our products.

We may need to purchase or license technology from third parties in order to introduce new products or enhance our existing products. We may not be able to find businesses that have the technology we need and, if we find such businesses, may not be able to purchase or license the technology on commercially favorable terms or at all.

Some of our products have long sales cycles. Transactions for some of our products, especially our PKI products, often involve large expenditures by our customers. Some of our customers may also need to invest substantial resources and modify their computer network infrastructures to take advantage of our products. Therefore, the sales cycles for these transactions are often lengthy and unpredictable, and the long nature of the sales cycles may impact our quarterly results of operations. The sales cycles for these transactions are subject to a number of uncertainties such as:


	•	customers’ budgetary constraints;

	•	the education of our customers regarding our products’ capabilities;

	•	customers’ willingness to make changes in their network infrastructure to take advantage of our products;

	•	the timing of customers’ budget cycles; and

	•	customers’ internal review process.

The market and distribution channels for our products are evolving. As new distribution channels evolve, we may need to adjust our sales strategy to address these channels. For example, many businesses are choosing to “rent” access to enterprise applications from application service providers and other vendors, rather than buying the applications and investing the resources required to set up their own computer networks. Our failure to anticipate new markets or changes in the existing markets for our products could hurt our market share and revenue if our competitors begin selling into the new or expanded market before we do.

We must manage our growth. Our business has grown significantly in size and complexity over the last few years. For example, since 1998 we have nearly doubled the number of people we employ and have added new facilities and significantly expanded our existing facilities in a number of U.S. and non-U.S. geographic regions. This growth has placed, and may continue to place, a significant strain on our management and operations. In addition, our personnel, systems, procedures and controls may not be adequate to support our growth. The geographic dispersal of our operations may also make it more difficult to manage our growth.

We may need to make acquisitions to remain competitive, and acquisitions may hurt our business. A component of our business strategy is to seek to buy businesses, products and technologies that complement or augment our existing businesses, products and technologies. Acquisitions are difficult to identify and complete for a number of reasons, including the cost of potential transactions, competition among prospective buyers and the need for regulatory approvals. We may not be able to complete any given acquisition. Furthermore, in order to finance a potential acquisition, we may need to raise additional funds by selling our stock or borrowing money. We may not be able to find financing on favorable terms, and the sale of our stock may result in the dilution of our existing stockholders.

Even if we do complete any given acquisition, the integration of the business and operations of the acquiree into our business and operations is a complex, time consuming and expensive process. Before any acquisition, each company has its own business, culture, customers, employees and systems. Following an acquisition, we and the acquiree must operate as a combined organization using common communication systems, operating procedures, financial controls and human resource practices. In order to successfully integrate acquired companies, we must, among other things, successfully:


	•	attract and retain key management and other personnel;

	•	integrate, both from an engineering and a sales and marketing perspective, the acquired products into our suite of product offerings;

	•	coordinate research and development efforts;

	•	integrate sales forces; and

	•	consolidate duplicate facilities.

An acquisition may disrupt ongoing operations, divert our management from day-to-day business, impair our relationships with our employees, customers and strategic partners and adversely impact our results of operations. In addition, these types of transactions often result in charges to earnings for such things as transaction expenses, amortization of goodwill, or expensing of in-process research and development expenses.


	•	established e-security companies that currently offer network security products or services;

	•	newly organized e-security companies that are developing new, competitive products and technologies; and

	•	established computer hardware and software companies that introduce their own network security products, either separately or bundled with their existing hardware or software products.

Some of our current and potential competitors have significantly greater financial, marketing and technical resources than we do. As a result, they may be able to leverage an installed customer base, adapt more quickly to new technologies and changes in customer requirements, or devote greater resources to the promotion and sale of their products than we can. We believe that we need to continue investing in research and development and sales and marketing in order to maintain our competitive position. We may not have sufficient resources to make these investments and may not be able to make the technological advances necessary to maintain our competitive position.

In addition, current and potential competitors may establish collaborative relationships to address the security needs of our prospective customers. Accordingly, new competitors or alliances that emerge could pose unforeseen competitive threats. Increased competition could result in lower prices, reduced margins or the failure of our products to achieve or maintain market acceptance.

We must establish and maintain strategic relationships. One of our business strategies is to enter into strategic marketing alliances or other similar collaborative relationships in order to reach a larger customer base than we could reach alone through our direct sales and marketing efforts. If we cannot create relationships with strategic partners, then we will need to devote more resources to sales and marketing. In addition, we need to create relationships with third parties, including some of our competitors, to ensure that our products will interoperate with the third parties’ products. If our products do not work with third parties’ products used by our customers and potential customers, then our products could lose or fail to achieve market acceptance.

We also license some of the technology contained in our products from third parties. For example, we license from Progress Software Corporation the relational database management software contained in our RSA ACE/ Server and RSA Keon software, and we rely on Progress Software for ongoing maintenance and support for the licensed software. If any of the technology that we license were to fail or experience significant problems, then we would not be able to fix the problem without the support of the third party licensor.

We may not be able to find appropriate strategic partners or may not be able to enter into potential relationships on commercially favorable terms. Furthermore, the relationships we do enter into may not be successful. Since our strategic relationships are generally non-exclusive, our strategic partners may decide to pursue alternative technologies or to develop alternative products in addition to or instead of our products, either on their own or in collaboration with our competitors.

International sales make up a significant portion of our business. International sales accounted for more than 30% of our revenue in each of the years ended December 31, 1998, 1999 and 2000. We intend to expand our international operations and international sales and marketing activities, and this expansion requires significant management attention and resources. We may also need to tailor or “localize” our products in order to compete in particular international markets and to comply with foreign laws. We may not be able to develop, market and distribute localized versions of our products in a timely manner or at all.

In addition, there are certain risks inherent in doing business internationally, including:


	•	foreign regulatory requirements;

	•	legal uncertainty regarding liability;

	•	export and import restrictions on cryptographic technology and products incorporating that technology;

	•	difficulties and delays in establishing international distribution channels;

	•	difficulties in collecting international accounts receivable;

	•	fluctuations in currency exchange rates;

	•	potentially adverse tax consequences, including restrictions on the repatriation of earnings;

	•	the burdens of complying with a wide variety of foreign laws;

	•	tariffs and other trade barriers;

	•	difficulties in enforcement of intellectual property rights; and

	•	political instability.

If we fail to protect our rights in our proprietary technology, competitors may use our technology, which could weaken our competitive position, reduce our revenue and increase our costs. We rely on a combination of patent, trade secret, copyright and trademark laws, software licenses, nondisclosure agreements and technical measures to protect our proprietary technology. We also generally enter into confidentiality or license agreements with our employees, distributors and strategic partners as well as with our customers and potential customers seeking proprietary information, and limit access to and distribution of our software, documentation and other proprietary information. However, despite our efforts to protect our proprietary rights, unauthorized third parties may nonetheless succeed at:


	•	copying aspects of our products;

	•	obtaining and using information that we regard as proprietary; or

	•	infringing upon our patents and other proprietary rights.

We rely on patents to protect our proprietary rights in our technology, but it is possible that any patent that we or our licensors hold might be invalidated, circumvented, challenged or terminated. It is also possible that patent examiners might reject the claims described in our pending or future patent applications. In addition, the laws of some countries in which our products are now, or may in the future be, developed or sold may not protect our products and intellectual property rights to the same extent as the laws of the United States. Our inability to adequately protect our intellectual property could have a significant negative effect on our financial condition and results of operations.

Our issued U.S. patents expire at various dates ranging from 2005 to 2018. When each of our patents expires, competitors may develop and sell products based on the same or similar technologies as those covered by the expired patent. For example, an important patent covering the RSA public key cryptosystem, which was developed at the Massachusetts Institute of Technology (U.S. Patent No. 4,405,829) and licensed exclusively to RSA Security, expired on September 20, 2000. An implementation of the cryptographic algorithm described in this patent is embodied in our RSA BSAFE cryptographic products. We believe that

the expiration of this patent may encourage competitors to market competing products that previously would have infringed the patent, which could result in lower prices, reduced margins or the failure of our products to achieve or maintain market acceptance.

The e-security industry is highly litigious. From time to time, we have been involved in disputes with third parties who allege that our products may infringe the intellectual property rights held by the third parties. Any litigation carries a number of significant risks, including:


	•	litigation is often very expensive, even if it is resolved in our favor;

	•	litigation diverts the attention of management and other resources; and

	•	if a court or other government agency rules against us in any intellectual property litigation, we might be required to:


	•	discontinue the use of certain processes,

	•	cease the manufacture, use and sale of infringing products,

	•	expend significant resources to develop non-infringing technology,

	•	obtain licenses to the infringing technology, or

	•	pay significant monetary damages.

We depend heavily on key, talented employees in a competitive labor market. Our success depends on our ability to attract, motivate and retain highly skilled technical, managerial and marketing personnel. In some areas of the United States and in some foreign countries, the demand for these kinds of employees exceeds the supply, and many firms are competing for the few employees with the skills we need. We believe that our compensation plans are competitive, but we may not be able to hire and retain the employees we need. In addition, we do not have employment agreements with most of our key employees and do not maintain keyperson life insurance for any of our key employees.

We depend on a limited number of suppliers for some of our product components. Although we generally use standard parts and components for our products, some components are currently available only from limited sources. For example, Sanyo Electric Co., Ltd. and Epson Electronics are our only suppliers for the microprocessor chips contained in our RSA SecurID products. If our suppliers were unable to provide us with a sufficient supply of these or any other components, then we may be unable to fill customer orders and would have to expend significant resources to find new suppliers. Even if we were able to find new suppliers, these suppliers may not be able to produce the components in sufficient quantities or at competitive prices.

We may incur significant costs to avoid investment company status and may suffer serious harm if deemed to be an investment company. Some of our equity investments in other businesses and in RSA Ventures, our venture capital fund, may constitute investment securities under the Investment Company Act of 1940. A company may be deemed to be an investment company if it owns investment securities with a value exceeding 40% of its total assets. Investment companies must register under and comply with the Investment Company Act unless a particular exclusion or safe harbor provision applies or the company obtains exemptive relief from the Securities and Exchange Commission. If we were deemed to be an investment company, we would become subject to the requirements of the Investment Company Act, which could have a number of serious consequences, including:


	•	we would be prohibited from engaging in business or issuing our securities as we have in the past;

	•	we might be subject to civil and criminal penalties for failure to comply with the Investment Company Act;

	•	some of our contracts might be voidable; and

	•	a court-appointed receiver could take control of RSA Security and liquidate our business.

Although our investment securities currently comprise less than 40% of our total assets, fluctuations in the value of these securities or of our other assets could cause us to exceed this limit. Unless an exclusion from or safe harbor under the Investment Company Act were available to us or we obtained exemptive relief from the SEC, we would have to attempt to reduce our investment securities as a percentage of our total assets,

either by selling some or all of our investment securities or by acquiring non-investment security assets. If we attempt to sell our investment security assets, we may be forced to do so at reduced prices and incur losses or we may incur tax liabilities as a result of the sales. Also, we may be unable to sell some of our investment securities because of legal or contractual restrictions, and there is no assurance that we could find a suitable buyer. If we attempt to buy non-investment security assets, we may not be able to identify or acquire suitable assets on commercially favorable terms or at all.

The value of our business may fluctuate because the value of some of our assets fluctuates. A portion of our assets includes the equity securities of both publicly traded and non-publicly traded companies. The market price and valuations of the securities we hold may fluctuate due to market conditions and other conditions over which we have no control, and these fluctuations may result in fluctuations of the market price of our common stock and may reduce the amount of working capital available to us. In addition, the securities of the private companies in which we invest are generally illiquid, and if these private companies never achieve a liquidity event, such as a public offering or an acquisition, then we may never realize a gain on our investment or even recoup the cost of our investment.

Our stockholder rights plan and some provisions of our charter may inhibit potential acquisition bids. We have a classified Board of Directors and have also adopted a Stockholders Rights Plan, both of which could make it more difficult for a potential acquiror to complete a merger, tender offer or proxy contest involving RSA Security. While these provisions are intended to enable the Board to maximize stockholder value, they may have the effect of discouraging takeovers that could be in the best interest of certain stockholders and may therefore have an adverse effect on the market price of our common stock.

We are exposed to a variety of risks, including changes in the market value of our investments, our common stock and foreign exchange rates. Market fluctuations could impact our results of operations and financial condition. In the normal course of business, we employ established policies and procedures to manage these risks.

We generally purchase our marketable securities in high credit quality instruments, primarily U.S. Treasury and government agency obligations, tax-exempt municipal obligations and money market investments with contractual maturities of two years or less. We do not expect any material loss from our marketable securities investments and therefore believe that our potential interest rate exposure is not material. We routinely evaluate the realizable value of these investments using qualitative and quantitative factors including discounted cash flow analysis and liquidation value assessments.

Marketable securities are recorded on the balance sheet at fair value with unrealized gains and losses recorded in the other comprehensive income section of stockholders’ equity. The values recorded for the publicly traded companies are subject to market price volatility. A 20% decrease in the fair value of our marketable securities at December 31, 2000 would not have a material effect on our financial position, results of operations or cash flows.

We also make equity investments determined by our Board of Directors. These investments are either not publicly traded or are publicly traded but we are currently restricted from selling our shares. These investments are recorded as long term investments on the balance sheet and are carried at cost, as long as our ownership interest is below 20%. We monitor these investments for impairment and make appropriate reductions in carrying values when necessary or mark the investment to fair value and reclass them to marketable securities when appropriate.

Crosby Finance, LLC, of which we are a 99% member, holds shares of VeriSign common stock, three forward contracts and a variable delivery forward contract (“Derivative Instruments”). We expect to receive cash proceeds of $17.8 million and net gains of approximately $13.8 million in each of the first three quarters of 2001 from the settlement of the forward contracts held by the LLC. The variable delivery forward contract held by the LLC will settle in January 2006, and during the period outstanding, could cause us to recognize a loss, if the underlying value of the equity securities becomes impaired. The Derivative Instruments provide

protection against a portion of the market risk associated with the securities in exchange for our foregoing a portion of the potential price appreciation of the securities. We routinely assess the realizable value of our interest in the LLC and do not expect any material loss from our interest in the LLC.

During 2000, we entered into equity instrument contracts indexed to our common stock including put options and forward purchase contracts. These equity instruments are designed to facilitate the repurchase of our common stock and to minimize the effects of employee stock options and employee stock purchase plan exercises on the dilution of earnings per share. If there is a significant decrease in the market value of our common stock, we could be required to settle the contracts and this could have a dilutive effect on our earnings per share. These contracts will not have an impact on our results of operations. See Note 7 of the Notes to Consolidated Financial Statements.

Through December 31, 2000, foreign currency fluctuations have not had a material impact on our financial position or results of operations and historically, we have not entered into foreign currency hedge transactions. Our direct sales to our customers in countries outside of the United States are primarily denominated in the local currency. Our sales through indirect distribution channels are generally denominated in U.S. dollars. Between the time customers are invoiced in local currency until collection occurs we are exposed to foreign exchange rate fluctuations. This exposure is offset by our use of local currency for operating expenses incurred in those countries. Fluctuations in currency exchange rates could affect the profitability and cash flows in U.S. dollars of our products sold in international markets, however, we believe that our potential foreign currency exchange rate exposure is not material.

The foregoing risk management discussion and the effects thereof are forward-looking statements. Actual results in the future may differ materially from these projected results due to actual developments in global financial markets. The analytical methods we use to assess and mitigate risk discussed above should not be considered projections of future events or losses.

To the Board of Directors and Stockholders of
RSA Security Inc. and Subsidiaries:

Management is responsible for preparing the RSA Security Inc. financial statements and the other information that appears in this annual report. Management believes that the financial statements fairly reflect the form and substance of transactions and reasonably present the Company’s financial condition and results of operations in conformity with generally accepted accounting principles. Management has included in the Company’s financial statements amounts that are based on estimates and judgments, which it believes are reasonable under the circumstances.

The Company maintains a system of internal accounting policies, procedures, and controls intended to provide reasonable assurance, at appropriate cost, that transactions are executed in accordance with Company authorization and are properly recorded and reported in the financial statements, and that assets are adequately safeguarded.

Deloitte & Touche LLP audits the Company’s financial statements in accordance with auditing standards generally accepted in the United States of America and as part of that audit provides an objective, independent review of the Company’s internal controls and the fairness of its reported financial condition and results of operations.

The RSA Security Inc. Board of Directors has an Audit Committee composed of nonmanagement Directors. The Committee meets with financial management and the independent auditors to review internal accounting controls and accounting, auditing, and financial reporting matters.


	/s/ ARTHUR W. COVIELLO, JR.

	Arthur W. Coviello, Jr. Chief Executive Officer and President

	/s/ JOHN F. KENNEDY

	John F. Kennedy Senior Vice President, Finance and Operations, Chief Financial Officer and Treasurer

To the Board of Directors and Stockholders of
RSA Security Inc. and Subsidiaries:

We have audited the accompanying consolidated balance sheets of RSA Security Inc. and subsidiaries as of December 31, 2000 and 1999, and the related consolidated statements of income, stockholders’ equity, and cash flows for each of the three years in the period ended December 31, 2000. Our audits also included the financial statement schedule listed in Item 14 (a) (2). These financial statements and financial statement schedule are the responsibility of the Company’s management. Our responsibility is to express an opinion on the financial statements and financial statement schedule based on our audits.

We conducted our audits in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.

In our opinion, such consolidated financial statements present fairly, in all material respects, the financial position of RSA Security Inc. and subsidiaries as of December 31, 2000 and 1999, and the results of their operations and their cash flows for each of the three years in the period ended December 31, 2000 in conformity with accounting principles generally accepted in the United States of America. Also, in our opinion, such financial statement schedule, when considered in relation to the basic consolidated financial statements taken as a whole, presents fairly in all material respects the information set forth therein.

[Continued from above table, first column(s) repeated]


	Total
	Stockholders’
	Equity

Balance January 1, 1998	$	200,653




Issuance of common stock		9,271




Foreign acquisition tax benefit		13,835




Stock compensation		1,983




Share repurchase program		(12,135	)




Comprehensive income




Translation adjustment		(425	)




Unrealized gain on marketable securities, net		123




Net income		29,415

Total comprehensive income		29,113

Balance, December 31, 1998		242,720




Issuance of common stock and warrants		49,748




Stock compensation		1,128




Share repurchase program		(102,973	)




Comprehensive income




Translation adjustment		(147	)




Unrealized gain on marketable securities, net		236,786




Net income		183,762

Total comprehensive income		420,401

Balance, December 31, 1999		611,024




Issuance of common stock and warrants		68,519




Stock compensation		563




Share repurchase program		(217,074	)




Put option premiums		17,630




Equity of forward equity contracts		(1,447	)




Comprehensive income




Translation adjustment		(1,381	)




Unrealized loss on marketable securities, net		(202,593	)




Net income		205,763

Total comprehensive income		1,789

Balance, December 31, 2000	$	481,004

Nature of Business — RSA Security Inc. and its subsidiaries (the “Company”) is a leading provider of electronic security (“e-security”) solutions. The Company helps organizations secure the authenticity of the people, devices and transactions involved in electronic business (“e-business”) through the use of its authentication, encryption and public key infrastructure (“PKI”) solutions. The Company sells to Enterprise customers seeking turnkey security solutions, and to Developers seeking software development components for embedding security in software applications or hardware devices. In additional to providing e-security solutions, in January 2000 the Company formed its RSA Capital segment, whose activities relate to existing and future investments in e-businesses and other technology companies.

Principles of Consolidation — The consolidated financial statements include the accounts of the Company and its subsidiaries. All significant intercompany accounts and transactions have been eliminated. Minority stockholders owned an aggregate 26% of the Company’s Japanese subsidiary until November 1999 when the Company purchased the interests for $3,600. The excess purchase price over fair value of assets of $1,096 was recorded as goodwill and is being amortized over ten years.

Revenue Recognition — Revenue is recognized when earned. The Company’s revenue recognition policies are in compliance with all applicable accounting regulations, including the American Institute of Certified Public Accountants (“AICPA”) Statement of Position (“SOP”) 97-2, “Software Revenue Recognition” and SOP 98-9, “Modification of SOP 97-2 With Respect to Certain Transactions.” Revenue from products is recognized when persuasive evidence of an arrangement exists, delivery has occurred, the fee is fixed and determinable, and collectibility is probable. Revenue from shipments to distributors is recognized upon receipt of evidence of sale to end-users. Revenue from licensing other intellectual property is recognized when evidence of an arrangement exists, the fee is fixed or determinable and collection is considered probable. When arrangements contain multiple elements and vendor specific objective evidence exists for all undelivered elements, the Company recognizes revenue for the delivered elements using the residual method. For arrangements containing multiple elements wherein vendor specific objective evidence does not exist for all undelivered elements, revenue for the delivered and undelivered elements is deferred until vendor specific objective evidence exists or all elements have been delivered. Maintenance services revenue, whether sold separately or as part of a multiple element arrangement, is deferred and recognized ratably over the term of the maintenance contract, generally twelve months. Professional service revenue is recognized as services are provided. No customer accounted for 5% or more of the Company’s revenue in any period reported.

Warranty Policy — Reserves are provided for warranties based upon historical experience.

Cash Equivalents — All highly liquid investments purchased with a remaining maturity of three months or less are considered cash equivalents.

Inventory — Inventory consists primarily of RSA SecurID authenticators and is stated at the lower of cost (first-in, first-out method) or market.

Property and Equipment — Property and equipment are stated at cost. Furniture and equipment are depreciated by the straight-line method over the estimated useful lives of the assets, generally two to ten years. Leasehold improvements are depreciated by the straight-line method over the lease term or estimated useful life of the related asset, whichever is shorter. Buildings are depreciated over fifty years, or the estimated useful life of the asset. Property and equipment sold or retired is eliminated from the accounts in the year of disposition and the resulting gain or loss is reflected in earnings. The carrying value of all property and equipment is evaluated periodically to determine if adjustment to the useful life or to the net book value is needed.

Financial Instruments — The carrying amounts of cash and cash equivalents, accounts receivable and accounts payable approximate fair value due to the short-term nature of these instruments.

Marketable securities, including publicly traded securities whose sale is not prohibited by contractual or statutory restrictions, are classified as “available for sale” and recorded at market using the specific identification method. Unrealized gains and losses are included in accumulated other comprehensive income, net of tax effects. Realized gains are determined based on the specific identified cost of the securities. The Company accounts for its investment in Crosby Finance, LLC under Emerging Issues Task Force (“EITF”) Issue No. 96-12, “Recognition of Interest Income and Balance Sheet Classification of Structured Notes,” and has been classified as a held to maturity security and is recorded in investments in the consolidated balance sheet at December 31, 2000.

Investments where ownership is less than 20% and the Company does not have significant influence on the operating or financial decisions of the investee are accounted for using the cost method. Investments where the Company does have significant influence on the operating or financial decisions of the investee, but which are not majority-owned or controlled, are accounted for using the equity method. Certain events, such as an initial public offering, could result in the reclassification of an investment to an available for sale marketable security.

Through November 2000, derivative financial instruments were used to hedge the Company’s investment in VeriSign and were, therefore, held primarily for purposes other than trading. During November 2000 the Company exercised its right to terminate the derivative financial instruments used to hedge its position in VeriSign, and subsequently transferred its investment in VeriSign into Crosby Finance, LLC, a bankruptcy-remote, qualifying special purpose entity, of which the Company holds a 99% interest. The Company monitors its positions and the credit quality of counterparties, consisting primarily of major financial institutions, and does not anticipate nonperformance by any counterparty.

The Company routinely evaluates the realizable value of its financial instruments using qualitative and quantitative factors including discounted cash flow analysis and liquidation value assessments.

Impairment of Long-lived Assets — The recoverability of long-lived assets is periodically assessed by comparing the undiscounted cash flows expected to be generated to the carrying value. If the sum of the undiscounted cash flows is less than the carrying value of the assets, an impairment charge is recognized.

Research and Development — Research and development costs are expensed as incurred. Statement of Financial Accounting Standards (“SFAS”) No. 86, “Accounting for the Costs of Computer Software to be Sold, Leased or Otherwise Marketed,” does not materially affect the Company.

Advertising — Advertising costs are expensed as incurred and were approximately $837, $2,484 and $5,548 in 1998, 1999 and 2000, respectively.

Income Taxes — The liability method is used for income taxes. Deferred taxes are determined based on the estimated future tax effects of differences between the financial statement and tax bases of assets and liabilities given the provisions of the enacted tax laws. Taxes are provided on the undistributed earnings of foreign subsidiaries, which are ultimately expected to be remitted to the parent company. Unrecognized provisions for taxes on undistributed earnings of foreign subsidiaries which are considered permanently invested are not material to the Company’s consolidated financial position or results of operations. Valuation allowances are provided against net deferred tax assets, if based upon the available evidence, it is more likely than not that some or all of the deferred tax assets will not be realized. The ultimate realization of deferred tax assets is dependent upon the generation of future taxable income and when temporary differences become deductible. Management considers, among other available information, scheduled reversals of deferred tax liabilities, projected future taxable income, and other matters in making this assessment.

Foreign Currency — The financial statements of the Company’s foreign branches and subsidiaries are measured using the local currencies as the functional currencies. Assets and liabilities of these branches and subsidiaries are translated to their U.S. dollar equivalents at balance sheet date exchange rates and translation adjustments are recorded in accumulated other comprehensive income on the balance sheet. Income statements of foreign branches and subsidiaries are translated from functional currencies to U.S. dollar equivalents at average exchange rates in effect during the year and any gain or loss from these translations are also included in accumulated other comprehensive income on the balance sheet. Foreign currency transaction gains and losses are included in the measurement of consolidated net income.

Earnings Per Share — Basic earnings per share is computed using net income less financing costs on forward equity contracts divided by the weighted average number of common shares outstanding. Diluted earnings per common share is computed using the weighted average number of common shares outstanding plus the effect of potential outstanding common shares, including options, warrants and forward equity contracts using the “treasury stock” method.

Treasury Stock — Shares of the Company’s common stock that are repurchased are recorded in treasury stock at cost and included as a component of stockholders’ equity. The Company relieves the costs associated with the reissuance of shares of common stock out of treasury using the first-in first-out method.

Use of Estimates — The preparation of the Company’s consolidated financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the financial statements and the reported amounts of revenue and expenses during the reporting periods. Actual results could differ from those estimates.

Concentration of Credit Risk — The Company provides enterprise network and data security solutions to various customers in diverse industries. The Company performs ongoing credit evaluations of its customers and maintains allowances for potential credit losses. The Company has a non-recourse arrangement with a major financial institution, under which the Company’s customers are able to obtain financing directly from the financial institution.

Stock-Based Compensation Plans — Stock-based compensation cost is accounted for in accordance with Accounting Principles Board Opinion No. 25, “Accounting for Stock Issued to Employees.” Accordingly, no accounting recognition is given to stock options granted at fair market value until they are exercised. Upon exercise, net proceeds, including the tax benefits realized, are credited to equity. The pro forma impact on earnings per share has been disclosed as required by SFAS No. 123.

Reclassification — Certain prior year amounts have been reclassified to conform with the 2000 presentation.

New Accounting Pronouncements — The effective date of SFAS No. 133, “Accounting for Derivative Instruments and Hedging Activities” and SFAS No. 138, “An Amendment of FASB Statement No. 133,” is January 1, 2001. SFAS No. 133 and No. 138 will require the Company to recognize all derivatives on the balance sheet at fair value. Derivatives that are not hedges must be adjusted to fair value through income. If a derivative is a hedge, depending on the nature of the hedge, changes in the fair value of the derivative will either be offset against the change in fair value of hedged assets, liabilities, or firm commitments through earnings or recognized in accumulated other comprehensive income until the hedged item is recognized in earnings. The ineffective portion, if any, of a derivative’s change in fair value will be immediately recognized in earnings. As of the effective date, SFAS No. 133 and amendments will not have a material effect on the Company’s consolidated financial position, results of operations or cash flows.

During 2000, the EITF issued Issue No. 00-7, “Application of EITF Issue No. 96-13, Accounting for Derivative Financial Instruments Indexed to, and Potentially Settled in, a Company’s Own Stock, to Equity

Derivative Transactions that Contain Certain Provisions that Require Cash Settlement if Certain Events Occur” and EITF Issue No. 00-19, “Determination of Whether Share Settlement is Within the Control of the Issuer for Purposes of Applying Issue No. 96-13.” EITF No. 00-7 addresses embedded settlement features and stated that contracts which could require cash payment cannot be accounted for as equity of the issuer. EITF No. 00-19 stated that equity contracts could be recorded as equity of the issuer provided the contract meets EITF No. 00-7 requirements and the issuer has enough available shares to satisfy the settlement terms of the contract. If the issuer does not have enough available shares to satisfy the contract, the issuer would be required to reclassify the contract, or portion of the contract, as a liability. The adoption of EITF No. 00-7 and EITF No. 00-19 did not have a material impact on the Company’s consolidated financial position, results of operations or cash flows.

On February 1, 2001, the Company’s Board of Directors declared a three-for-two stock split, to be effected in the form of a common stock dividend. Shares are to be distributed on or about March 23, 2001 to stockholders of record on March 9, 2001. All references to common stock and per share amounts in this Annual Report on Form 10-K have been adjusted to reflect the three-for-two common stock split on a retroactive basis.

Debt securities include government and corporate notes and bonds. Equity securities recorded at cost primarily include preferred stock and common stock whose sale is prohibited by contractual or statutory restrictions or not publicly traded. During October 2000, nCipher, Plc completed its initial public offering and the Company reclassified its investment in nCipher to marketable securities.

At December 31, 1999 the Company had 5,500,000 shares of VeriSign, Inc. (“VeriSign”) common stock which were covered by put and call options held by independent third parties. These put options entitled the holders to buy shares of VeriSign common stock and the call options allowed the Company to sell shares of VeriSign common stock on certain dates at specified prices, or permitted a net-share settlement at the Company’s option. The options were recorded at intrinsic value, resulting in an unrealized hedge liability of $686,034 at December 31, 1999. There were no premiums paid for the options. On November 27, 2000, the Company exercised its right to terminate the put and call options on its then remaining 4,000,000 shares of VeriSign common stock. The termination and settlement of the put and call options resulted in the sale and delivery of 1,363,084 shares VeriSign common stock to one of the option counterparties, net cash proceeds to the Company of zero and a net gain of $46,000.

Also on November 27, 2000 the Company entered into three forward contracts and one variable delivery forward contract (the “Derivative Instruments”) with respect to the remaining 2,636,916 shares of VeriSign common stock. The Company then contributed the remaining shares of VeriSign common stock to Crosby Finance, LLC (the “LLC”), of which the Company is a 99% member. The Company, the LLC and the counterparty to the Derivative Instruments concurrently entered into an agreement, pursuant to which all of the Company’s rights and obligations in the Derivative Instruments were assumed by the LLC. The LLC is a bankruptcy-remote qualifying special purpose entity, established to securitize the VeriSign shares, and the transfer has been accounted for as a sale under SFAS No. 125, “Accounting for Transfers and Servicing of Financial Assets and Extinguishments of Liabilities.” Accordingly, the Company does not consolidate the LLC for accounting purposes. The Company realized a pretax gain of $101,435 upon the transfer of the Derivative Instruments to the LLC. The Company is accounting for its interest in the LLC in accordance with EITF No. 96-12, “Recognition of Interest Income and Balance Sheet Classification of Structured Notes” and accordingly, has recognized $157 of interest income in 2000. At December 31, 2000 the Company’s 99% interest in the LLC was $75,996, which has been recorded as a held to maturity security and included in investments.

For 2000, income from investing activities was $272,853, which includes gains from the sale of VeriSign common stock under its put and call program of $86,075, net gain from termination and settlement of its put and call option program of $46,000, gain from sale of assets to the LLC, a qualifying special purpose entity, of $101,427, and gain from sale of Trintech Group Plc. (“Trintech”) ordinary shares of $39,351. For 1999, income from investing activities was $285,952 from sales of marketable securities, which includes gains from the sale of VeriSign common stock and Trintech ordinary shares of $276,438, and an increase in value of VeriSign common stock of $12,576 from the write-up under the equity method. These gains are net of the Company’s equity in VeriSign’s loss of $525 and an investment allowance of $2,537 on other investments.

The following table sets forth the computation of basic and diluted earnings per share for the years ended December 31, 1998, 1999 and 2000:

The 1994 Stock Option Plan, as amended — 1998 Restatement, as amended (“1994 Plan”), allows the Company to grant to its employees, officers, directors and consultants options to purchase common stock intended to qualify as incentive stock options, options that do not qualify as incentive stock options (non-statutory options), restricted stock awards and other stock-based awards. Option exercise prices for incentive stock options granted under the 1994 Plan may not be less than 100% of the fair market value of the shares. In

general, 1994 Plan option grants become exercisable as to 25% on the first anniversary of the grant date, and in equal quarterly amounts thereafter for three years. In general, no installment is exercisable after the fourth anniversary of the date on which such installment first becomes exercisable, and options generally expire eight years from the grant date.

The 1994 Director Stock Option Plan, as amended (“Director Plan”), allows the Company to grant non-statutory stock options to purchase common stock to non-employee members of the Board of Directors. The exercise price of the options may not be less than 100% of the fair market value on the date of the grant. Options granted under the Director Plan become exercisable at the date of grant and expire ten years from the date of grant.

The Amended and Restated 1998 Non-Officer Employee Stock Incentive Plan, as amended (“1998 Plan”), allows the Company to grant non-statutory stock options, restricted stock awards, and other stock-based awards to its employees, consultants and advisors, other than those who are also officers within the meaning of Section 16 of the Securities Exchange Act of 1934, as amended. In general, stock options granted under the 1998 Plan become exercisable as to 25% on the first anniversary of the grant date and in equal quarterly installments thereafter for three years. In general, no installment is exercisable after the fourth anniversary of the date on which such installment first becomes exercisable, and options generally expire eight years from the grant date.

Authorized shares at December 31, 2000 were 17,355,000 shares under the 1994 Plan, 750,000 shares under the Director Plan and 12,857,371 shares under the 1998 Plan. At December 31, 2000 shares available for grant were 2,250,882 under the 1994 Plan, 610,500 under the Director Plan and 167,110 under the 1998 Plan.

The 1994 Employee Stock Purchase Plan, as amended (“Purchase Plan”), provides for sales of common stock to participating employees at prices of not less than 85% of the closing price on either the first day or the last day of the offering period, whichever is lower. At December 31, 2000 1,500,000 shares were authorized under the Purchase Plan and 498,178 shares were available for purchase. The cumulative total shares purchased under the plan through 1998, 1999 and 2000 were 550,432, 827,758 and 1,001,821, respectively.

The following table sets forth information regarding stock options outstanding at December 31, 2000 under all plans:

For certain options and stock awards granted prior to 1999, the Company is recognizing compensation expense based on the excess of fair market value over the option exercise or award prices at dates of grant. Compensation is being recognized ratably over the vesting periods and amounted to $1,983, $1,128 and $563 in 1998, 1999 and 2000, respectively.

Pro Forma Disclosure — Had the Company recognized compensation costs for its stock option and purchase plans based on the fair value for awards under those plans, in accordance with SFAS No. 123 “Accounting for Stock Based Compensation,” pro forma net income and pro forma net income per share would have been as follows:

The fair values used to compute pro forma net income and net income per share were estimated fair value at grant date using the Black-Scholes option-pricing model with the following weighted average assumptions:

Stockholder Rights Plan — On July 20, 1999 the Company’s Board of Directors adopted a Stockholder Rights Plan and a Rights Agreement to govern the Plan in which common stock purchase rights (each, a “Right”) would be distributed as a dividend at the rate of one Right for each share of the Company’s common stock outstanding as of the close of business on July 30, 1999. Each Right entitles rightsholders to purchase one share of common stock of the Company at a purchase price of $83.33, subject to adjustment (the “Purchase Price”). The Rights will be exercisable if another party acquires, or obtains the right to acquire, beneficial ownership of 15% or more of the Company’s common stock, or upon the commencement of a tender or exchange offer that, if consummated, would result in another party acquiring 15% or more of the Company’s common stock. In the event of an acquisition or a similar event, each Right, except those owned by the acquiring party, will enable the holder of the Right to purchase that number of shares of the Company’s common stock which equals the Purchase Price divided by one-half of the current market price (as defined in the Rights Agreement) of such common stock.

In addition, if the Company is involved in a merger or other transaction with another company in which it is not the surviving corporation, or it sells or transfers 50% or more of its assets or earning power to another company, each Right will entitle its holder to purchase that number of shares of common stock of the acquiring company which equals the Purchase Price divided by one-half of the current market price of such company’s common stock. The Company will generally be entitled to redeem the Rights at $0.001 per Right at any time until the tenth business day following the later of a public announcement that an acquiring party has acquired, or obtained the right to acquire, 15% or more of the Company’s common stock or the actual knowledge by an executive officer of the Company of such acquisition. Unless the Rights are redeemed or exchanged earlier, they will expire on July 20, 2009.

Share Repurchase Program — The Company has maintained a common stock repurchase program since October 1998. Under the current program, the Company is authorized to repurchase up to 9,750,000 shares of its common stock through October 3, 2001. Repurchased shares are used for stock option and employee stock purchase plans, and for general corporate purposes. Since the repurchase program was authorized, the Company has repurchased 13,603,500 shares of its common stock for an aggregate amount of $332,181, or an

average cost of $24.41 per share. The Company purchased 5,901,750 shares of its common stock during the year ended December 31, 2000, for an aggregate amount of $217,074, or an average cost of $36.78 per share.

During the year ended December 31, 2000, the Company received $17,630 from the sale of put options on its common stock and those proceeds were used to facilitate its share repurchase program. The proceeds were recorded as additional paid-in capital. At December 31, 2000, the Company had outstanding put options covering 2,250,000 shares of its common stock, at strike prices ranging from $34.23 to $40.85 per share. These options can only be exercised on certain dates, and expire through the second quarter of 2002. The Company has the option to settle the put options in cash, net shares or through physical delivery of the Company’s shares for cash. In certain remote circumstances, such as contract default, the option agreements provide the counterparty with the option of requiring cash settlement. The settlement of these put options will be recorded as a component of equity. The put options with strike prices in excess of the average closing market value of the Company’s common stock for the year ended December 31, 2000, of $38.87, would be considered dilutive. Accordingly, the put options had a dilutive effect on the calculation of earnings per share for the year ended December 31, 2000.

The Company has also entered into forward purchase contracts for 1,500,000 shares of its common stock in order to set purchase prices for its future repurchase of shares under its share repurchase program. The contracts have forward purchase prices ranging from $38.40 to $43.30 and provide for quarterly resets of the forward purchase price through the first quarter of 2001. If the reset date market price of the Company’s common stock is higher than the forward purchase price, the forward purchase price resets to the reset date market price and the Company receives the net differential. If the reset date market price of the Company’s common stock is lower than the forward purchase price, the Company is not obligated to settle the net differential and the forward purchase price does not reset. At the end of the contract if the market price of the Company’s common stock is lower than the forward purchase price, the Company is required to settle the net differential. The Company has the option to pay or receive net cash, net shares or settle with a cash payment for the gross amount of shares. The settlement on a reset date or at the end of the contract is recorded as a component of equity. During 2000, the forward purchase price for 572,500 shares was reset to $38.40 and the Company paid the net differential of $1,447, which has been recorded as a decrease to additional paid-in capital. Contracts with forward purchase prices above the closing fair value of the Company’s common stock at December 31, 2000 of $35.25 would be considered dilutive. Accordingly, the forward purchase contracts did have a dilutive effect on the earnings per share calculation at December 31, 2000.

For the years ended December 31, 1998, 1999 and 2000, comprehensive income was as follows:

The tax effects of unrealized holding gains and (losses) on marketable securities were $82, $157,857 and $(135,062) for 1998, 1999 and 2000, respectively.

Significant components of the Company’s deferred tax assets and liabilities were as follows at December 31:

The reconciliation between the statutory and effective income tax rates is as follows:

In the fourth quarter of 1998, the Company made certain elections for U.S. tax reporting purposes that resulted in a deferred tax asset of approximately $39,333 relating to the DynaSoft acquisition, a taxable business combination in 1997 which was accounted for as a pooling of interests. In accordance with provisions of SFAS No. 109, the Company simultaneously recorded a $25,498 valuation allowance, reducing the deferred tax asset to an amount that management believed is more likely than not to be realized. The net deferred tax asset of $13,835 was recorded with a corresponding increase to additional paid-in capital. During the fourth quarter of 2000, the Company reversed the valuation allowance of $25,498, due to revised estimates of what management believes will more likely than not be realized.

Tax benefits arising from exercise of stock options were $4,482, $16,790 and $30,241 in 1998, 1999 and 2000, respectively.

Cash payments for income taxes were approximately $18,249, $101,929 and $63,964 in 1998, 1999 and 2000, respectively.

The Company has a 401(k) retirement and savings plan which allows each participant to defer up to 20% of annual earnings up to an amount not to exceed an annual statutory maximum. The Company may make, at its discretion, matching and profit-sharing contributions. Generally, matching and profit-sharing contributions made by the Company vest annually over four years. Matching contributions were $582, $657 and $857 in 1998, 1999 and 2000, respectively, and profit sharing contributions were $336, $786 and $608 in 1998, 1999 and 2000, respectively.

The Company also has a non-qualified deferred compensation program which permits key employees to annually elect to defer a portion of their compensation for not less than three years or until their retirement, termination, death or disability. To assist in the financing of the funding of the deferred compensation program, the Company has invested in corporate owned life insurance policies. Deferred compensation expense was $1,192 in 2000.

The Company leases office facilities under non-cancelable operating leases expiring through 2017. Future minimum rental payments are as follows:

Net rent expense was approximately $4,884, $7,952 and $8,319 in 1998, 1999 and 2000, respectively. Rent collected from subleases of the Company’s former headquarters was $81, $271 and $582 in 1998, 1999 and 2000, respectively.

Until its expiration in September 2000, the Company had a license for cryptographic communication technology and devices from the Massachusetts Institute of Technology, which allowed for an exclusive right to use, lease or sell technology, subject to payment of royalties. Since September 2000, the Company has continued to use the technology but is no longer subject to the payment of royalties. Total royalty expense under all agreements was $6,235, $6,890 and $7,329 in 1998, 1999 and 2000, respectively.

In November 2000 the Company entered into fifteen year non-cancelable operating leases for a new corporate headquarters facility that is presently under construction. The new headquarters facility will be located in Bedford, Massachusetts and construction is expected to be completed in April 2002. The Company plans to sublease its existing occupied space in Bedford, Massachusetts once it occupies its new facility. At this time, the Company does not believe it will incur any material losses from any sublease of its existing principal facilities leases. In connection with the leases of the new facility, the Company loaned the lessor $4,500, bearing interest due monthly at 6% per annum, which matures 15 days after the occupancy of the new facility. The note receivable has been included in prepaid expenses at December 31, 2000.

During 2000, the Company entered into a $10,000 line of credit agreement with a major financial institution maturing on June 30, 2001, subject to annual extension provisions. This agreement was unused at December 31, 2000. Borrowings under this agreement will bear interest, at the Company’s option, at either

fixed or variable rates linked to either the London Interbank Offered Rate or the Prime Rate. Borrowings will be collateralized by cash deposits of the Company.

The Company has two reportable segments, e-Security Solutions and RSA Capital (formed January 2000). The segments were determined primarily on how management views and evaluates the business. The operations of the e-Security Solutions segment consist of the sale of software licenses, hardware, maintenance and professional services through two product groups, Enterprise solutions and Developer solutions. Enterprise solutions include sales of RSA SecurID authenticators, RSA ACE/ Server software, RSA Keon software, and maintenance and professional services and Developer solutions include sales of RSA BSAFE cryptographic software and protocol products, RSA Keon components, and maintenance and professional services.

In January 2000 the Company redefined the reporting segments of its business to include the RSA Capital segment. This segment includes the activities relating to the Company’s existing and future investments in e-businesses and other technology companies. The Board of Directors has authorized the Company to invest in and solicit investments for RSA Ventures I, a venture capital fund. The fund may raise up to $200,000, with the Company’s portion not to be less than $100,000. Expenses incurred in connection with RSA Capital are primarily for general and administration, management and professional fees, and are included in general and administrative expenses.

Non-recurring expense items that are not identifiable to the Company’s two segments have been included in other below and include restructuring charges and costs associated with the Company’s 1999 rebranding. The tables below present information about the Company’s reportable segments for the years ended December 31, 1999 and 2000:

The Company’s operations are conducted throughout the world. Operations in North America represent more than 10% of revenue and income from operations. The Company’s operations in other countries are individually insignificant and have been included in “Rest of world” below. The following tables present information about e-Security Solutions revenue for the years ended December 31, 1998, 1999 and 2000:

During 2000, the Company purchased land and a building in the United Kingdom for $23,097, which has been recorded as property and equipment on the balance sheet at December 31, 2000.

On or about December 11, 1998, a purported class action was filed in the United States District Court for the District of Massachusetts on behalf of all purchasers of the Company’s common stock during the period from and including September 30, 1997 through July 15, 1998: Fitzer v. Security Dynamics Technologies, Inc., Charles R. Stuckey, Jr., D. James Bidzos, Arthur W. Coviello, Jr., John Adams, Marian G. O’Leary and Linda B. Saris, Civil Action No. 98-CV-12496-WGY. The plaintiffs subsequently dismissed without prejudice the claims against Ms. Saris. The plaintiffs asserted that the defendants misled the investing public concerning demand for the Company’s products, the strengths of its technologies, and certain trends in the Company’s business and sought unspecified damages, interest, costs and fees of their attorneys, accountants and experts. On September 28, 2000, the United States District Court granted the defendants’ motion to dismiss, and entered a judgment dismissing the plaintiffs’ claims with prejudice. On October 18, 2000, the plaintiffs filed in the District Court a notice of appeal from the judgment. After the notice of appeal was filed, the defendants made a motion to the District Court to modify the judgment of dismissal, and to add certain material to the record on appeal. The District Court denied the defendants’ motion, and defendants’ appeal from the denial of the motion has been consolidated with the plaintiffs’ appeal. Even if the plaintiffs’ request for appeal is granted and the District Court’s decision is reversed, the Company believes that this suit will not have a material adverse effect on the Company’s continuing operations or consolidated financial position.

On or about May 20, 1999, Kenneth P. Weiss, the founder and a former director, officer and employee of the Company, filed a demand for arbitration alleging that (a) the Company constructively terminated Mr. Weiss in May 1996 in violation of his Employment Agreement with the Company, and (b) the Company breached its obligations under Mr. Weiss’ Employment Agreement by refusing to release certain assignments of patents. Mr. Weiss subsequently amended his complaint to remove the constructive termination claim. Mr. Weiss sought unspecified damages, interest, costs and fees of his attorneys and experts, as well as the return of his rights in certain patents he created and assigned to the Company in the course of his employment. Hearings in the proceeding took place over ten days in the fall and winter of 2000. On February 26, 2001, the arbitration panel entered an order denying all of Mr. Weiss’s remaining claims.

On or about June 15, 2000, David Moran, a stockholder of RSA Security, filed a shareholder derivative action in the Court of Chancery of New Castle County in the State of Delaware on behalf of himself and all others similarly situated v. Charles R. Stuckey, Jr., D. James Bidzos, Richard L. Earnest, Dr. Taher Elgamal, James K. Sims, Joseph B. Lassiter, III, Arthur Coviello, Jr., Robert P. Badavas, VeriSign, Inc. and RSA Security Inc, f/k/a Security Dynamics Technologies, Inc., Civil Action No. 18107NC. Mr. Moran asserts that the Company’s Board of Directors breached its fiduciary duty to the Company by failing to obtain certain international patents, by failing to enforce the terms of certain agreements with VeriSign, and by appointing Mr. Stuckey as President of RSA Investments. Mr. Moran seeks unspecified damages, interest, costs and fees of his attorneys, accountants and experts, as well as injunctive relief. The Company believes that Mr. Moran’s claims are without merit, and intends to defend the lawsuit vigorously. The Company believes that the disposition of this matter will not have a material adverse effect on the Company’s continuing operations or consolidated financial position.

On or about August 16, 2000, James V. Biglan, a stockholder of the Company, filed a shareholder derivative action in the Court of Chancery of New Castle County in the State of Delaware derivatively on behalf of the Company v. Charles R. Stuckey, Jr., D. James Bidzos, Richard L. Earnest, Dr. Taher Elgamal, James K. Sims, Robert P. Badavas, Joseph B. Lassiter, III, Arthur Coviello, Jr., VeriSign, Inc. and RSA Security Inc. f/k/a Security Dynamics Technologies, Inc., Civil Action No. 18190NC. Mr. Biglan asserts that the Company’s Board of Directors breached its fiduciary duty to the Company by failing to obtain certain international patents, by failing to enforce the terms of certain agreements with VeriSign, by permitting the violation of federal securities laws by RSA Security and certain insiders, and by appointing Mr. Stuckey as President of RSA Investments. Mr. Biglan seeks unspecified damages, interest, costs and fees of his attorneys, accountants and experts, as well as injunctive relief. The Company believes that Mr. Biglan’s claims are without merit, and intends to defend the lawsuit vigorously. The Company believes that the disposition of this matter will not have a material adverse effect on the Company’s continuing operations or consolidated financial position.

On or about September 29, 2000, the Court of Chancery of New Castle County in the State of Delaware consolidated Mr. Moran’s and Mr. Biglan’s cases.

In September 1998 the Company granted options to purchase an aggregate of 325,000 shares of common stock in connection with the settlement of threatened litigation arising out of the acquisition of Intrusion Detection, Inc. (“IDI”). The value of the options was determined to be $1,872, using the Black-Scholes option-pricing model, which was recorded as legal settlement expense in the consolidated statement of income for the year ended December 31, 1998.

From time to time, the Company has been named as a defendant in other legal actions arising from its normal business activities, which the Company believes will not have a material adverse effect on the Company or its business.

VeriSign developed certain certificate authority software technology of which the Company was the exclusive distributor under a five year term subject to cancellation at the Company’s election. The Company paid VeriSign $2,700 as an initial license fee, $500 at the execution of the distributor agreement, and license fees of $1,100 in 1999 and $2,250 in 2000. In November 2000 the Company elected to cancel its exclusive distribution agreement with VeriSign and paid additional license fees of $1,380. The license fees are recorded as a component of cost of revenue as the related products are sold. Unamortized prepaid royalties were $1,891 and $5,221 at December 31, 1999 and 2000, respectively. The Company sublet facilities to VeriSign in exchange for lease payments of $81 in 1998. A Company director serves as VeriSign’s Chairman of the Board of Directors.

A stockholder, who owns less than 5% of the Company’s common stock, provides consulting services to the Company and received $82, $48 and $132 in 1998, 1999 and 2000, respectively.

In 1999, the Company commenced and substantially completed consolidation of certain operations in an attempt to achieve operational efficiency. The Company recorded costs of $11,350, consisting primarily of severance costs for 41 employees who were employed primarily in research and development and general and administrative activities for the formerly separate operations of IDI, facility exit costs and other direct costs. Facility exit costs consist primarily of estimated shortfalls of sublease rental income compared to minimum lease payments due under a lease agreement. During 2000, the Company reversed $2,079 of previously recorded restructuring costs due to revised estimates of the facility exit costs, including associated legal costs and other direct costs. Remaining costs of approximately $347 were accrued and unpaid at December 31, 2000 and consisted of facility exit costs.

Acquisition — On February 12, 2001, the Company completed its acquisition of Xcert International, Inc., a company that develops and delivers digital certificate-based products for securing e-business transactions, for approximately $67,500 in cash plus the assumption of all Xcert stock options. The transaction will be accounted for as a purchase.

Put Option Contract Settlement — In March 2001, as part of the ongoing share repurchase program, the Company purchased 375,000 shares of its common stock for $13,943 in cash through the settlement of one of its put option contracts. This settlement was recorded as a component of stockholders’ equity.

Litigation — On or about February 2, 2001, Leon Stambler filed a complaint for patent infringement in U.S. District Court for the District of Delaware against the Company, VeriSign, Inc., First Data Corporation, Openwave Systems Inc., and Omnisky Corporation, Case Number 01-0065. In his complaint, Mr. Stambler alleges that certain products marketed by each of the defendants infringe various patents that he owns, and he seeks unspecified damages as well as a preliminary and permanent injunction enjoining the defendants from infringing the claims asserted. It is possible that those other defendants who are the Company’s licensees may seek indemnification from the Company for these claims pursuant to the licenses in effect between those defendants and the Company. Although the Company believes that Mr. Stambler’s claims are without merit and intends to defend the lawsuit vigorously, the Company cannot predict the ultimate outcome of this matter; however, the Company believes that the disposition of this matter will not have a material adverse effect on the Company’s continuing operations or consolidated financial position.

The information required by this item is contained in part under the caption “Executive Officers of RSA Security” in Part I hereof, and the remainder is contained in our Proxy Statement for our Annual Meeting of Stockholders to be held on April 27, 2001 (the “2001 Proxy Statement”) under the captions “Proposal 1 — Election of Directors” and “Section 16(a) Beneficial Ownership Reporting Compliance” and is incorporated herein by this reference.

Officers are elected on an annual basis and serve at the discretion of our Board of Directors.

The information required by this item is contained under the captions “Director Compensation,” “Compensation of Executive Officers” and “Comparative Stock Performance” in the 2001 Proxy Statement and is incorporated herein by this reference.

The information required by this item is contained under the caption “Stock Ownership of Certain Beneficial Owners and Management” in the 2001 Proxy Statement and is incorporated herein by this reference.

The information required by this item is contained under the caption “Certain Relationships and Related Transactions” in the 2001 Proxy Statement and is incorporated herein by this reference.

1. Financial Statements. The Consolidated Financial Statements are filed as part of this Report. The Consolidated Financial Statements include:


	Independent Auditors’ Report Consolidated Balance Sheets Consolidated Statements of Income Consolidated Statements of Stockholders’ Equity Consolidated Statements of Cash Flows Notes to Consolidated Financial Statements

2. Financial Statement Schedule. Financial Statement Schedule II “Valuation and Qualifying Accounts” immediately following the Exhibit Index is filed as part of this Report.

3. Exhibits. The Exhibits listed in the Exhibit Index following the signature page to this Report are filed as part of this Report.

On December 12, 2000, we filed a Current Report on Form 8-K, dated November 27, 2000, reporting the disposition of some of our assets.

Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, RSA Security Inc. has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.


	By:	/s/ ARTHUR W. COVIELLO, JR.



	Arthur W. Coviello, Jr.
	Chief Executive Officer
	and President

Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of RSA Security Inc. and in the capacities and on the dates indicated.


†	Confidential treatment previously granted by the Securities and Exchange Commission as to certain portions.






Delaware		04-2916506
(State or other jurisdiction of Incorporation or Organization)		(I.R.S. Employer Identification No.)





36 Crosby Drive Bedford, Massachusetts		01730
(Address of Principal Executive Offices)		(Zip Code)


		PART OF FORM 10-K
DOCUMENT		INTO WHICH INCORPORATED

Portions of the Registrant’s Proxy Statement for the 2001 Annual Meeting of Stockholders		Items 10, 11, 12 & 13 of Part III


PART I
	ITEM 1. BUSINESS
	ITEM 2. PROPERTIES
	ITEM 3. LEGAL PROCEEDINGS
	ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS
EXECUTIVE OFFICERS OF RSA SECURITY
PART II
	ITEM 5. MARKET FOR OUR COMMON EQUITY AND RELATED STOCKHOLDER MATTERS
	ITEM 6. SELECTED FINANCIAL DATA
	ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
	ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
	ITEM 8.FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
PART III
	ITEM 10.DIRECTORS AND EXECUTIVE OFFICERS OF RSA SECURITY
	ITEM 11.EXECUTIVE COMPENSATION
	ITEM 12.SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT
	ITEM 13.CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS
PART IV
	ITEM 14.EXHIBITS, FINANCIAL STATEMENT SCHEDULES AND REPORTS ON FORM 8-K
SIGNATURES
EXHIBIT INDEX
SCHEDULE II
Ex-10.5 Amend & Restated 1998 Stock Plan
Ex-10.13 Employment Agreement w/ Thomas L Schuster
Ex-10.31 Lease dated 11/16/00 w/ Bedford Woods
Ex-10.32 Lease dated 11/17/00 w/ Bedford Woods
Ex-21.1 Subsidiaries of RSA Security Inc.
Ex-23.1 Consent of Deloitte & Touche LLP


	High		Low

1999




First Quarter	$	19.25	$	9.92




Second Quarter	$	14.75	$	10.04




Third Quarter	$	19.75	$	10.71




Fourth Quarter	$	51.66	$	19.75


	High		Low

2000




First Quarter	$	62.04	$	33.42




Second Quarter	$	48.33	$	25.92




Third Quarter	$	53.33	$	27.25




Fourth Quarter	$	40.33	$	23.50


[X]	ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE


[ ]	TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE


Name	Age		Position

Arthur W. Coviello, Jr.		47	Chief Executive Officer, President and Director




Charles R. Stuckey, Jr.		58	Chairman of the Board of Directors and President of RSA Investments Inc.




John Adams, Ph.D.		59	Chief Technology Officer and Senior Vice President




John F. Kennedy		52	Chief Financial Officer, Senior Vice President, Finance and Operations and Treasurer




Linda E. Saris		48	Senior Vice President, New Ventures




Scott T. Schnell		42	Senior Vice President, Marketing and Corporate Development




Thomas L. Schuster		47	Senior Vice President, Worldwide Sales and Professional Services




Margaret K. Seif		39	Senior Vice President, General Counsel and Secretary




Joseph Uniejewski		47	Senior Vice President, Engineering and Customer Support




Vivian M. Vitale		47	Senior Vice President, Human Resources



			Years ended December 31,

			1996		1997			1998		1999		2000

Statement of Operations Data




Revenue




	Products		$	79,865	$	127,683		$	154,092	$	190,736	$	238,027




	Services			6,552		12,947			17,242		27,388		42,164

		Total revenue		86,417		140,630			171,334		218,124		280,191

Cost of revenue




	Products			14,450		22,512			30,890		30,813		33,158




	Services			3,981		6,192			9,891		14,348		21,825

		Total cost of revenue		18,431		28,704			40,781		45,161		54,983

Gross margin				67,986		111,926			130,553		172,963		225,208




Costs and expenses




	Research and development			13,682		27,180			31,981		37,640		45,032




	Marketing and selling			24,829		41,926			66,788		89,943		102,788




	General and administrative			14,603		17,171			19,007		27,261		35,409




	Merger and integration			6,100		5,700			2,600		—		—




	Restructuring			—		—			—		11,350		(2,079	)




	Legal settlement			—		—			1,872		—		—

		Total		59,214		91,977			122,248		166,194		181,150

Income from operations				8,772		19,949			8,305		6,769		44,058




Interest income				4,889		6,273			8,676		10,007		12,864




Income from investing activities				11,027		4,264			35,427		285,952		272,853

Income before provision for income taxes				24,688		30,486			52,408		302,728		329,775




Provision for income taxes				11,003		13,324			23,571		118,982		124,012




Minority interests				—		(114	)		578		16		—

Net income			$	13,685	$	17,048		$	29,415	$	183,762	$	205,763

Basic earnings per share (1)




Per share amount			$	0.25	$	0.29		$	0.48	$	3.13	$	3.50

Weighted average shares				55,748		58,434			61,363		58,757		58,051

Diluted earnings per share (1)




Per share amount			$	0.23	$	0.28		$	0.46	$	2.92	$	3.21

	Weighted average shares			55,748		58,434			61,363		58,757		58,051




	Effect of dilutive equity instruments			3,799		2,538			2,382		4,213		5,976

Adjusted weighted average shares				59,547		60,972			63,745		62,970		64,027



	December 31,

	1996		1997		1998		1999		2000

Balance Sheet Data




Cash, cash equivalents and marketable securities	$	107,008	$	164,659	$	158,236	$	1,383,281	$	335,102




Working capital		110,103		178,348		180,885		553,307		305,667




Total assets		147,355		233,975		280,855		1,512,124		589,514




Stockholders’ equity		125,104		200,653		242,720		611,024		481,004


(1)	Per share and share amounts have been adjusted to reflect the three-for-two stock split, declared in February 2001, payable in the form of a common stock dividend to holders of record on March 9, 2001, which will be effected on or about March 23, 2001.


ITEM 7.	MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS


	First		Second		Third		Fourth
	Quarter		Quarter		Quarter		Quarter


	(in thousands, except per share data)




2000




Revenue	$	63,340	$	66,700	$	72,029	$	78,122




Gross margin		50,450		53,442		57,902		63,414




Income before provision for income taxes		39,717		60,468		65,215		164,375




Net income		24,600		37,232		40,016		103,915




Basic earnings per share	$	0.42	$	0.63	$	0.65	$	1.83




Diluted earnings per share	$	0.37	$	0.58	$	0.63	$	1.69




Results excluding non-core activity:




Net income		8,601		9,349		10,182		10,953




Basic earnings per share	$	0.15	$	0.16	$	0.17	$	0.19




Diluted earnings per share	$	0.13	$	0.15	$	0.16	$	0.18





1999




Revenue	$	48,672	$	51,809	$	55,658	$	61,985




Gross margin		37,235		41,427		44,412		49,889




Income before provision for income taxes		74,754		75,969		85,687		66,318




Net income		40,989		42,995		58,585		41,193




Basic earnings per share	$	0.69	$	0.74	$	1.00	$	0.70




Diluted earnings per share	$	0.65	$	0.70	$	0.95	$	0.64




Results excluding non-core activity:




Net income		5,052		5,957		7,421		9,921




Basic earnings per share	$	0.09	$	0.10	$	0.13	$	0.17




Diluted earnings per share	$	0.08	$	0.10	$	0.12	$	0.15


																				Accumulated
	Common Stock				Additional						Deferred			Treasury Stock						Other
					Paid-in			Retained			Stock									Comprehensive
	Shares		Amount		Capital			Earnings			Compensation			Shares			Amount			Income

Balance January 1, 1998		60,700,677	$	607	$	165,549		$	35,284		$	(116	)		763			—		$	(671	)




Issuance of common stock		1,434,361		14		8,431			(397	)					(166,380	)	$	1,223




Foreign acquisition tax benefit						13,835




Stock compensation						1,941						42




Share repurchase program															1,587,000			(12,135	)




Comprehensive income




Translation adjustment																					(425	)




Unrealized gain on marketable securities, net																					123




Net income									29,415

Total comprehensive income

Balance, December 31, 1998		62,135,038		621		189,756			64,302			(74	)		1,421,383			(10,912	)		(973	)




Issuance of common stock and warrants		9,120				10,007									(3,760,315	)		39,741




Stock compensation						1,116						12




Share repurchase program															6,114,750			(102,973	)




Comprehensive income




Translation adjustment																					(147	)




Unrealized gain on marketable securities, net																					236,786




Net income									183,762

Total comprehensive income

Balance, December 31, 1999		62,144,158		621		200,879			248,064			(62	)		3,775,818			(74,144	)		235,666




Issuance of common stock and warrants						(3,737	)								(3,699,762	)		72,256




Stock compensation						559						4




Share repurchase program															5,901,750			(217,074	)




Put option premiums						17,630




Equity of forward equity contracts						(1,447	)




Comprehensive income




Translation adjustment																					(1,381	)




Unrealized loss on marketable securities, net																					(202,593	)




Net income									205,763

Total comprehensive income

Balance, December 31, 2000		62,144,158	$	621	$	213,884		$	453,827		$	(58	)		5,977,806		$	(218,962	)	$	31,692



				December 31, 1999							December 31, 2000

						Net							Net
				Cost		Unrealized			Recorded		Cost		Unrealized			Recorded
				Basis		Gains			Basis		Basis		Gains			Basis

Debt securities recorded at market, maturing:




	Within one year			$	58,315	$	(126	)	$	58,189	$	24,188	$	(25	)	$	24,163




	Between 1 and 15 years				107,900		(2,586	)		105,314		5,500		(8	)		5,492

		Debt securities recorded at market			166,215		(2,712	)		163,503		29,688		(33	)		29,655

Equity securities recorded at market					13,882		1,083,726			1,097,608		4,094		(544	)		3,550

			Total marketable securities	$	180,097	$	1,081,014		$	1,261,111	$	33,782	$	(577	)	$	33,205


(a)	Financing costs on forward equity contracts are excluded from the computation of diluted earnings per share.


					Weighted Average
					Exercise
		Shares			Price Per Share

Outstanding at January 1, 1998			9,080,461		$	16.58




	Granted		13,688,906			10.06




	Exercised		(1,459,110	)		1.23




	Canceled		(9,267,549	)		21.73

Outstanding at December 31, 1998			12,042,708			8.90




	Granted		9,942,772			17.91




	Exercised		(3,658,251	)		7.55




	Canceled		(2,674,137	)		12.33

Outstanding at December 31, 1999			15,653,092			14.55




	Granted		8,936,787			34.95




	Exercised		(3,173,193	)		10.31




	Canceled		(1,443,675	)		16.18

Outstanding at December 31, 2000			19,973,011		$	24.10

	Exercisable at December 31, 1998		3,944,871		$	9.09

	Exercisable at December 31, 1999		2,821,375		$	10.32

	Exercisable at December 31, 2000		4,764,196		$	15.44


										Weighted
						Weighted Average				Average
				Weighted		Remaining		Number		Exercise Price for
Range		Number of		Average		Contractual Life		Currently		Currently
Exercise Price		Shares		Exercise Price		(Years)		Exercisable		Exercisable

	$0.30		4,725	$	0.30		3.0		4,725	$	0.30
	1.97 – 2.15		17,117		1.97		3.9		16,939		1.97
	4.41		2,939		4.41		0.3		2,939		4.41
	6.65 – 9.54		3,220,948		7.81		5.2		1,879,073		7.76
	10.67 – 15.00		2,367,847		12.55		6.3		679,540		12.35
	16.09 – 23.75		3,358,198		18.00		6.4		1,152,580		17.60
	24.77 – 35.67		7,266,087		29.77		7.4		1,023,900		29.35
	38.25 – 49.37		3,735,150		40.08		7.3		4,500		46.17

	$0.30 – $49.3		7 19,973,011	$	24.10		6.7		4,764,196	$	15.44


				Unrealized
				Holding
	Foreign			(Loss)			Accumulated
	Currency			Gain on			Other
	Translation			Marketable			Comprehensive
Accumulated other comprehensive income	Adjustments			Securities			Income

Balance, January 1, 1998	$	(750	)	$	79		$	(671	)




Period change		(425	)		123			(302	)

Balance, December 31, 1998		(1,175	)		202			(973	)




Period change		(147	)		236,786			236,639

Balance, December 31, 1999		(1,322	)		236,988			235,666




Period change		(1,381	)		(202,593	)		(203,974	)

Balance, December 31, 2000	$	(2,703	)	$	34,395		$	31,692


		1999			2000

Deferred tax assets (liabilities) — current:




	Unrealized hedge liability	$	274,414			—




	Unrealized gains on marketable securities		(442,032	)		—




	Investment in Crosby Finance, LLC		—		$	(23,163	)




	Revenue related items and other		5,887			2,681

Net deferred tax liabilities — current		$	(161,731	)	$	(20,482	)

Deferred tax assets (liabilities) — non current:




	Foreign acquisition asset	$	36,302		$	33,270




	Deferred gain — Investment in Crosby Finance, LLC		—			(23,007	)




	Purchased research and development		2,568			2,515




	Compensation		4,169			4,743




	Investment valuation		2,474			2,474




	Other		1,206			728




	Valuation allowance		(25,498	)		—

Net deferred tax assets — non current		$	21,221		$	20,723


Years Ended December 31,

2001	$	10,192




2002		14,412




2003		14,151




2004		13,788




2005 and thereafter		113,124



	Year Ended December 31, 2000

	e-Security		RSA
	Solutions		Capital			Other		Consolidated

Revenue	$	280,191		—			—	$	280,191

Income from operations	$	45,075	$	(3,096	)	$	2,079	$	44,058

Interest income and other	$	12,864		—			—	$	12,864

Income from investing activities		—	$	272,853			—	$	272,853

Depreciation and amortization	$	9,971		—			—	$	9,971

Identifiable assets	$	498,276	$	91,238			—	$	589,514



	Year Ended December 31, 1999

	e-Security		RSA
	Solutions		Capital			Other			Consolidated

Revenue	$	218,124		—			—		$	218,124

Income from operations	$	30,766	$	(147	)	$	(23,850	)	$	6,769

Interest income and other	$	10,007		—			—		$	10,007

Income from investing activities		—	$	285,952			—		$	285,952

Depreciation and amortization	$	9,182		—			—		$	9,182

Identifiable assets	$	414,516	$	1,097,608			—		$	1,512,124



	Years Ended December 31,

Product and service groups	1998		1999		2000

Enterprise solutions	$	133,129	$	165,168	$	211,835




Developer solutions		38,205		52,956		68,356

	$	171,334	$	218,124	$	280,191



	Years Ended December 31,

Geographic areas	1998		1999		2000

North America	$	112,042	$	152,103	$	187,124




Rest of world		59,292		66,021		93,067

	$	171,334	$	218,124	$	280,191


	Facility Exit			Severance			Other Direct
	Costs			Costs			Costs			Total

Recorded restructuring costs	$	2,000		$	8,000		$	1,350		$	11,350




Payments		(251	)		(7,609	)		(606	)		(8,466	)

Balance at December 31, 1999		1,749			391			744			2,884




Payments		(40	)	$	(391	)		(27	)		(458	)




Reversal of costs previously accrued		(1,362	)		—		$	(717	)		(2,079	)

Balance at December 31, 2000	$	347			—			—		$	347


ITEM 9.	CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE


Signature	Title	Date

/s/ ARTHUR W. COVIELLO, JR. Arthur W. Coviello, Jr.	Chief Executive Officer, President and Director (Principal Executive Officer)	March 27, 2001

/s/ JOHN F. KENNEDY John F. Kennedy	Senior Vice President, Finance and Operations, and Chief Financial Officer and Treasurer (Principal Financial and Accounting Officer)	March 27, 2001
/s/ CHARLES R. STUCKEY, JR. Charles R. Stuckey, Jr.	Chairman of the Board of Directors	March 27, 2001
/s/ ROBERT P. BADAVAS Robert P. Badavas	Director	March 27, 2001
/s/ D. JAMES BIDZOS D. James Bidzos	Director	March 27, 2001
/s/ RICHARD L. EARNEST Richard L. Earnest	Director	March 27, 2001
/s/ TAHER ELGAMAL Taher Elgamal	Director	March 27, 2001
/s/ JOSEPH B. LASSITER, III Joseph B. Lassiter, III	Director	March 27, 2001
/s/ JAMES K. SIMS James K. Sims	Director	March 27, 2001


	2.1			Assets Contribution Agreement, dated as of November 27, 2000, between RSA Security Business Trust and Crosby Finance, LLC is incorporated herein by reference to Exhibit 2.1 to our Current Report on Form 8-K dated November 27, 2000.

	2.2			Novation Agreement, dated November 27, 2000, among Deutsche Bank AG London, Deutsche Bank Securities Inc., RSA Security Business Trust and Crosby Finance, LLC is incorporated herein by reference to Exhibit 2.1 to our Current Report on Form 8-K dated November 27, 2000.
	3.1			RSA’s Third Restated Certificate of Incorporation, as amended, is incorporated herein by reference to Exhibit 3.1 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 2000.
	3.2			RSA’s Amended and Restated By-Laws, as amended, is incorporated herein by reference to Exhibit 3.3 to our Registration Statement on Form S-1 (File No. 33-85606) (the “Form S-1”).
	4.1			Specimen Certificate for shares of our common stock, $.01 par value per share, is incorporated herein by reference to Exhibit 4.1 to our Current Report on Form 8-K dated September 10, 1999.
	4.2			Rights Agreement, dated as of July 20, 1999, between RSA and State Street Bank and Trust Company, which includes as Exhibit A the Form of Rights Certificate and as Exhibit B the Summary of Rights to Purchase Common Stock, is incorporated herein by reference to Exhibit 1 to our Registration Statement on Form 8-A (File No. 000-25120).
	*10.1			1986 Stock Option Plan, as amended, is incorporated herein by reference to Exhibit 10.1 to the Form S-1.
	*10.2			1994 Stock Option Plan, as amended, is incorporated herein by reference to Exhibit 10.2 to our Annual Report on Form 10-K for the year ended December 31, 1996.
	*10.3			1994 Stock Option Plan, as amended — 1998 Restatement, as amended, is incorporated herein by reference to Appendix A to our Preliminary Schedule 14A filed March 5, 1999.
	*10.4			1994 Director Stock Option Plan, as amended, is incorporated herein by reference to Exhibit 10.3 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 1999.
	*10.5			Amended and Restated 1998 Non-Officer Employee Stock Incentive Plan, as amended.
	*10.6			1994 Employee Stock Purchase Plan, as amended, is incorporated herein by reference to Exhibit 10.2 to our Quarterly Report on Form 10-Q for the quarter ended September 30, 1999.
	*10.7			2000 Deferred Compensation Plan is incorporated herein by reference to Exhibit 10.1 to our Quarterly Report on Form 10-Q for the quarter ended March 31, 2000.
	*10.8			RSA Security Inc. Grantor Trust Agreement, dated March 13, 2000, between RSA and Wachovia Bank, N.A. is incorporated herein by reference to Exhibit 10.2 to our Quarterly Report on Form 10-Q for the quarter ended March 31, 2000.
	*10.9			Consulting Agreement, dated as of February 18, 1999, between RSA and D. James Bidzos is incorporated by reference to Exhibit 10.3 to our Quarterly Report on Form 10-Q for the quarter ended March 31, 1999.
	*10.10			Form of Amendment Number One to Consulting Agreement, dated March 1, 2000, between RSA and D. James Bidzos is incorporated herein by reference to Exhibit 10.3 to our Quarterly Report on Form 10-Q for the quarter ended March 31, 2000.
	*10.11			Employment Agreement, dated as of April 1, 2000, between RSA and Arthur W. Coviello, Jr. is incorporated herein by reference to Exhibit 10.2 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 2000.
	*10.12			Letter Agreement, dated as of May 1, 1989, between RSA and Linda E. Saris is incorporated herein by reference to Exhibit 10.7 to the Form S-1.
	*10.13			Employment Agreement, dated as of April 1, 2000, between RSA and Thomas L. Schuster.


	*10.14			Second Amended and Restated Employment Agreement, dated as of April 1, 2000, between RSA and Charles R. Stuckey, Jr. is incorporated herein by reference to Exhibit 10.3 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 2000.
	†10.15			Terms and Conditions of Purchase, dated January 1, 1994, between RSA and Gould Electronics is incorporated herein by reference to Exhibit 10.15 to the Form S-1.
	†10.16			Letter, dated October 12, 1994, from Sanyo Electric Co., LTD. to RSA is incorporated herein by reference to Exhibit 10.16 to the Form S-1.
	†10.17			Progress Software Application Partner Agreement, dated December 5, 1994, as amended, between RSA and Progress Software Corporation is incorporated herein by reference to Exhibit 10.17 to the Form S-1.
	†10.18			Second Amendment to Progress Software Application Partner Agreement, dated as of November 29, 1995, between RSA and Progress Software Corporation is incorporated herein by reference to Exhibit 10.13 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 1997.
	†10.19			Third Amendment to Progress Software Application Partner Agreement, dated as of November 15, 1996, between RSA and Progress Software Corporation is incorporated herein by reference to Exhibit 10.14 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 1997.
	†10.20			Fourth Amendment to Progress Software Application Partner Agreement, dated as of April 1, 1998, between RSA and Progress Software Corporation is incorporated herein by reference to Exhibit 10.18 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 1998.
	†10.21			Fifth Amendment to Progress Software Application Partner Agreement, dated as of February 18, 1999, between RSA and Progress Software Corporation is incorporated herein by reference to Exhibit 10.22 to our Annual Report on Form 10-K for the year ended December 31, 1999.
	†10.22			Sixth Amendment to Progress Software Application Partner Agreement, dated as of October 26, 1999, between RSA and Progress Software Corporation is incorporated herein by reference to Exhibit 10.23 to our Annual Report on Form 10-K for the year ended December 31, 1999.
	10.23			Indenture of Lease, dated as of March 11, 1996, between RSA and Beacon Properties, L.P. is incorporated herein by reference to Exhibit 10.17 to our Registration Statement on Form S-4 (File No. 333-7265).
	10.24			Rider to Indenture of Lease, dated as of March 11, 1996 between RSA and Beacon Properties, L.P. is incorporated herein by reference to Exhibit 10.6 to our Quarterly Report on Form 10-Q for the quarter ended March 31, 1998.
	10.25			First Amendment to Lease, dated as of May 10, 1997, between RSA and Beacon Properties, L.P. is incorporated herein by reference to Exhibit 10.2 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 1997.
	10.26			Second Amendment to Lease, dated as of April 8, 1998, between RSA and EOP — Crosby Corporate Center, L.L.C. is incorporated herein by reference to Exhibit 10.5 to our Quarterly Report on Form 10-Q for the quarter ended March 31, 1998.
	10.27			Third Amendment to Lease, dated as of May 9, 2000, between RSA and EOP — Crosby Corporate Center, L.L.C. is incorporated herein by reference to Exhibit 10.4 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 2000.
	10.28			Lease Agreement, dated as of August 15, 1997, between RSA and Peninsula Office Park Associates, L.P. is incorporated herein by reference to Exhibit 10.7 to our Quarterly Report on Form 10-Q for the quarter ended March 31, 1998.
	10.29			Lease Agreement, dated as of December 19, 1997, between RSA and Peninsula Office Park Associates, L.P. is incorporated herein by reference to Exhibit 10.8 to our Quarterly Report on Form 10-Q for the quarter ended March 31, 1998.


	10.30			Sublease Agreement, dated as of April 12, 1999, between RSA and netDialog Incorporated is incorporated herein by reference to Exhibit 10.1 to our Quarterly Report on Form 10-Q for the quarter ended June 30, 1999.
	10.31			Lease, dated as of November 16, 2000, between RSA and Bedford Woods Limited Partnership I.
	10.32			Lease, dated as of November 17, 2000, between RSA and Bedford Woods Limited Partnership I.
	10.33			Master Development and License Agreement, dated September 30, 1997, between RSA and VeriSign, Inc. is incorporated herein by reference to Exhibit 10.19 to VeriSign’s Registration Statement on Form S-1 (File No. 333-40789).
	10.34			Amendment Number One to Master Development and License Agreement dated as of December 31, 1998 between RSA and VeriSign is incorporated herein by reference to Exhibit 10.30 to VeriSign’s Registration Statement on Form S-1 (File No. 333-70121).
	21.1			Subsidiaries of RSA Security.
	23.1			Consent of Deloitte & Touche LLP, Independent Auditors.


*	Management contract or compensatory plan or arrangement filed in response to Item 14(a)(3) of the instructions to Form 10-K.


	Balance at		Charged to		Charged to						Balance at
	beginning of		costs and		other						end of
	period		expenses		accounts			Deductions			period

Allowance for doubtful accounts




For the year ended December 31, 2000	$	1,032	$	2,933	$	37	(A)	$	1,922	(B)	$	2,006




For the year ended December 31, 1999		710		630		—			308	(B)		1,032




For the year ended December 31, 1998		852		122		—			264	(B)		710





Accrued warranty costs




For the year ended December 31, 2000	$	105	$	—	$	—		$	—		$	105




For the year ended December 31, 1999		105		—		—			—			105




For the year ended December 31, 1998		105		—		—			—			105


(A)	Reflects recoveries of previously written-off accounts receivable balances