Back to GetFilings.com






- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549

----------------

FORM 10-K

(Mark One)
[X]ANNUAL REPORT PURSUANT TO SECTION 13 OR 15 (d) OF THE SECURITIES EXCHANGE
ACT OF 1934

For the Fiscal Year Ended December 31, 2000 or

[_]TRANSITION REPORT PURSUANT TO SECTION 13 OR 15 (d) OF THE SECURITIES
EXCHANGE ACT OF 1934

For the transition period from to

Commission File Number 000-31109

----------------

ValiCert, Inc.
(Exact name of registrant as specified in this charter)



Delaware 94-3297861
(State or other jurisdiction of (I.R.S. Employer
incorporation or organization) Identification No.)


339 North Bernardo Avenue
Mountain View, CA 94043
(Address of principal executive offices, including zip code)

(650) 567-5400
(Registrant's Telephone Number, including Area Code)

----------------

Securities registered pursuant to Section 12(b) of the Act:

None

Securities registered pursuant to Section 12(g) of the Act:



COMMON STOCK, $.001 PAR VALUE NASDAQ
(Title of Class) (Names of Each Exchange on which Registered)


----------------

Indicate by check mark whether the Registrant (1) has filed all reports
required to be filed by Section 13 or 15(d) of the Securities Exchange Act of
1934 during the preceding 12 months (or for such shorter period that the
Registrant was required to file such reports), and (2) has been subject to such
filing requirements for the past 90 days. Yes [X] No [_]

Indicate by check mark if disclosure of delinquent filers pursuant to Item
405 of Regulation S-K is not contained herein, and will not be contained, to
the best of Registrant's knowledge, in definitive proxy or information
statements incorporated by reference in Part III of this Form 10-K or any
amendment to this Form 10-K. [_]

Aggregate market value of the voting stock held on March 15, 2001 by non-
affiliates of the registrant: $34,079,330.

Number of shares of Common Stock outstanding at March 15, 2001: 22,806,225.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the definitive proxy statements for the 2001 Annual Meeting are
incorporated by reference into Part III hereof.

- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------


VALICERT, INC.

2000 ANNUAL REPORT ON FORM 10-K

TABLE OF CONTENTS



Page
----

PART I


ITEM 1. BUSINESS...................................................... 3

ITEM 2. PROPERTIES.................................................... 21

ITEM 3. LEGAL PROCEEDINGS............................................. 21

ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS........... 21

PART II

ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY AND RELATED STOCKHOLDER
MATTERS....................................................... 22

ITEM 6. SELECTED FINANCIAL DATA....................................... 22

ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION
AND RESULTS OF OPERATIONS..................................... 23

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK.... 42

ITEM 8. CONSOLIDATED FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA...... 42

ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING
AND FINANCIAL DISCLOSURE...................................... 42

PART III

ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT............ 43

ITEM 11. EXECUTIVE COMPENSATION........................................ 45

ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND
MANAGEMENT.................................................... 45

ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS................ 45

PART IV

ITEM 14. EXHIBITS, FINANCIAL STATEMENTS, SCHEDULES AND REPORTS ON
FORM 8-K...................................................... 46

SIGNATURES.............................................................. IV-2


2


PART I

ITEM 1. BUSINESS

Certain statements contained in this Annual Report on Form 10-K, including
statements containing the words "believes," "anticipates," "estimates,"
"intends," "expects," and words of similar meaning, are forward-looking
statements within the meaning of the Private Securities Reform Act of 1995.
Actual results could vary materially from those expressed in the statements.
Readers are referred to the "Sales and Marketing," "Customer Service, Training
and Support," "Research and Development," "Competition," "Intellectual
Property," "Management's Discussion and Analysis of Financial Condition and
Results of Operation" and "Factors That May Impact Future Results" sections
contained in this Annual Report on Form 10-K, which identify some of the
important factors or events that could cause actual results or performances to
differ materially from those contained in the forward-looking statements.

Although we believe that the expectations reflected in the forward-looking
statements are reasonable, we cannot guarantee future results, levels of
activity, performance or achievements. You should not place undue reliance on
these forward-looking statements.

Company Overview

ValiCert is a leading provider of end-to-end infrastructure software
products and services that organizations use to conduct valid, secure and
provable electronic transactions. We believe that our products and services
increase the trust in electronic business transactions before, during, and
after they occur, and by permitting parties to comply with digital signature
laws around the world, allow these transactions to be legally enforceable. We
believe that by utilizing our products and services, our customers are able to
realize cost savings and achieve operating efficiencies by migrating existing
paper processes onto the Internet and other electronic communication methods.
We believe that our products and services reduce the costs of fraudulent
transactions and security breaches, including direct losses, damage to
reputation and productivity losses resulting from downtime. Our customers
include Aetna, Barclay's, Dell, Identrus, NTT Communications, Unisys and the
United States Postal Service. Our validation authority software products and
services verify the status of digital certificates and establish the authority
of a party before conducting a transaction. Our secure data transfer software
products enable the confidential, reliable and tamper-proof transmission of
data during a transaction. Our digital receipt software products and services
utilize digital signatures to create and archive detailed information to
provide a provable audit trail after a transaction is completed. Our document
collaboration software products and services enable trusted and secure
exchange, signature and storage of electronic documents. To ensure broad
application and platform support for our products and services, we have formed
strategic alliances with Baltimore Technologies, Certicom, CMG, Entrust,
Gemplus, IBM, Microsoft, Netscape/iPlanet and TIBCO. We believe that our
products, services and strategic alliances provide a comprehensive solution to
address the rapidly growing Internet security software and services market. To
enhance the value proposition of our products and services, we have introduced
marketing and professional services initiatives for the B2B, financial services
and mobile commerce market segments.

We were incorporated in California in February 1996 and reincorporated in
Delaware in May 1998 as ValiCert, Inc. Our principal offices are located at 339
North Bernardo Avenue, Mountain View, California 94043. Our telephone number is
(650) 567-5400. Our website address is www.valicert.com, but the information on
our website does not constitute a part of this Annual Report on Form 10-K.

Industry Background

Growth of Internet commerce and communications

The Internet, with its global reach, cost-effectiveness and ability to
enable real-time interactions, is fundamentally changing the way in which
companies, government agencies and individuals conduct business and interact
with one another. The Internet has enabled organizations to more efficiently
communicate and

3


conduct commerce directly with their customers, suppliers and partners. The
Internet has been traditionally used for non-critical information publishing,
e-mail, and more recently, for business-to-consumer electronic commerce.
However, it is being increasingly viewed as a medium for conducting a broad
range of business-to-business and other electronic transactions. We call these
transactions e-transactions, which include:

. electronic commerce and payments,

. electronic data interchange,

. file sharing,

. electronic document signing,

. electronic document collaboration, and

. business critical e-mail.

In September 1999, Forrester Research, an independent research firm,
reported that the companies it surveyed expect 78% of their customers and 65%
of their trading partners to conduct electronic commerce with them by 2002. To
accommodate this anticipated growth, organizations are making sizeable
investments in Internet infrastructure products and services, including
commerce applications, content management tools, analytic tools, customer
service tools, application servers and integration software. In October 1999
and March 2000, Forrester Research estimated that the domestic market for these
infrastructure products and services will grow from $13.7 billion in 1999 to
$79.3 billion by 2003.

Requirement for valid, secure and provable transactions

As an open network, the Internet does not restrict access and does not
inherently offer the degree of trust, security and provability that we believe
organizations and individuals increasingly require to ensure confidence in
electronic transactions. The people and organizations that rely on the Internet
to conduct transactions are subject to risks of theft, loss, alteration or
dissemination of confidential data, damage to their reputation and economic
loss through fraud. To minimize these risks, the Internet requires a framework
of trust that meets users' security requirements before, during and after a
transaction:

. Before a transaction, the validity of the credentials used by the
participants must be verified and the authority of the participants to
conduct the specific transaction must be confirmed. We refer to this
process as validation.

. During a transaction, the transmission of information must be secure and
reliable to ensure the integrity and confidentiality of the transaction.
We refer to this process as secure data transfer.

. After a transaction, a receipt or confirmation that records the details
of the transaction must be promptly generated and archived. This receipt
must typically include the type of transaction and the time at which it
occurred. We refer to the process of generating a receipt as transaction
notarization. We refer to the process of using a receipt to prove a
transaction occurred as non-repudiation.

In the physical world, this framework of trust is achieved through a
combination of business and legal practices and policies. These procedures
often include the use of physical credentials, a third-party entity to validate
those credentials, a secure medium to transmit transaction information and a
receipt to provide proof of the transaction. For example, an organization
making a purchase may use a corporate credit card as a physical credential to
establish its identity and credit worthiness, and the vendor will typically
rely on a third-party clearinghouse to validate the purchase. The transaction
data would be transmitted over a secure private network and a point of sale
system would then issue a time-stamped paper receipt as proof of the
transaction's occurrence. This framework of trust is essential as the number of
credentials, people and organizations involved increases and as the number and
value of the transactions conducted rise.

4


Evolution of Internet security infrastructure

Public key infrastructure has emerged as a critical element for creating
this framework of trust for the Internet. Based on public key cryptography,
public key infrastructure, or PKI, is the underlying system that organizations
use to issue and manage electronic credentials, which we refer to as digital
certificates, and the keys they contain to facilitate secure communications for
a large number of users. Each entity within an installed public key
infrastructure is assigned a public key, which is provided to others, and a
private key, which the entity keeps confidential. Information encrypted using
the public key can only be decrypted, or unscrambled, using the corresponding
private key. Conversely, information signed with the private key can be
verified as authentic with the corresponding public key.

As public key infrastructure is incorporated into various computer
applications, the number of companies that market and distribute digital
certificate products and services has increased. The software product or the
entity that issues and manages the life cycle of digital certificates is
referred to as a certificate authority. As organizations increase their usage
of the Internet to conduct e-transactions, industry spending on public key
infrastructure and related security infrastructure components is expected to
grow rapidly. In August and December 1999, International Data Corporation
estimated that enterprises will spend $10.5 billion on Internet security
software and services by 2003, up from $3.7 billion in 1998.

Use of digital certificates and the need for validation before a transaction

Digital certificates act as proofs of identity for users, servers, routers,
downloaded programs and other components in a network environment. These
credentials establish an entity's membership in a specific organization or
community. They have become the primary mechanism for verifying the identities
of parties involved in a transaction before it is executed. However, digital
certificates do not, by themselves, establish the validity of a party's
credentials or provide real-time authorization to conduct a specific
transaction. For example, a digital certificate can verify the identity of an
employee before a transaction but cannot provide real-time validation of the
employment status of that individual or the specific spending restrictions or
other limits that may apply. A credential can be validated only if the
revocation status of the digital certificate is known and evaluated against a
specific set of policies which describe the party's authority to engage in a
given transaction. We refer to the software or entity that is used to validate
transactions as a validation authority.

Many certificate authorities incorporate some validation capabilities for
credentials they issue but typically do not provide validation of credentials
issued by other vendors. Most certificate authorities use specific validation
protocols which may not be compatible with the validation protocols used by a
given software application. This inability to cross-validate digital
certificates limits the use of those certificate authorities for validation in
multi-certificate authority environments which are common for transactions that
cross-organizational and geographic boundaries. We believe that there is a need
to separate the validation authority from the certificate authority to address
the need for cross-validation and to enhance trust standards. We believe that
this separation of duties between a validation authority and a certificate
authority mitigates the consequences of certificate authority compromise.

Securing data during a transaction

Organizations use a variety of methods to securely transfer data across a
network while conducting an e-transaction. Dedicated private networks, virtual
private networks, referred to as VPNs, and secure e-mail are mechanisms for
ensuring the private and tamper-proof transmission of data. While these
mechanisms provide security, they also typically add set-up time, cost and
complexity to the enterprise's business processes. Enterprises that employ
dedicated private networks, VPNs and secure e-mail can generally securely
transfer data only to those customers, suppliers or trading partners that
employ the same proprietary technology. While these methods are suitable for
some business applications, they are not designed to be an automated, highly
scalable solution that supports the transfer of large data files, readily
integrates with existing systems, provides notification capabilities, and
generates a secure audit trail for each transmission.

5


Creating an audit trail after a transaction

To provide an audit trail for e-transactions, a framework of trust must
include detailed proof of occurrence. A digital receipt is an electronically
time-stamped, signed, documented and archived proof of a transaction that
provides the parties to the transaction with a means for non-repudiation should
a dispute arise at a later date. E-mail confirmations, proprietary receipts and
web-based confirmations are used to prove the occurrence of a transaction.
These mechanisms are typically tied to specific business applications. For
example, online stock trading, consumer retail purchasing and Internet-based
electronic payments are generally limited in scope and not extensible.

Many public key infrastructure-based products also include varying degrees
of time stamping functionality to record the time and other details about a
transaction. These time stamping methods often record the information in data
formats that are not easily shared among applications. Transactions over the
Internet are increasingly being conducted using a common format called
extensible markup language, which facilitates the exchange of information
between disparate computer systems and applications. We believe that a digital
receipt based on extensible markup language enables the flexible exchange of
proof of occurrence details among different entities while meeting
organizations' requirements for non-repudiation. We also believe that with the
recent passage of the Electronic Signatures in Global and National Commerce Act
or ESIGN, in the United States, and similar laws that have been passed or are
being considered in other countries, digitally time-stamped and digitally-
signed receipts will be considered by courts of law as binding proof of
electronic transactions.

Application enabling secure electronic document collaboration and storage

Companies are increasingly using on the Internet as the means by which to
negotiate and exchange sensitive documents such as contracts, letters of credit
and design plans. Storing and exchanging sensitive information over the public
network, however, requires document control and access, assurance of delivery,
content integrity, and proof of occurrence. We believe a need exists for a
secure, web-accessible application for collaborating on and storing vital
documents. We believe a need also exists for the means to manage document-
related information such as digital signatures, versioning and tamper-evident
audit trails.

Need for an end-to-end, secure infrastructure for e-transactions

We believe that organizations require a trusted, extensible infrastructure
to conduct valid, secure and provable transactions over the Internet. Current
approaches do not provide the necessary trusted infrastructure because they
generally do not address all stages of a transaction, are limited in scope and
are often inflexible, expensive and proprietary in nature. In many cases, the
vendors of security products do not have the operational expertise or have not
built the requisite data center infrastructure to deliver trust services. Trust
services are security services that are offered to organizations that wish to
outsource validation, notarization and non-repudiation to a third party.
Vendors that do not offer trust services can only sell software licenses and
will not be able to provide their customers the flexibility to purchase either
the software or outsourced services.

We believe that to establish a trusted infrastructure for e-transactions,
organizations require:

. end-to-end, modular solutions that effectively address an organization's
trust requirements before, during and after a transaction;

. flexible deployment alternatives, including internally managed,
outsourced and service provider hosted models;

. the ability to support a broad range of applications and platforms to
accommodate investments in public key infrastructure, applications and
platforms; and

. products and services that are based on open standards to provide the
scalability, flexibility and interoperability that is required among
multiple certificate authority vendors and payment systems.

6


Solution

We offer a suite of end-to-end infrastructure software products and services
that organizations use to conduct sensitive electronic transactions that are
valid, secure and provable. We believe our infrastructure products and services
increase the trust in electronic business transactions before, during, and
after they occur, and by permitting parties to comply with digital signature
laws around the world, enable these transactions to be legally enforceable. Our
scalable, high-performance software products and services are based on open
standards and incorporate our technologies, including our certificate
validation mechanisms, stateful validation, secure data transfer, extensible
markup language-based digital receipt and secure document collaboration
technologies. We have established a broad range of relationships with
application and platform vendors which we believe will enable the widespread
adoption of our validation, secure transport, digital receipt and document
collaboration software products and services.

Key components of our offering include:

End-to-end, modular, secure infrastructure software products and
services. We offer end-to-end, modular, secure infrastructure software products
and services that address the security requirements at nearly every stage of a
transaction. We provide validation of credentials before a transaction, the
secure transfer of data during a transaction and transaction notarization and
non-repudiation after a transaction. We also provide an application for secure
electronic document collaboration. We have developed technologies to address
the performance, interoperability and scalability issues of digital
credentials, secure data transfer and extensible markup language-based digital
receipts. Customers may implement one element of our modular software products
and services and expand to include others, as their needs require.

Flexible deployment models. We believe that our software products and
services are attractive to a broad range of customers because we offer a number
of deployment models to meet specific customer requirements. We collectively
refer to this as all-sourcing, which gives our customers three choices:

. insourced hosting of our software;

. outsourcing to us as a trusted third party provider of managed services;
or

. outsourcing to one of our service provider customers.

Customers can select a model based on their specific business application,
available resources, time to market considerations, and desired level of
control and operational responsibility. Because of the common architecture that
underlies our products and services, our customers may migrate their data and
applications from one deployment model to another as their needs change. Our
products and services can be distributed over one or many computer systems.
This feature enhances performance and scalability, and allows some functions of
credential validation, digital receipt issuance and management, and document
collaboration and storage to be installed at the customers' locations, while
maintaining a secure and reliable link to our global service for back-end
processing.

Extensive security and trusted practices. We believe that our significant
investments in security and trust practices help customers of our software
products and services conduct transactions with the assurance that the security
of the transactions will be maintained. We have adopted industry-endorsed
practices and procedures for conducting secure transactions and adhere to a
strict operations protocol that has been designed by Internet security industry
experts to exceed typical commercial security requirements. We have invested
substantial time and effort in establishing the physical security and controls
essential to operating a secure, large-scale data center. For example, we use
multiple Internet service providers to ensure the reliability of our Internet
connections and we have taken special precautions to prevent security breaches.
Our network is also designed to provide redundancy in case of equipment
failure.

End-user credential neutrality. Our products and services are intended to
support various end-user credentials, including digital certificates, soft
tokens, hard tokens and standard user names and passwords.

7


While we believe that electronic transaction processes that utilize digital
certificates and validation offer the most secure user identification
environment, we realize that many applications do not use these certificates.
For this reason, our products and services are designed to be compatible with
varying end-user credentials.

Certificate authority and payments neutrality. Our products are intended to
support leading certificate authorities and payments solutions. We believe this
neutral position enables our products and services to function as an
independent clearinghouse and complement the infrastructure of entities that
issue digital certificates, authorize transactions and process electronic
payments. Our approach allows our customers to continue to use their
investments in digital certificates and electronic payment applications. We
have established an interoperability lab to ensure the current and future
compatibility of our software products with major certificate authorities,
software applications and platforms, including electronic payments systems. We
also host open trials for industry-standard protocols to promote vendor
interoperability and demonstrate our technical leadership in these areas.

Broad application and platform support. We have developed a range of
software modules that may be integrated with popular third party software
applications to enable support for secure transactions. Our software
development toolkits are designed to enable application developers and platform
vendors to rapidly and easily add validation and digital receipt capabilities
to their products and services. Our open standards approach allows us to
establish a network of strategic alliances with software application,
certificate authority and platform vendors to ensure broad support for our
products and services. We believe this network increases the value of our
products and services to our customers and provides us with opportunities to
increase our brand awareness and distribution.

Interoperability and adoption of open standards. Our software products and
services support major industry standards and protocols. All of our products
and services support the major certificate validation protocols. These
protocols include: certificate revocation list, certificate revocation list
distribution point, and online certificate statues protocol. We believe we are
the only company that provides support for these validation protocols in a
single set of products and services. We co-authored and provided one of the
first commercial implementations of online certificate status protocol, which
is a widely adopted validation protocol. Our digital receipt technology
supports the extensible markup language standard, thus leveraging this
standard's broad appeal of facilitating the exchange of information between
disparate computer systems and applications. Our secure data transfer products
support the HTTP, FTP and SSL protocols

Strategy

Our objective for at least the next 12 months is to further extend our
position as a leading provider of a wide range of software products and
services for use by organizations to conduct valid, secure and provable e-
transactions. Key elements of our strategy include:

Extend technology leadership and product development. We intend to extend
our technology leadership by continuing to invest in research and development,
and by actively participating in industry standards setting organizations. We
expect to continue to develop and acquire open, flexible and scalable
technologies that can enhance a transaction stream, and to improve our internal
best practices and controls to maintain the security and integrity of our
operations. We participate in a number of standards setting organizations,
including the Internet Engineering Task Force, UDDI (Universal Description,
Discovery, Integration Project), the Wireless Application Protocol forum and
the Raddichio consortium for mobile security standards. We believe that our
participation in these groups influences industry standards and gives us
valuable insight into new technology developments and emerging market
opportunities.

Further establish ValiCert in key industry segments. We have initially
targeted organizations in the financial services, government,
telecommunications and health care segments. These businesses are transaction-
intensive and have a high requirement for security. For example, our software
products and services are used by financial services organizations such as
Identrus and Barclays B2B.com, government agencies such as the

8


United States Postal Service, health care companies such as Aetna, and
telecommunications companies such as NTT Communications. By taking advantage of
our experience in these key industry segments, we believe we are well
positioned to extend our presence in other industries as they rely more on the
Internet to conduct transactions and exchange information.

Expand focus on business solution oriented sales and marketing. As customers
seek specific solutions to solve their business problems and reduce their
operating costs, we are expanding the focus of our marketing activities to
include the development of solutions that articulate clear return-on-investment
for customers. We believe this expanded solutions focus will result in an
increased number of customers that we can reference, and to increase revenue
predictability. While we will continue to market our secure infrastructure, and
components of such infrastructure, we realize that specific industries have
special needs and face unique challenges. From a sales and marketing
perspective, we can customize and package our secure infrastructure components
to meet the special needs of a given market. We have initially focused our
solution initiatives on the business challenges faced in the areas of trade
finance, treasury and cash management, health insurance claims processing and
product collaboration. We anticipate that over time we will develop solution
initiatives in other areas.

Expand global distribution channels. We intend to continue to expand our
global marketing and distribution efforts to address a wide range of markets
and applications for secure infrastructure solutions. We plan to increase the
number of direct sales personnel we have in Europe, Asia and the Americas. We
plan to expand our network of distributors, including software vendors and
system integrators, who either include our software products and services in
their offerings or resell various elements of them. We have international sales
offices in Argentina, France, Hong Kong, Japan, The Netherlands, Singapore and
the United Kingdom, and continue to pursue additional global opportunities.

Grow our service provider business. As part of our marketing strategy, we
are establishing a network of service providers who offer trust services based
on our software products, technology and expertise. We believe that, over time,
this network will represent a global system to validate and notarize
transactions across geographic and organizational boundaries. Our service
provider customers include NTT Communications,
PricewaterhouseCoopers/beTrusted, Secom, Thomson-CSF/Cashware and Unisys. By
using the brand name and distribution power of these organizations, we believe
that we will be able to increase the adoption of our products and services in a
more sales-leveraged manner. We intend to add participants to this growing list
by targeting service providers in a number of markets. We believe that this
will create a network effect where the utility of this global system will
increase as it expands and will make it more valuable for current and new
participants.

Expand strategic alliances to broaden the use of our products and
services. To accelerate the widespread adoption of our products and services,
we have entered into technology, marketing or distribution alliances with
industry leaders. We have entered into these types of alliances with companies
that include Baltimore Technologies, Certicom, CMG, Gemplus, Entrust, IBM,
Microsoft, Netscape/iPlanet and TIBCO. We plan to expand on existing and
establish new strategic alliances with companies that will integrate our
technologies with their offerings and participate in joint marketing, training
and sales arrangements. We believe these alliances will enable us to accelerate
the adoption of our products and services.

Products

We offer end-to-end infrastructure software products and services that
combine an extensible, modular architecture with advanced security and
scalability to enable valid, secure and provable e-transactions. Our software
products and services are available in three deployment models: trusted
outsourced services; offerings for service providers and business-to-business
exchanges; and in-house software for enterprises. Our software products and
services operate on multiple platforms, including Windows NT, Solaris, AIX, HP-
UX, Linux and some mainframe environments. The pricing of our software products
and services consists of up front license fees, subscription fees based on
transaction volume and maintenance and support fees. Revenues from a typical
contract range from $25,000 to $400,000.

9


This table outlines our software products and services offering:



Product and Services Description
- ------------------------------------------------------------------------------

Validation Authority Products and Services
Enterprise VA Enterprise version of validation
software product
Certificate VA Base level original equipment
manufacturer version of
validation software product
Affiliate VA Service provider version of
validation software product
Validation Service Complete, outsourced or backup
managed validation service
- ------------------------------------------------------------------------------
Secure Data Transfer Products
SecureTransport Secure, reliable transport
software product
- ------------------------------------------------------------------------------
Digital Receipt Products and Services
Receipt Suite Enterprise version of digital
receipt software product
Receipt Affiliate Service provider version of
digital receipt software product
Receipt Service Complete, outsourced managed
digital receipt service
- ------------------------------------------------------------------------------
Document Authority Products and Services
Document Authority Enterprise version of secure
document collaboration software
product
Document Collaboration Service Complete, outsourced managed
document collaboration service
- ------------------------------------------------------------------------------
Professional Services Consulting services, product and
service training, and custom
development and support



Validation authority software products and services

We provide a comprehensive line of software products and services for the
high-performance validation of transactions. These products and services are
designed to enable customers to reduce the risks and costs related to the
misuse of invalid digital credentials and provide flexible extensions for
stateful validation. Stateful validation is a method of validation in which
contextual information is used with information on the validity of credentials.
This contextual information includes real-time credit status and purchasing
authority. Our validation authority software products and services are based on
our multi-protocol architecture which enables interoperability with leading
certificate authorities, directory services and business applications.

We offer these validation authority software products and services:
Enterprise VA, Certificate VA, Affiliate VA and Validation Service. We offer a
set of common component software products, VA Publisher, Validator Toolkit and
Validator Suite, to facilitate the implementation of our validation authority
products and services.

Validation Authority. Our Enterprise VA, Certificate VA and Affiliate VA
enable customers to offer validation capabilities in their transaction
infrastructure.

Enterprise VA Server. Our enterprise version validation server software
supports a wide range of validation protocols, including online certificate
status protocol, certificate revocation list and certificate revocation list
distribution points. Our Enterprise VA is also bundled with an ability for
customers to publish data on revoked credentials to our Validation Service for
backup and redundancy, data distribution or disaster recovery. Enterprise VA
licenses are specifically limited to in-house use by organizations.

Certificate VA Server. Our base level original equipment manufacturer
version of the Enterprise VA Server is designed to enable certificate authority
vendors to incorporate validation capabilities in their products. The
Certificate VA Server supports the online certificate status protocol
validation protocol and our own certificate validation mechanisms and has been
designed to be easily upgraded to the Enterprise VA Server.

Affiliate VA Server. This server software provides functionality that is
similar to our Enterprise VA Server but is designed for service providers and
business-to-business exchanges. We license our Affiliate VA Server for use by
third party trust service providers. Sometimes our service provider customers
are

10


contractually required to mirror their revocation data to our Global VA Service
and have the right to mirror the Global VA Service data to their local sites
for incorporation into their own service offering. This requirement is intended
to allow for efficient, global cross- validation among organizations.

Validation Service. The Validation Service is an outsourced managed
validation service that we host and operate. This service, which is available
24 hours a day, seven days a week from our secure data facility, is designed
for customers that wish to outsource the validation authority function to a
third party or validate transactions with entities outside their internal
boundaries. The Validation Service accepts data from various organizations that
wish to broadly distribute information about credentials that they have
revoked. With our certificate validation mechanisms, we can efficiently
distribute large volumes of revocation data on a worldwide basis to our service
provider customers. We believe that this capability enables us to cost-
effectively scale our global validation service business.

VA Common Components. VA Publisher, Validator Toolkit and Validator Suite
are included with all of our VA Suite and Validation Service offerings.

VA Publisher. Our VA Publisher is used to publish revocation data to a
validation authority server or service from a directory server or directly from
a certificate authority. In some cases, where we have strategic relationships
with certificate authority vendors, the VA Publisher is bundled with the
certificate authority to enable real-time publication of revocation data.

Validator Toolkit. Our Validator Toolkit is a software development toolkit
designed to allow for the rapid addition of validation capabilities into
applications which require stateful validation or use digital certificates
regardless of the issuing certificate authority. We license the toolkit to
independent software vendors to support our validation authority software
products and services.

Validator Suite. Our Validator Suite is a set of software modules that are
used for validation in popular web server, web client and e-mail applications.
We ship modules for Apache Stronghold Server, Netscape/iPlanet Enterprise
Server, Microsoft Address Book, Microsoft's Internet Explorer, Microsoft
Internet Information Server and Microsoft Outlook. We license some Validator
Suite modules to independent software vendors to include in their software.

Secure data transfer software products

Our secure data transfer software product line enables scalable,
confidential and secure data transfer over the Internet.

SecureTransport. Our secure data transfer software product line is designed
to give customers cost-effective, secure, confidential, reliable delivery of
large transaction files and documents. The products support commonly used data
transfer protocols, including file transfer protocol and hypertext transfer
protocol. The products can be used in a variety of business application
environments. Like our other software products and services, SecureTransport is
designed to work with a variety of certificate authorities.

Our secure data transfer software products consist of the SecureTransport
Server and the optional SecureTransport Client. Customers typically install the
SecureTransport Server at their local sites and can distribute the
SecureTransport Client to the entities with whom they conduct business. The
client software adds secure and reliable data transfer through a feature which
enables the rapid resumption of a data transfer in progress if a network
connection has been dropped. The client software supports sophisticated
scheduling of data transfers in a range of business applications.

The SecureTransport Server is integrated with our other software products
and services. We have linked SecureTransport and our digital receipt products
so that customers can automatically generate and archive an extensible markup
language digital receipt to record the event, time and date of a transfer, and
to store the contents of the document. We believe this capability helps make
our secure data transfer product ideal for use

11


in business-to-business exchanges which have largely standardized on the
extensible markup language business document format. This capability can also
facilitate the resolution of disputes relating to a data transfer and enhances
the use of the product for proof-of-compliance with some government
regulations, including the Health Insurance Portability and Accountability Act.

Digital receipt software products and services

We provide a comprehensive line of software products and services that
enables the secure creation, tracking and management of digital receipts. Our
standards-based receipts are digitally signed extensible markup language
documents that contain a customizable set of information about a transaction.
This information could include the identities of the parties involved, time and
date of the transaction, and goods and services purchased or sold. Our digital
receipt software products and services are designed to help customers lower
costs, facilitate dispute resolution and reduce fraud in transactions conducted
over the Internet. Our digital receipt software products and services are
designed to work with a wide variety of certificate authorities and electronic
payments solutions.

We offer these digital receipt software products and services: Receipt
Suite, Receipt Affiliate and Receipt Service.

Receipt Suite. Our enterprise software suite is used to create, track and
manage digital receipts. The suite consists of Receipt Notary Server, Receipt
Vault Server and Receipt Toolkit. The suite is bundled with an ability for
customers to automatically create Receipt Vault integrity reports and publish
them to the Receipt Service. This functionality provides our customers with a
means of determining whether archived receipt data has been tampered with or
corrupted. Receipt Suite licenses are specifically limited to in-house use.

Receipt Notary Server. Our server software records the primary elements of a
transaction and creates a tamper-proof digital receipt with a secure timestamp.
After the server generates the digital receipt, copies of the receipt are
stored in the Receipt Vault Server and may be sent to the parties involved in
the transaction through a variety of configurable means, including e-mail, file
transfer, or simple web page pictures.

Receipt Vault Server. Our server software stores large volumes of digital
receipts and provides comprehensive search and retrieval capabilities for
customers to use for dispute resolution, data mining and other purposes. All
items stored in the server are digitally signed and the entire contents of the
server can be periodically verified for integrity of the signatures and the
data which they protect. The server is designed to interface with high-
performance databases including Oracle 8i and NCR Teradata.

Receipt Toolkit. Our Receipt Toolkit is designed to quickly and easily add
digital receipt capabilities into electronic commerce and other applications
and provide interfaces to the Receipt Notary Server and Receipt Vault Server.
We provide the toolkit as part of the Receipt Suite. We provide and license it
to independent software vendors to support our digital receipt software
products and services.

Receipt Affiliate. This server software provides functionality that is
similar to our Receipt Suite but is designed for service providers and
business-to-business exchanges. Our Receipt Affiliate licensees can offer
digital receipt services directly to customers, including the issuance and
management of large volumes of digital receipts. The Receipt Affiliate is
increasingly licensed with our Affiliate VA Suite.

Receipt Service. Our Receipt Service is a complete, outsourced digital
receipt managed service offering. We operate our Receipt Service out of our
secure data facility for customers that desire turnkey, rapid implementation
and wish to take advantage of our infrastructure. The service is designed to
offer 24 hours a day, seven days per week availability.

12


Document collaboration software products and services

We provide a comprehensive line of software products and services for secure
collaboration and storage of electronic documents. These products and services
provide not only an application for securely storing, retrieving and
collaborating on electronic documents, but also offer the tools to manage the
information related to this process--including secure messaging, digital
signature-based approval, versioning control, and tamper-evident audit trails.
Our Document Authority software products and services utilize the components of
our infrastructure for securing electronic transactions. Components utilized
include digital certificate validation, digital receipting and, optionally,
secure data transport. Document Authority can store and exchange information in
any file format, and uses standard Web-browsers as an interface. For extra
security, optional digital signing hardware or software can be utilized.

Document Authority Server. Our Document Authority server allows businesses
to operate software for secure collaboration and storage of electronic
documents within their own information systems infrastructure.

Document Authority Service. Our Document Authority Service is a complete,
outsourced document collaboration managed service. We operate our Document
Authority Service out of our secure data facility for customers that desire
turnkey, rapid implementation and wish to take advantage of our infrastructure.
The service is designed to offer 24 hours, seven days per week availability.

Professional services

We offer a broad range of professional services to assist in site planning,
design, installation, integration, training and maintenance of our products and
services. Our professional services include consulting services, product and
service training, and custom development and support. We employ highly trained
professionals in the data networking, network security, cryptography and
network operations fields to deliver these services.

13


Sales and Marketing

We primarily target our software products and services to a variety of
transaction-intensive enterprises and service providers. As of December 31,
2000, we had over 130 customers.

This is the list of our top enterprise customers based on software license
and subscription fees and other services billings since January 1, 1998,
computed on a pro forma basis by including revenues billed by Receipt.com
before our acquisition of that company in December 1999. These customers have
purchased our products or services in 2000 or are ongoing customers.



Financial Services Retail
ABN AMRO Nike
BankOne
Barclay's Bank Technology / Internet
Canadian Imperial Bank of Commerce Apple Computer
The Chase Manhattan Bank Custom Technology Corporation
La Confederation des Caisses
Populaires Dell Computer Corporation
et d'Economie Desjardins du Quebec International Network Securities
Identrus LLC IT Security AG
Insurance Service Office Netscape/iPlanet
NASD TC TrustCenter GmbH
National City Corporation Trintech Technologies
S.W.I.F.T.
Visa USA Telecommunications
Wells Fargo Bank CMG Telecommunications
Hong Kong Post
Government
Federal Reserve Automated Services Other
US Navy Hanwha Corporation
Nippon Steel
Healthcare
Aetna Life Insurance Company
Blue Cross and Blue Shield


This is a list of our top service provider customers based on software
license and subscription fees and other services billings since January 1,
1998:



Financial Services Systems Integrators
Thomson-CSF/Cashware AddTrust
Daou Technology
Government Itouchu Technology-Science Corporation
United Arab Emirates/Etisalat PricewaterhouseCoopers
Secom Trust
Telecommunications Unisys
Bell Canada Emergis VR Secure
Global Crossing WiseKey


In fiscal 2000, no individual customer accounted for more than 10% of our
revenues. In fiscal 1999, Visa accounted for 21.7% of our revenues and
PricewaterhouseCoopers accounted for 14.1% of our revenues

Customers

These examples illustrate how customers use our software products and
services. These customer profiles are not intended to be an endorsement by
those customers of ValiCert or our software products and services.

14


Identrus LLC. Identrus LLC is a consortium of global financial institutions
that have joined together to create a secure infrastructure for business-to-
business electronic commerce. To help accomplish this goal, Identrus needed a
comprehensive business-to-financial institution authentication solution.
Identrus selected us to help address this need because of our scalable family
of validation authority software products and services, and our expertise in
developing transaction security technologies. Our Enterprise VA software
product is installed in multiple locations within the Identrus network to
validate the digital certificates that participating banks have issued using
multiple, distinct certificate authorities. The Identrus network uses our
software products and services to enable trading parties from around the world
to identify one another over the Internet, creating a means of validation in a
broad array of business-to-business electronic commerce applications.

Industry Canada. Industry Canada is responsible for managing access to the
radio frequency spectrum for the country of Canada. In October 1999, the agency
conducted Canada's first nationwide online spectrum auction, granting 258 radio
frequency licenses to twelve different companies. According to Industry Canada,
the online auction included bids exceeding Cdn. $170 million--which we believe
to be among the largest business-to-government electronic commerce transactions
ever to take place over the Internet. To ensure the speed and security of the
bid transactions, Industry Canada selected our Enterprise VA to validate the
credentials of auction participants. We were selected due to our high-
performance online certificate status protocol validation capabilities and our
ability to provide a secure audit trail for each of the bid transactions. Based
on the successful use of our Enterprise VA in this auction, Industry Canada is
planning to use our software for its upcoming personal communications services
auction for mobile wireless and related services.

Chase Manhattan Bank. Chase Manhattan Bank's treasury solutions division
provides treasury management services to corporations, financial institutions,
brokers and dealers and public sector organizations. To provide a secure,
Internet-based financial transaction and document delivery capability to its
customers, Chase integrated our SecureTransport software product into its
electronic commerce infrastructure. We were selected for our ability to deliver
a reliable, secure and scalable data transfer product.

The Hanwha Corporation. The Hanwha Corporation is one of the largest
conglomerates in South Korea with divisions in the chemical, trade,
construction, telecommunications, pharmaceuticals and information services
industries. To streamline its supply chain processes, Hanwha is converting its
electronic commerce infrastructure from dedicated private networks to the
Internet. To ensure proof of occurrence for purchase transactions, Hanwha is
using our Receipt Suite with its global procurement application. We were
selected due to our technology leadership, global presence and ability to
deliver a scalable, extensible software product offering for non-repudiation.

United States Postal Service. The United States Postal Service enables
faster, more efficient and secure communication between the United States
government and its citizens. The United States Postal Service has instituted
and planned a number of e-commerce initiatives, including the NetPost.Certified
program, that are designed to expedite the movement of documents online. In
connection with initiatives, the United States Postal Service will utilize our
Validation Authority, Secure Transport and Receipt suite to expedite the
movement of documents online and to ensure government agencies that those
documents are transmitted by authorized parties, remain confidential, and are
secured with auditable delivery while in transit. We were selected for our
operability to support secure and private electronic document delivery.

Strategic Alliances

As of March 15, 2001, we had over 40 strategic alliances with companies
including Baltimore Technologies, Certicom, CMG, Entrust, Gemplus, IBM,
Microsoft, Netscape/iPlanet, and TIBCO. The purpose of these alliances is:

. To promote the widespread adoption of our software products and services
through distribution arrangements;

. To ensure that third-party technologies interoperate effectively with our
software products and services; and

15


. To enable widespread application support for our software products and
services.

Baltimore Technologies. We have entered into worldwide marketing and
distribution agreements with Baltimore Technologies. Baltimore Technologies
resells our Enterprise VA software products to its customers. Baltimore
Technologies has also integrated our VA Publisher into its UniCert certificate
authority product to provide real-time publication of revocation data to our
software products and services. We also collaborate with Baltimore Technologies
on joint selling and marketing activities.

Certicom. We have entered into a marketing agreement with Certicom. As part
of this agreement, revocation data from the Certicom MobileTrust certificate
authority will be published to the ValiCert Validation Service. Through this
relationship, Certicom customers, including users of Wireless Transport Layer
Security, or WTLS, certificates, will be able to validate credentials used in
wireless transactions.

CMG. We have entered into marketing and distribution agreements with CMG
Wireless Data Solutions, formerly CMG Telecommunications. As part of the
agreement, CMG will integrate and distribute our digital certificate validation
and receipting technology with the CMG Wireless Service Broker suite. Through
this relationship, CMG customers and mobile users will be able to validate
credentials of services they transact with, and obtain paperless legal-grade
proof for their wireless transactions.

Entrust. We have entered into a marketing and interoperability agreement
with Entrust for our Validation Service and Enterprise VA. As part of this
agreement, we have extensively tested our products and services with Entrust's
public key infrastructure products to ensure compatibility. We have worked with
the Entrust sales force to help them promote our validation authority software
products and services to customers who require support for online certificate
status protocol, such as Identrus member banks.

Gemplus. We have entered into a marketing and technology integration
agreement with Gemplus S.A. As part of this agreement, ValiCert Validation
Authority and Digital Receipts Solutions will validate transactions secured by
GemXploreTM Subscriber Identity Module, or SIM, cards with on-board key
generations. This arrangement will provide wireless carriers with solutions
that are compliant with digital signature laws, and enable secure transactions
and non-repudiation.

IBM. We are a registered member of IBM's PartnerWorld Developer Program. We
have also entered into a software compatibility agreement with IBM. Under this
agreement, our Enterprise VA products have been tested for compatibility with
IBM's SecureWay Vault Registry and Trust Authority products. We are jointly
developing an approach to interface our products with IBM's products for the
financial services market. This initiative includes our validation authority
and digital receipt software products and IBM's middleware offerings, such as
MQSeries, WebSphere web application software platform and Tivoli SecureWay
Policy Director.

Microsoft. Our public root keys are included in the Microsoft Windows 2000
operating system and Internet Explorer 5.01 browser products. These root keys
are used by applications to ensure that digitally signed objects which are
generated at our Validation Service and Receipt Service are trustworthy and
have not been tampered with or corrupted. We have also joined the Microsoft
Security Solutions Provider program, which highlights our software products and
services and their compatibility with Microsoft products.

Netscape/iPlanet. We have entered into marketing and original equipment
manufacturer agreements with Netscape/iPlanet. Under these agreements, our
Certificate VA is bundled with every copy of the Netscape/iPlanet certificate
authority product, our VA Publisher has been integrated into Netscape/iPlanet's
certificate authority product for real-time publication of revocation data to
our software products and services, and a component of our Validator Suite is
bundled with every copy of Netscape/iPlanet's webserver. We have also entered
into distribution agreements for our secure data transfer and digital receipt
software products and services to be included with Netscape/iPlanet's business-
to-business electronic commerce offerings. We have also entered into an
agreement with Netscape/iPlanet to bundle our public root keys with the
Netscape browser and e-mail clients through December 2000.

16


TIBCO. We have entered into a marketing and technology integration agreement
with TIBCO. TIBCO plans to integrate support for our Validation Authority and
Receipt offerings with an upcoming version of its TIBCO ActiveExchangeTM
product suite. This integration will enable TIBCO customers to validate
credentials of transacting parties and provide non-repudiation while engaging
in commerce with other businesses, either directly or through intermediaries.

Customer Service, Training and Support

We believe that customer satisfaction is essential for our long-term
success. Our technical support group provides dependable and timely resolution
of customer technical inquiries and is available to customers by telephone,
email and over the web. We use a customer service automation system to track
each customer's inquiry until it is resolved. Our training services group
delivers education and training to our customers and partners. We offer a
comprehensive series of classes to our customers to provide them with the
knowledge and skills to successfully deploy, use and maintain our products.
These courses focus on the technical aspects of our products as well as related
business issues and processes. We regularly hold our classes in various
locations throughout the United States and in our training facilities at our
research and development headquarters in Mountain View, California.

Research and Development

We believe our future success will depend in large part on our ability to
develop new products, core technologies and enhancements to product lines. In
the past, we have developed our software products and services both
independently and through efforts with leading independent software vendors and
major customers.

As of December 31, 2000, we had 73 employees dedicated to research and
development. Research and development expenses were $1.7 million in 1998, $5.6
million in 1999 and $10.4 million in 2000. All development costs have been
expensed as incurred. Our research and development efforts are focused
primarily on:

. integrating our validation authority, secure data transfer, digital
receipt, transaction coordination and document collaboration products and
services,

. expanding addressable markets by way of internationalization,

. enhancement of existing product lines--Validation Authority,
SecureTransport, Digital Receipt Solutions--including development of new
features, ports to new operating systems and other enhancements.

. development of new products, such as the Document Authority.

. development of integrated business process and software solutions in the
B2B, Finance and Mobile electronic transaction spaces across product
lines. These solutions encompass one or more products and also involve
integration with selected partners, such as TIBCO.

. development and deployment of trust services, which are based on the
above products and solutions, in the ValiCert Trust Services secure data
center.

Our research and development personnel are active in standards-setting
bodies and have contributed to a number of standards in the Internet and data
security areas. We intend to continue recruiting and hiring experienced
research and development personnel and to make other investments in research
and development.

17


Intellectual Property

Legal protections

We rely upon a combination of intellectual property protection including
patents, copyrights, trademarks, trade secrets and licensing methods to protect
our proprietary technology and other proprietary rights. We also rely on
outside licensors, including RSA Security, for patent and software license
rights to encryption technology that is incorporated into and is necessary for
the operation of our products and services. Our success will depend on our
continued ability to have access to these or other technologies that are or may
become important to the functionality of our products. Any inability to
continue to obtain or use this technology could significantly harm our
operations.

Confidentiality agreements

It is our policy to require our employees and consultants to enter into
confidentiality agreements. We control access to and distribution of our
documentation and other proprietary information. The agreements provide that
all inventions created by an employee shall be our property. Despite our
efforts to protect our proprietary rights, unauthorized parties may attempt to
copy aspects of our products or to obtain and use information that we consider
proprietary. Policing unauthorized use of our products is difficult. While we
are unable to determine the extent to which piracy of our software products
exists. This piracy can be expected to be a persistent problem, particularly in
international markets and because of the growing use of the Internet. We cannot
assure you that our trade secrets or confidentiality agreements will provide
meaningful protection of our proprietary information. We cannot assure you that
others will not independently develop similar technologies or duplicate any
technology developed by us. Our technology could infringe upon the patent
rights of others. Legal protections of our rights may be ineffective in foreign
countries where intellectual property does not have the protection it does in
the United States. Our inability to protect our proprietary rights could harm
our business.

Patents

We own one issued patent and have filed seven United States and foreign
applications and other foreign applications for patents covering our
technology. We cannot assure you that our pending or future patent applications
will issue or that any patents that issue will be enforceable or valid. The
coverage claimed in a patent application can be significantly reduced before
the patent is issued. Our failure to protect our intellectual property in a
meaningful manner could materially harm our operations. Litigation may be
necessary in the future to enforce our intellectual property rights, to protect
our trade secrets or to determine the validity and enforceability of the
patents of others. Any litigation could result in substantial costs and
diversion of management and technical resources and could harm our business.

Even if patents are issued, they may not adequately protect our technology
from infringement or prevent others from claiming that our technology infringes
their patents. Parties making these claims may be able to obtain injunctive or
other equitable relief that could block our ability to further develop or
commercialize some or all of our products in the United States and abroad. If a
claim of infringement is filed, we may be required to obtain one or more
licenses from or pay royalties to third parties. We cannot assure you that we
will be able to obtain these licenses at a reasonable cost, if at all. Defense
of any lawsuit or failure to obtain any of these licenses could hurt our
business. We are aware of one patent application which, if granted, could
result in a claim of infringement against us. However, if this were to occur,
we believe that we have access to alternative technologies which would enable
us to deliver our products even if a claim of infringement were successfully
brought against us.

18


Competition

Our security infrastructure products and services address the new and
rapidly evolving market for trusted and secure transactions over the Internet.
The market for our products and services is intensely competitive and subject
to rapid change. A small number of competitors offer a wide range of security
products and services, some of which are directly competitive with our products
and services.

Validation authority software products and services

We compete primarily with companies offering commercial certificate
authority products and services such as CertCo, Computer Associates, Entrust,
VeriSign and Xcert.

Secure data transfer software products and services

We compete with Internet electronic data interchange companies such as
CommPress, Harbinger and Sterling Commerce, and with companies offering
document delivery and storage products and services such as Critical Path,
PostX and Tumbleweed Communications.

Digital receipt software products and services

We compete with transaction middleware companies, companies that offer
timestamping services, online notarization or point of sale integrated
solutions and payment companies. These competitors include @POS, FirstUse, JCP,
Surety and VeriSign. Many companies may choose to develop their own security
products and services in-house.

Document collaboration software products and services

We compete with document management, secure messaging and Internet-based
document handling companies. These competitors include companies such as
Documentum, DocuTouch , iLumin and Tumbleweed Communications.

Competitive factors

We believe that the principal competitive factors in our market are
interoperability, completeness of solution, flexibility, neutrality, customer
service and support, ease of use and speed of implementation.

Although we believe that we compete favorably with our competitors based on
these factors, we cannot assure you that we can maintain our competitive
position against current and potential competitors. Several of our current and
potential competitors have longer operating histories and significantly greater
financial, technical, marketing and other resources than we do and may be able
to respond more quickly than we can to new or changing opportunities,
technologies, standards and customer requirements. Many of these competitors
also have broader and more established distribution channels that may be used
to deliver competing products or services directly to customers which could
substantially reduce demand for our products and services. Browser companies
that embed our public root keys or feature us as a provider of digital
certificate solutions in their web browsers or on their websites could also
promote our competitors, charge us substantial fees for these promotions in the
future, or terminate their relationship with us.

New technologies and the expansion of technologies may increase the
competitive pressures on us. We cannot assure you that competing technologies
that others develop or the emergence of new industry standards will not
adversely affect our competitive position or cause our Internet-based security
services or technologies to become noncompetitive or obsolete. Our competitors
in particular segments of the security marketplace may in the future broaden or
enhance their products to provide a more comprehensive offering than ours. We
may also compete in the future for sales of our software products and services
against our original equipment manufacturer licensees, who resell our products
and services under their own brand names. We may not be able

19


to compete effectively with current or future competitors and competitive
pressures that we face could materially harm our business.

Technology

We have built both open and proprietary mechanisms into our core technology,
which forms the foundation for our products and services. Some of the key areas
where we have developed technology enable:

. Efficient distribution of certificate revocation data;

. Real-time access to data repositories during the validation process;

. Automation of data transfer between disparate applications;

. Fault-tolerant, high-integrity data transfer over unreliable
communication lines;

. Efficient storage and fast search and retrieval of large volumes of
extensible markup language documents;

. Secure collaboration of electronic documents.

Certificate Validation Mechanisms. Our certificate validation mechanisms
allow us to efficiently distribute large amounts of certificate revocation data
on a global basis using most of the currently accepted validation protocols. We
use our certificate validation mechanisms to distribute our revocation data to
enterprise customers, service provider customers and our own servers at remote
locations to provide regional validation capabilities across the globe. Another
benefit of our certificate validation mechanisms is that the remote locations
where we host certificate revocation data do not require secure facilities such
as those we have built in our Mountain View, California, facility. We believe
this enables us to scale our operations globally at a substantially lower cost
than our competitors.

Stateful Validation. Our stateful validation technology allows for
customized software modules to be developed for our validation authority
products and services. These modules can interface with external systems to
enable the use of contextual information, such as credit histories, purchase
authorization, or access controls, with the validation process. Interfacing
through our stateful policy application program interfaces, these modules do
not require modification of our software products or services to be
implemented, which we view as a strong competitive advantage.

Agent Extension Mechanisms. We have developed technology that allows for
customized software modules to be developed for our secure data transfer
products. These modules can be automatically invoked at any stage of data
transmission or based on events such as a file transfer initiation or file
transfer completion. These modules allow for the addition of capabilities such
as virus scanning of files and file format conversion.

Automatic Restart. Our secure data transfer engine incorporates technology
that allows for the automatic and rapid resumption of a previously interrupted
data transfer. This capability is essential for customers that wish to utilize
the Internet to efficiently and reliably transfer large data files.

Extensible Markup Language to Relational Schema Mapping. We have developed
technology that allows us to store our extensible markup language-based
documents, such as digital receipts, in our Receipt Vault, which has a database
at its core. This technology can automatically parse an extensible markup
language document and map the individual data fields on to a relational
database schema for fast and efficient storage, manipulation and retrieval of
large volumes of extensible markup language documents.

Network operations and trust infrastructure

We have made significant investments in developing our network operations
and infrastructure capabilities, including construction of a secure data center
which is designed to exceed typical commercial

20


security requirements. The key elements of our data center design include data
redundancy, a highly scalable architecture, advanced control and audit
capabilities, reliance on multiple Internet service providers and use of
carrier-class equipment. Our network operations procedures encompass techniques
for achieving high security, reliability, and scalability in a continuously
online data center. Our network operations center serves as the hub for our
worldwide operations and service delivery and is the central point for data
exchange with our Affiliate VA customers. A number of our customers also rely
on the network operations center infrastructure to provide a backup for their
transaction data.

Our transaction services architecture offers automatic failover, capacity
monitoring, security auditing, and load balancing for critical services. To
support this level of security, we have adopted a number of network security
measures including periodic audits and reviews by third parties and
incorporated a variety of provisions such as redundant power supplies. We have
designed and constructed our secure network operations center facility to
mirror the best practices in commercial security establishments, including:

. Physical construction techniques, such as eavesdrop-resistant enclosures,
and constant security monitoring to create and deliver a robust level of
protection to the site;

. Use of sophisticated access control systems, including biometrics, audit-
ready video recording, and motion and glass break detection systems;

. Use of tamper-proof, multi-party access controlled cryptographic devices
for secure data transmissions;

. Use of employee background checks and separation of duties for our
personnel; and .

. Ongoing policy and practices control and review processes.

Our data center and related operations function as a secure, distributed 24
hours a day, seven days a week service. To protect from catastrophic failure
situations, we are evaluating business resumption sites.

Employees

As of December 31, 2000, we had 208 employees, of which 73 were employed in
research and development, 74 were employed in sales and marketing, 39 were
employed in operations and customer support and 22 were employed in general and
administration. None of our employees is subject to a collective bargaining
agreement and we have never experienced a work stoppage. We believe our
relations with our employees are good. Our ability to achieve our financial and
operational objectives depends in large part upon our continued ability to
attract, integrate, train, retain and motivate highly qualified sales,
technical and managerial personnel, and upon the continued service of our
senior management and key sales and technical personnel, none of whom is bound
by an employment agreement. Competition for qualified personnel in our industry
is intense, particularly in the San Francisco Bay Area.

ITEM 2. PROPERTIES

Our principal executive and administrative offices are located at 339 N.
Bernardo in Mountain View, California, where we lease approximately 48,000
square feet. This lease expires April 2007. We also sublease an additional
facility in Mountain View, California, of approximately 25,000 square feet.
This sublease expires February 2003. We believe that our facilities are
adequate for our needs and that suitable additional or alternative space will
be available in the future on commercially reasonable terms to meet any
additional needs.

ITEM 3. LEGAL PROCEEDINGS

We are not presently involved in any legal proceedings.

ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS

Not applicable.

21


PART II

ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY AND RELATED STOCKHOLDER MATTERS

Our common stock is traded on the Nasdaq National Market under the symbol
"VLCT." Our initial public offering of stock was July 28, 2000 at $10.00 per
share. The price range per share from July 28, 2000 through December 31, 2000
was $27.875 at the highest and $4.50 at the lowest sale price for our stock as
reported by the Nasdaq National Market. Our present policy is to retain
earnings, if any, to finance future growth. We have never paid cash dividends
and have no present intention to pay cash dividends. On March 15, 2001, there
were approximately 399 stockholders of record.




Period From
Jul. 28, 2000 Three Months
(IPO) to Ended
Sep. 30, 2000 Dec. 31, 2000
------------- -------------

Price range per share
Low............................................ $ 8.875 $ 4.500
High........................................... $27.875 $21.875


After deducting the underwriting discounts and commissions and the offering
expenses, we received net proceeds from the offering of approximately $41.1
million. The net offering proceeds have been used for general corporate
purposes, to provide working capital to develop products and to expand our
operations. Funds that have not been used have been invested in money market
funds, certificate of deposits and other investment grade securities. We also
may use a portion of the net proceeds to acquire or invest in businesses,
technologies, products or services.

ITEM 6. SELECTED FINANCIAL DATA



Period From
February 6, 1996 Year Ended December 31,
(Inception) to -----------------------------------
December 31, 1996 1997 1998 1999 2000
----------------- ------ ------- -------- --------
(in thousands, except per share amounts)

Total revenues.......... $ -- $ -- $ 60 $ 1,635 $ 11,828
Operating loss.......... $ (493) $ (523) $(4,093) $(13,098) $(28,939)
Net loss................ $ (493) $ (530) $(3,990) $(12,802) $(28,327)
Net loss per share--
basic and diluted...... $(1.01) $(0.85) $ (8.01) $ (48.86) $ (2.76)
Shares used in net loss
per share--basic and
diluted................ 487 623 498 262 10,282
Total assets............ $ 140 $ 627 $ 2,436 $ 37,692 $ 59,806
Long-term obligations,
excluding current
portion................ $ -- $ 50 $ -- $ 2,240 $ 2,056
Redeemable convertible
preferred stock......... $ 465 $ 465 $ 6,748 $ 34,256 $ --


22


ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS
OF OPERATIONS

The following discussion and analysis of our financial condition and results
of operations should be read in conjunction with "Selected Financial Data" and
our consolidated financial statements and related notes appearing elsewhere in
this report. This discussion and analysis contains forward-looking statements
that involve risks, uncertainties and assumptions. The actual results may
differ materially from those anticipated in these forward-looking statements as
a result of certain factors, such as those set forth under "Factors That May
Impact Future Results".

Overview

Business

We develop and market software products and services that organizations use
to conduct valid, secure and provable transactions over the Internet. From 1996
through 1998, we primarily focused our activities on:

. conducting research and development,

. raising capital,

. recruiting personnel and

. establishing distribution channels for our software products.

We started commercial shipments of our validation authority software
products during the first quarter of 1999, and substantially all of our
revenues have come from the licensing of our validation authority products. We
also offer secure data transfer products and digital receipt products and
services which we obtained from our acquisition of Receipt.com in December
1999. As of December 31, 2000, we had over 130 customers, including Hanwha
Corporation, PricewaterhouseCoopers, Society for Worldwide Interbank Financial
Telecommunication, or S.W.I.F.T., Unisys and Visa.

The general terms of our contracts

We sell our products and services to enterprise end users who use them to
conduct business within their organization and with their trading partners. Our
contracts with enterprise end users for our validation authority and digital
receipt products include a renewable subscription fee that entitles them to
validate or notarize a stated number of transactions during a specified period
and receive maintenance and support services. These customers are required to
renew their subscription to continue using our products and services after
expiration of the initial period. Enterprise end users who purchase our secure
data transfer products enter into perpetual license arrangements for an up
front fee and contract for annual maintenance and support.

We also sell our products and services to service provider customers who use
them to implement their branded validation and digital receipt products and
services. Our contracts with these customers specify a combination of an
initial software license fee, a renewable subscription fee providing rights
similar to those received by corporate end users, and optional maintenance and
support fees.

Revenue recognition policy

During the second quarter of 2000, we introduced new contract arrangements
with our enterprise end-user and service provider customers which require us to
provide additional services during the subscription period. The fees relating
to additional services will be recognized ratably over the subscription period,
typically one year. By contrast, our previous contract arrangements, which did
not require ongoing service obligations, typically resulted in recognition of
license revenues upon product shipment. Under these new arrangements the

23


customer is entitled to receive services and use the license over the license
term or the utilization of a stated number of transactions, if earlier. The fee
for the additional services is recognized ratably over the license term and
accelerated if the customer utilizes the stated maximum number of transactions
before the expiration of the term. Upon the earlier of the expiration of the
license term or utilization of the specified transactions, the customer will be
required to pay an additional fee if the customer desires to continue to use
the software. It is not our intention to grant any concessions for
underutilized transactions.

Our revenues come from software license fees, subscription fees, consulting
services, and maintenance and support. Software license revenues are comprised
of upfront fees for the use of our software products. We recognize revenue from
license fees when:

. an agreement has been signed,

. the product has been delivered,

. vendor-specific objective evidence exists to allocate a portion of the
total fee to any undelivered elements of the arrangement,

. the fee is fixed or determinable, and

. collectibility is probable.

When we deliver our software products electronically, we consider the sale
complete when we provide the customer with the access codes for immediate
possession of the software. When contracts contain multiple product and service
elements, we account for the revenue related to these elements using the
residual method as current accounting standards require. We recognize revenues
when the fees are fixed and determinable. For those arrangements that include
fees that may not be fixed or determinable at the time of shipment, we
recognize revenue when these fees are due and payable. If we do not consider
collectibility probable, we recognize the revenue when the fee is collected.

If maintenance and support or consulting services are included in a license
agreement, amounts related to these services are allocated based on vendor-
specific objective evidence. We recognize future subscription fees ratably over
the related service period. Customer contracts that require delivery of
unspecified additional software products in the future are accounted for as
subscriptions, and we recognize this revenue ratably over the term of the
arrangement beginning with the delivery of the first product. We recognize
consulting revenue as these services are provided to the customer. We recognize
revenue from maintenance and support arrangements on a straight-line basis over
the life of the agreement, which is typically one year.

Acquisition of Receipt.com

In executing our product development plans, we consider both internal
research and development and the acquisition or licensing of emerging
technologies from third parties. We believe that time-to-market is critical to
success in the rapidly evolving Internet security infrastructure market, where
we must compete with well-established companies and where our products must
integrate with the predominant operating systems and network protocols within
the enterprise computing environment. We must continually evaluate whether it
is more efficient and effective to develop a given solution internally, or to
license or acquire a technology. We acquired Receipt.com in December 1999 for
approximately $17.6 million in common and preferred stock and the assumption of
liabilities. We accounted for the acquisition using the purchase method of
accounting. Receipt.com is a provider of secure data transfer software and, at
the date of acquisition, was in the process of developing its digital receipt
software product.

We have incurred substantial costs to develop our technologies and software
products, to recruit and train personnel for our engineering, sales and
marketing and technical support organizations, and to establish an

24


administrative department. We have incurred net losses in each year of
operation and had an accumulated deficit of $46.2 million as of December 31,
2000. We expect that our operating expenses will increase substantially in
future periods as we continue to grow our domestic and international sales and
marketing organizations, increase research and development, broaden technical
support services and expand our data center operations. We also expect to incur
non-cash expenses relating to amortization of deferred stock compensation,
goodwill and other intangible assets. We have incurred losses and expect to
continue to incur losses.

Results of Operations

Fiscal Years Ended December 31, 2000, 1999 and 1998

Revenues



% Change
------------
2000 1999 1998 99/00 98/99
------- ------ ----- ----- -----
(in thousands)

Software licenses......... $ 8,368 $ 874 $ 60 857% 1,357%
Subscription fees and
other services........... 3,460 761 -- 355% --
------- ------ -----
Total revenues.......... $11,828 $1,635 $ 60 623% 2,625%
======= ====== =====

Sources of revenue as a percent of total revenue


2000 1999 1998
------- ------ -----

Software licenses......... 70.7% 53.5% 100.0%
Subscription fees and
other services........... 29.3% 46.5% --

Total revenues increased to $11.8 million for 2000 from $1.6 million for
1999 and $60,000 for 1998. Revenues increased significantly in 2000 from 1999
and 1998 due to higher sales of our Validation Authority products and services,
Secure Data Transfer products and various professional services. During 2000,
we also introduced the Digital Receipt and Document Authority products and
services. In addition, we experienced significant growth in international
markets and expanded our international affiliate network during 2000.

Software license revenues accounted for 70.7% of our total revenues for the
2000 compared to 53.5% for 1999. Subscription fees and other service revenues
accounted for 29.3% of our total revenues for 2000 compared to 46.5% for 1999.

Cost of revenues


% Change
------------
2000 1999 1998 99/00 98/99
------- ------ ----- ----- -----
(in thousands)

Software licenses......... $ 1,199 $ 93 $ 3 1,189% 3,000%
Subscription fees and
other services........... 5,899 134 -- 4,302% --
------- ------ -----
$ 7,098 $ 227 $ 3
======= ====== =====

Cost of revenues as a percent of related revenue


2000 1999 1998
------- ------ -----

Software licenses......... 14.3% 10.6% 5.0%
Subscription fees and
other services........... 170.5% 17.6% --



25


Cost of software license revenues. Cost of software license revenues
increased to $1.2 million for 2000 from $93,000 for 1999 and $3,000 for 1998.
Cost of software license revenues consists primarily of costs associated with
certain technologies imbedded into our products including royalty expenses,
depreciation of software license fees and amortization of prepaid maintenance
and support. Cost of software license revenues increased in 2000 from 1999 and
1998 primarily due to the growth in revenues.

Cost of software license revenues, as a percentage of total revenue, was
14.3% for 2000, 10.6% for 1999 and 5.0% for 1998.

Cost of subscription fees and other service revenues. Our cost of
subscription fees and other services revenues increased to $5.9 million for
2000 from $134,000 for 1999 primarily due to the inclusion of data center costs
for the first time in 2000. The data center became available for commercial
operation at the end of December 1999 and as a result, beginning in the first
quarter of 2000, our cost of subscription fees and other services revenues
includes the costs of operating our secure data center. These costs include
salaries and other personnel-related costs, depreciation, telecommunications
and other costs of operating and maintaining a secure data center. As we
continued to hire additional professional services organization and technical
support personnel, our cost of subscription fees and other service revenues
increased during 2000 because of increased salaries and other personnel-related
costs. As a percentage of subscription fees and other services revenues, cost
of subscription fees and other services revenues was 170.5% for 2000 as
compared to 17.6% for 1999.

Operating expenses



% Change
--------------
2000 1999 1998 99/00 98/99
------- ------ ------- ------- -----
(in thousands)

Research and development............ $10,389 $5,608 $1,728 85.3% 224.5%
Sales and marketing................. 13,788 4,583 1,445 200.9% 217.2%
General and administrative.......... 4,004 1,373 977 191.6% 41.0%
Amortization of goodwill and
intangible assets.................. 3,222 -- -- -- --
Amortization of stock compensation.. 2,266 162 -- 1,298.8% --

Operating expenses as a percent of total revenue


2000 1999 1998
------- ------ -------

Research and development............ 87.8% 343.0% 2,880.0%
Sales and marketing................. 116.6% 280.3% 2,408.3%
General and administrative.......... 33.9% 84.0% 1,628.3%
Amortization of goodwill and
intangible assets.................. 27.2% -- --
Amortization of stock compensation.. 19.2% 9.9% --


Research and development. Research and development expenses increased to
$10.4 million for 2000 from $5.6 million for 1999, an increase of 85.3%. Of
this increase, $4.4 million related to salaries and other personnel-related
costs and $596,000 related to facilities costs. Research and development
expenses as a percentage of total revenues were 87.8% for 2000. Our research
and development staff increased to 73 at December 31, 2000 from 36 at December
31, 1999. Research and development expenses increased to $5.6 million for 1999
from $1.7 million for 1998, an increase of 224.5%. Of this increase, $1.7
million related to salaries and other personnel-related costs, $778,000 related
to facilities costs and $777,000 related to fees for consultants and
contractors. Research and development expenses as a percentage of total
revenues were 343.0% for 1999 as we continued to expand our research and
development organization. Our research and development staff increased to 36 at
December 31, 1999 from nine at December 31, 1998. We expect that research and
development expenses will continue to increase in absolute dollars, but will
fluctuate as a percentage of total revenue for the foreseeable future.

26


Sales and marketing. Sales and marketing expenses increased to $13.8 million
for 2000 from $4.6 million for 1999, an increase of 200.9%. Of this increase,
$5.5 million related to salaries and other personnel related costs, $1.2
million related to marketing programs and $773,000 related to travel. In 2000,
we opened four sales offices in the United States as well as an office in Hong
Kong. Sales and marketing expenses increased to $4.6 million for 1999 from $1.4
million for 1998, an increase of 217.2%. Sales and marketing expenses as a
percentage of total revenues were 280.3% for 1999. As we continued to hire
additional sales and marketing personnel, our sales and marketing costs
increased during 1999 because of increased salaries and other personnel-related
costs. In 1999, we opened seven sales offices in the United States as well as
offices in Amsterdam, Paris and Tokyo. We expect that sales and marketing
expenses will continue to increase in absolute dollars, but will fluctuate as a
percentage of total revenue for the foreseeable future.

General and administrative. General and administrative expenses increased to
$4.0 million for 2000 from $1.4 million for 1999, an increase of 191.6%. Of
this increase, $1.4 million related to salaries and other personnel related
costs, $387,000 related to facilities and $305,000 related to consulting and
outside services. General and administrative costs as a percentage of total
revenues were 33.9% for 2000. General and administrative expenses increased to
$1.4 million for 1999 from $1.0 million for 1998, an increase of 41.0%, due to
increases in salaries and other personnel-related costs to support the
increased level of business activities and requirements of public companies.
General and administrative costs as a percentage of total revenues were 84.0%
1999. We expect that general and administrative expenses will continue to
increase in absolute dollars, but will fluctuate as a percentage of total
revenue for the foreseeable future.

Acquired in-process research and development. Acquired in-process research
and development of $2.8 million was incurred in 1999 for our acquisition of
Receipt.com and was charged to expense because technological feasibility had
not been achieved. We believe that at the date of the acquisition, Receipt.com
had completed approximately 60% of the research and development of a system
that stores the digital signatures of the sender and receiver and provides a
verifiable time stamp for each transaction. The remaining efforts for the
development of the digital receipt technology included completion of software
development in several key areas. The key areas are:

. management, reporting and access to receipts in the server vault;

. application program interfaces; and

. the completion of a toolkit for developers who need to add digital
receipt functionality to their applications.

We incurred approximately 30 person-months of additional development after
the acquisition to complete the initial development of the receipt technology
in March 2000:

. estimating the costs to develop the purchased in-process technology into
a commercially viable product;

. estimating the resulting net cash flows from the product; and

. discounting the net cash flows to their present value.

The revenue projections that were used to value the acquired in-process
research and development were based on estimates of relevant market sizes,
growth factors and expected trends in technology. Operating expenses were
estimated based on historical results and anticipated profit margins. The rates
utilized to discount the net cash flows to their present value were based on
cost of capital calculations. Due to the nature of the forecast and risks of
the projected growth, profitability and the developmental nature of the product
at the time of the acquisition, we used a discount rate of 27.5% to value the
acquired in-process research and development. We determined that this discount
rate was appropriate for this product development and the uncertainties in the
economic estimates described above.

Amortization of goodwill and intangibles. Amortization of goodwill and
intangibles, relating to the acquisition of Receipt.com, was $3.2 million for
2000.

27


Amortization of stock compensation. Deferred stock compensation represents
the difference between the exercise price of the stock options granted and the
estimated fair value market value of the underlying common stock on the date of
the grant. As of December 31, 2000, we had recorded deferred stock option costs
of $3.7 million for stock options we assumed as part of our acquisition of
Receipt.com and an additional $6.0 million related to the grant of other
employee stock options (net of $475,000 stock options canceled for terminated
employees). Deferred stock compensation costs are being amortized over
approximately four years through September 30, 2004, which resulted in an
expense of $2.3 million during 2000 and $162,000 during 1999.

Interest income (expense), net. Interest income increased to $1.5 million
for 2000 from $477,000 for 1999, primarily due to interest earned on the
proceeds from our initial public offering in July 2000. Interest expense and
other expenses for 2000 increased to $858,000 from $181,000 from 1999,
primarily due to interest on our equipment loans and leases, and a charge to
write down the value of an option to acquire securities and partially due to
losses on foreign currency translation adjustments. Interest income increased
to $477,000 for 1999 from $125,000 for 1998, primarily due to interest earned
on the proceeds from the August 1999 private placement of our preferred stock.
Interest expense for 1999 increased to $181,000 from $22,000 for 1998 due to
interest on our equipment loans and leases.

Income taxes. We have incurred net losses for federal and state tax purposes
and have not recognized any material tax provision or benefit. As of December
31, 2000, we had net operating loss carryforwards of $40.8 million for federal
income tax purposes and $23.9 million for state income tax purposes. These net
operating loss carryforwards expire at various times through 2020 if they are
not used.

We have taken a valuation allowance against our net deferred tax assets to
reduce them to amounts that we believe are more likely than not to be realized.
The allowance totaled $17.5 million at December 31, 2000, resulting in no net
deferred tax asset. We evaluate on a quarterly basis the recoverability of net
deferred tax assets and the level of the valuation allowance. When it is
determined that it is more likely than not that the net deferred tax assets are
realizable, we will reduce the valuation allowance.

Liquidity and Capital Resources

Funding to date

In July 2000, the Company sold 4,000,000 shares of common stock in an
underwritten public offering and in August 2000 sold an additional 600,000
shares through the exercise of the underwriters' over-allotment option for net
proceeds of approximately $41.1 million at a price of $10.00 per share.

Prior to our initial public offering, we financed our operations through the
private sale of our equities securities with aggregate net proceeds of
approximately $30.0 million. At December 31, 2000, we had cash and cash
equivalents of $37.5 million and a secured bank credit line of $1.0 million. We
have pledged substantially all of our assets, including patents and other
intellectual property, to secure borrowings under this facility. The bank
credit line requires us to maintain a defined quick ratio of 2.5 and a tangible
net worth of $5.0 million. At December 31, 2000, we were in compliance with
these financial covenants. We anticipate using available cash to provide
working capital and otherwise fund our operations and to purchase capital
equipment and make leasehold improvements.

Uses of cash

Net cash used in operating activities of $18.0 million in 2000, $6.6 million
in 1999 and of $3.8 million in 1998 was primarily used to fund our net losses.
Net cash used for operating activities in 2000 related primarily to a net loss
of $28.3 million and an increase in accounts receivable of $2.4 million
partially offset by non-cash depreciation and amortization expenses of $7.6
million and other changes in working capital.

28


Net cash used in investing activities was $510,000 in 2000, $4.4 million in
1999 and $855,000 in 1998. Net cash used in investing activities in 2000
primarily related to capital equipment expenditures partially offset by the
sale of short-term investments. Capital equipment expenditures primarily
related to the purchase of computer hardware and software, office furniture and
equipment, and leasehold improvements. We expect continued increases in capital
expenditures and lease commitments due to growth in operations, infrastructure
and personnel.

Future funding requirements

We expect to experience continued growth in our operating expenses,
particularly sales and marketing expenses, and our capital expenditures to
execute our business strategy. We anticipate that these operating expenses and
planned capital expenditures will constitute a material use of our cash
resources. We may utilize cash resources to fund acquisitions of, or
investments in, complementary businesses, technologies product lines.

We believe that our existing cash and cash equivalents and borrowing under
our credit facilities will be sufficient to meet our working capital needs for
at least the next twelve months. After that, we may require additional funds.
We may not be able to obtain adequate or favorable financing at that time. Any
additional financing may dilute the ownership interest of our then-current
stockholders. New equity securities could have rights senior to those of our
common stock holders.

Recent Accounting Pronouncements

In June 1998, the Financial Accounting Standards Board, or FASB, issued
Statement of Financial Accounting Standards No. 133, Accounting for Derivative
Instruments and Hedging Activities (SFAS 133). SFAS 133 establishes new
accounting and reporting standards for derivative financial instruments and for
hedging activities. SFAS 133 requires the Company to measure all derivatives at
fair value and to recognize them in the balance sheet as an asset or liability,
depending on the Company's rights or obligations under the applicable
derivative contract. In June 2000, the FASB issued SFAS 138, Accounting for
Certain Derivative Instruments and Certain Hedging Activities--An Amendment to
FASB Statement No. 133, which amended certain provisions of SFAS 133. The
amendments, among other things, allow foreign-currency denominated assets and
liabilities to qualify for hedge accounting, permit the offsetting of selected
interentity foreign currency exposures that reduce the need for third-party
derivatives and redefine the nature of interest rate risk to avoid sources of
ineffectiveness. The Company is required to adopt the provisions of SFAS 133
and the corresponding amendments of SFAS 138 on January 1, 2001. Management
does not believe that the adoption of these standards will have a material
impact on the Company's consolidated financial position, results of operations
or cash flows.

In December 1999, the Securities and Exchange Commission issued Staff
Accounting Bulletin No. 101 ("SAB No. 101"), Revenue Recognition in Financial
Statements. SAB No. 101 provides guidance on the recognition, presentation and
disclosure of revenue in financial statements. SAB No. 101 outlines basic
criteria that must be met to recognize revenue and provides guidance for
disclosure related to revenue recognition policies. The Company was required to
implement SAB No. 101 in the fourth quarter of its fiscal year ending December
31, 2000. The provisions of SAB No. 101 did not have a material impact on the
Company's consolidated financial position or results of operations.

In March 2000, the FASB issued FASB Interpretation No. 44 ("FIN No. 44"),
Accounting for Certain Transactions Involving Stock Compensation--an
Interpretation of APB Opinion No. 25. FIN No. 44, effective July 1, 2000,
clarifies the application of APB No. 25 for matters including: the definition
of an employee for purposes of APB No. 25; the criteria for determining whether
a plan qualifies as a non-compensatory plan; the accounting consequence of
various modifications to the terms of a previously fixed stock option or award;
and the accounting for an exchange of stock compensation awards in a business
combination. The adoption of FIN No. 44 did not have a material impact on the
Company's consolidated financial position or results of operations.

29


Factors That May Impact Future Results

Risks Related to Our Business

Because we have only recently introduced our products and services, it is
difficult for us to evaluate our prospects.

We introduced our first commercial product in the first quarter of 1999 and
have generated only limited revenues. Because we have a limited operating
history with our products and services, and because our sources of potential
revenue may continue to shift as our business develops, our future operating
results and our future stock prices are difficult to predict. Our success also
depends in part on:

. the rate and timing of the growth and use of the Internet for electronic
commerce and communications;

. the acceptance of existing security measures as adequate for electronic
commerce and communications over the Internet;

. the rate and timing of the growth and use of specific technologies such
as PKI and electronic payments and other Internet security technologies;

. our ability to maintain our current, and enter into additional, strategic
relationships; and

. our ability to effectively manage our growth and to attract and retain
skilled professionals.

As a result of these risks, our business could be seriously harmed.

Our sales cycle causes unpredictable variations in our operating results which
could cause our stock price to decline.

The length of our sales cycle is uncertain, which makes it difficult to
accurately forecast the quarter in which our sales will occur. This may cause
our revenues and operating results to vary from quarter to quarter. We spend
considerable time and expense providing information to prospective customers
about the use and benefits of our products and services without generating
corresponding revenue. Our expense levels are relatively fixed and we do not
know when particular sales efforts will begin to generate revenues.

Prospective customers of our products and services often require long
testing and approval processes before making a purchase decision. The process
of entering into a licensing arrangement with a potential customer may involve
lengthy negotiations. In the past, our sales cycle has ranged from one to nine
or more months. Our sales cycle is also subject to delays because we have
little or no control over customer-specific factors, including customers'
budgetary constraints and internal acceptance procedures. Because our
technology must often be integrated with the products and services of other
vendors, there may be a significant delay between the use of our software and
services in a pilot system and its commercial deployment by our customers.

Because the length of our sales cycle is uncertain, we believe that period-
to-period comparisons of our results of operations are not meaningful and
should not be relied upon as indicators of future performance. Our failure to
meet these expectations would likely cause the market price of our common stock
to decline.

Our quarterly results depend on a number of factors, many of which are
beyond our control. Our quarterly results may fluctuate in the future as a
result of many factors, including the following:

. the size, timing, cancellation or delay of customer orders;

. the timing of releases of our new software products;

. the number of transactions conducted using our products and services;

. the long sales cycles for, and complexity of, our software products and
services;

30


. the timing and execution of large individual contracts;

. the impact of changes in the pricing models for our software products and
services or our competitors' products and services; and

. the continued development of our direct and indirect distribution
channels.

Due to these and other factors, our operating results in some future quarter
or quarters may fall below the expectations of securities analysts who might
follow our stock.

We have not been profitable, and if we do not achieve profitability, our
business may fail.

We have incurred significant net losses. We incurred net losses of $28.3
million in 2000, $12.8 million in 1999 and $4.0 million in 1998. As of December
31, 2000, we had incurred cumulative losses of $46.2 million. You should not
consider recent quarterly revenue growth as indicative of our future
performance. We may not sustain similar levels of growth in future periods and
our revenues could decline, and we may not become profitable or significantly
increase our revenues. We will continue to increase our sales and marketing,
research and development and general and administrative expenses.

We will need to generate significantly higher revenues in order to achieve
profitability. Even if we do achieve profitability, we may not be able to
sustain or increase profitability on a quarterly or annual basis in the future.
If our revenues grow more slowly or decline, if our gross margins do not
improve, or if our operating expenses exceed our expectations, our operating
results will suffer and our stock price may fall.

If we do not successfully develop new products and services to respond to rapid
market changes due to changing technology and evolving industry standards, our
business will be harmed.

Our success will depend to a substantial degree on our ability to offer
products and services that incorporate leading technology and to respond to
technological advances. If we fail to offer products and services that
incorporate leading technology and respond to technological advances and
emerging standards, we may not generate sufficient revenues to offset our
development costs and other expenses, which will hurt our business. The
development of new or enhanced products and services is a complex and uncertain
process that requires the accurate anticipation of technological and market
trends. We may experience development, marketing and other technological
difficulties that may delay or limit our ability to respond to technological
changes, evolving industry standards, competitive developments or customer
requirements. You should also be aware that:

. our technology or systems may become obsolete upon the introduction of
alternative technologies;

. we may incur substantial costs if we need to modify our products and
services to respond to these alternative technologies;

. we may not have sufficient resources to develop or acquire new
technologies or to introduce new products or services capable of
competing with future technologies;

. we may be unable to acquire the rights to use the intellectual property
necessary to implement new technology; and

. when introducing new or enhanced products or services, we may be unable
to manage effectively the transition from older products and services.

We rely on, and expect to continue to rely on, a limited number of customers
for a significant percentage of our revenues, and if any of these or other
significant customers stops licensing our software products and services, our
revenues could decline.

A limited number of customers has accounted for a significant portion of our
revenues. In 2000, no individual customer accounted for more than 10% of total
revenues. In 1999, Visa accounted for 21.7% of our

31


revenues and PricewaterhouseCoopers accounted for 14.1% of our revenues. We
anticipate that our operating results in any given period will continue to
depend to a significant extent upon revenues from a small number of customers.
We do not have long-term contracts with our customers that obligate them to
license our software products or use our services. We cannot be certain that we
will retain our customers or that we will be able to obtain new customers. If
we were to lose one or more customers, our revenues could decline.

We do not have an adequate history with the recent change in our licensing
arrangements to predict our revenue or operating results, which may prevent
investors from assessing our prospects.

We introduced a new licensing arrangement in the second quarter of 2000 that
includes a subscription fee during the license period. This new arrangement
resulted in our recognizing subscription fees ratably over the related service
period. Previously, our licensing arrangements resulted in our recognizing the
majority of license revenues upon shipment of software to our customers. We do
not have an adequate history with this new licensing arrangement to be able to
predict customers' acceptance of this arrangement or to forecast our revenue or
operating results accurately.

Because our customers may not renew their annual subscriptions, our revenues
may not increase as anticipated.

We have only recently made our software products and services commercially
available and we do not have a history of customers renewing their annual
subscriptions with us. If a significant portion of our customers do not renew
their annual subscriptions for our software products and services, our revenues
could decline and our business could be harmed. Our service provider customers
are implementing new business models which, if not successful, could result in
our service provider customers not renewing their annual subscriptions with us.

The length of our sales cycle is uncertain, which may cause our revenues and
operating results to vary significantly from quarter to quarter.

Any failure of our sales efforts to generate revenues at the times and in
the amounts we anticipate could cause significant variations in our operating
results. During our sales cycle, we spend considerable time and expense
providing information to prospective customers about the use and benefits of
our products and services without generating corresponding revenue. Our expense
levels are relatively fixed in the short term and there is substantial
uncertainty as to when particular sales efforts will begin to generate
revenues.

One of our significant business strategies has been to enter into strategic
or other similar collaborative alliances to increase the adoption of our
products and services. Prospective customers of our products and services often
require long testing and approval processes before making a purchase decision.
In general, the process of entering into a licensing arrangement with a
potential customer may involve lengthy negotiations. As a result, our sales
cycle has been and may continue to be unpredictable. In the past, our sales
cycle has ranged from one to nine or more months. Our sales cycle is also
subject to delays as a result of customer-specific factors over which we have
little or no control, including budgetary constraints and internal acceptance
procedures. In addition, because our technology must often be integrated with
the products and services of other vendors, there may be a significant delay
between the use of our software and services in a pilot system and its
commercial deployment by our customers. The length of the sales cycle makes it
difficult to accurately forecast the timing and amount of our sales. Thus this
may cause our revenues and operating results to vary significantly from quarter
to quarter and could harm our business.

32


Our international business exposes us to additional risks.

Products and services provided to our international customers accounted for
51.7% of our revenues in 2000 and 47.4% of our revenues in 1999. We intend to
expand our international business in the future. Conducting business outside of
the United States subjects us to additional risks, including:

. changes in regulatory requirements;

. reduced protection of intellectual property rights;

. evolving privacy laws;

. tariffs and other trade barriers;

. difficulties in staffing and managing foreign operations;

. problems in collecting accounts receivables; and

. difficulties in authenticating customer information.

We must maintain and enter into new strategic alliances, and any failure to do
so could harm our business.

One of our significant business strategies has been to enter into strategic
or other similar collaborative alliances in order to reach a larger customer
base than we could reach through our direct sales and marketing efforts. We
will need to maintain or enter into additional strategic alliances to execute
our business plan. However, if we are unable to maintain our strategic
alliances or enter into additional strategic alliances, our business could be
materially harmed. We may not be able to enter into additional strategic
alliances or maintain our existing strategic alliances. If we do not, we would
have to devote substantially more resources to the distribution, sales and
marketing of our security products and services than we would otherwise.

We have entered into technology, marketing and distribution agreements with
several companies. However, we may be unable to leverage the brand and
distribution power of these strategic alliances to increase the adoption rate
of our technology. We have been establishing strategic alliances to ensure that
third-party solutions are interoperable with our software products and
services. To the extent that our products are not interoperable or our
strategic allies choose not to integrate our technology into their offerings,
this failure would inhibit the adoption of our software products and outsourced
services. Furthermore, as a result of our emphasis on these strategic
alliances, our success will depend in part on the ultimate success of other
parties to these alliances. Failure of one or more of our strategic alliances
to achieve any of these objectives could materially harm our business.

Our existing strategic alliances do not, and any future strategic alliances
may not, grant us exclusive marketing or distribution rights. In addition, the
other parties may not view their alliances with us as significant for their own
businesses. Therefore, they could reduce their commitment to us at any time in
the future. These parties could also pursue alternative technologies or develop
alternative products and services, either on their own or in collaboration with
others, including our competitors. Should any of these developments occur, our
business will be harmed.

If we fail to manage our potential growth, we may be unable to effectively run
our operations, including the sales, marketing and support of our products.

Our growth has placed, and any further growth is likely to continue to
place, a significant strain on our resources. Any failure to manage growth
effectively could materially harm our business. We have grown from 31 employees
at December 31, 1998 to 229 employees at March 15, 2001. We have also opened
additional sales offices and have significantly expanded our operations, both
in the United States and abroad, during this time period. To be successful, we
will need to implement additional management information systems, develop our
operating, administrative, financial and accounting systems and controls, and
maintain close coordination among our executive, engineering, accounting,
finance, marketing, sales and operations organizations.

33


Any future acquisitions of companies or technologies may not be successful and
as a result, could harm our business.

We may acquire businesses, technologies, product lines or service offerings
which may need to be integrated with our business in the future. Acquisitions
involve a number of risks including, among others:

. the difficulty of assimilating the operations and personnel of the
acquired businesses;

. to the extent the acquisitions are financed with our common stock,
dilution to our existing stockholders;

. our inability to integrate, train, retain and motivate key personnel of
the acquired business;

. the diversion of our management from our day-to-day operations;

. our inability to incorporate acquired technologies successfully into our
software products and services;

. the additional expense associated with completing an acquisition and
amortizing any acquired intangible assets;

. the potential impairment of relationships with our employees, customers
and strategic third-parties; and

. the inability to maintain uniform standards, controls, procedures and
policies.

If we are unable to successfully address any of these risks, our business
could be materially harmed. In addition, we acquired Receipt.com in December
1999.

If our data center proves to be unreliable or is subject to failures, our
reputation could be damaged and our business could be harmed.

An increasing number of our customers require us to provide computer and
communications hardware, software and Internet networking systems to them as an
outsourced data center service. All data centers, whether hosted by us, our
customers, or by an independent third party to which we outsource this
function, are vulnerable to damage or interruption from natural disasters,
power loss, telecommunications failure or other similar events. In particular,
our principal executive offices and data center are located near San Francisco,
California in an area that has been subject to severe earthquakes. At present,
we do not have earthquake insurance on our data center or an operational
disaster recovery facility.

In the event of an earthquake or other disaster that results in an operations
failure, our operations will be interrupted and our business will be harmed.

We rely on a continuous power supply to conduct our operations, and
California's current energy crisis could disrupt our operations and increase
our operating costs.

Our principal operating facilities are located in California. We rely on a
continuous power supply to conduct our operations, and California currently is
experiencing an energy crisis that could disrupt our operations and increase
our expenses. When power reserves for the State of California have fallen below
1.5%, California has on some occasions implemented, and may in the future
continue to implement, rolling blackouts throughout the State If such blackouts
interrupt our power supply, we may be temporarily unable to continue operations
at our facilities. Any such interruption in our ability to continue operations
at our facilities could delay the development of our products and our
manufacturing processes. Continuing power interruption could delay production
to the extent it could damage our reputation, harm our ability to retain
existing customers and to obtain new customers, and could result in lost
revenue, any of which could substantially harm our business and results of
operations. To date, the Company has not experienced any significant or
repeated power disruptions that have had a material impact on its business
operations. However, in addition to possible power disruptions, the energy
crisis also may cause natural gas and electricity prices to rise significantly
over the next several months, relative to the rest of the United States, and
our operating expenses will likely increase.

34


Our success depends on our ability to grow and develop our direct sales and
indirect distribution channels.

Our failure to grow and develop our direct sales channel and increase the
number of our indirect distribution channels could have a material adverse
effect on our business, operating results and financial condition. We must
increase the number of strategic and other third-party relationships with
vendors of Internet-related systems and application software, resellers and
systems integrators. Our existing or future channel partners may choose to
devote greater resources to marketing and supporting the products of other
companies.

We depend upon certificate status data made available by third parties; if our
access to that data is limited or denied, our revenues could decline.

Our business depends upon our continuing access to data for the issuance and
revocation of digital certificates by certificate authorities and other third
parties, including businesses and governmental entities. We depend upon our
ability to negotiate arrangements with these certificate authorities, some of
which are our competitors, and other third parties to make this data available
to us. If our access to this data is limited or denied by one or more
certificate authorities or other third parties, our ability to verify and
validate digital certificates would be impaired, perhaps severely, which could
cause a decline in our revenues and in the value of your investment.

Since we sell through multiple channels and distribution networks, we may
have to resolve potential conflicts between these channels. For example, these
conflicts may result from the different discount levels offered by multiple
channel partners to their customers or, potentially, from our direct sales
force targeting the same accounts as our indirect channel partners. Such
conflicts may harm our business or reputation.

We are dependent on technologies provided by third parties, and any termination
of our right to use these technologies could increase our costs, delay product
development and harm our reputation.

We have developed our products and services partially based on technology we
license on a non-exclusive basis from third parties. Our inability to continue
to license these third-party technologies on commercially reasonable terms will
harm our business. We expect that, in the future, we will continue to have to
license technologies from third parties. Our inability to continue to license
on commercially reasonable terms, one or more of the technologies that we
currently use or our failure to obtain the right to use future technologies
could increase our costs and delay or possibly prevent product development. Our
existing licensing agreements may be terminated by the other parties to these
contracts, or may not be renewed on favorable terms or at all. In addition, we
may not be able to license new technologies on favorable terms, if at all.

If we lose the services of our senior management or key personnel, our ability
to develop our business and secure customer relationships will suffer.

We are substantially dependent on the continued services and performance of
our senior management and other key personnel. We do not maintain key person
insurance on any of our executive officers. The loss of the services of any of
our executive officers or other key employees, particularly Joseph (Yosi)
Amram, our president and chief executive officer, and Srinivasan (Chini)
Krishnan, our chairman and chief technology officer, could significantly delay
or prevent the achievement of our development and strategic objectives.

Our management team must work together effectively in order to expand our
business, increase our revenues and improve our operating results.

Several members of our existing senior management personnel joined us
recently, including Timothy Conley, our vice president, finance, and chief
financial officer, who joined us in January 2000 and David Jevans, our vice
president, corporate development, who joined us in December 1999. In addition,
our new

35


employees include a number of key managerial, technical and operations
personnel who have been with us for a limited period of time. We expect to add
additional key personnel in the near future who will also need to be integrated
into our management team. Because these members of our management team are new,
there is an increased risk that management will not be able to work together
effectively as a team, especially in the short-term, to address the challenges
to our business. The inability of our business team to work together
effectively could harm our business.

We may be unable to recruit or retain qualified personnel, which could harm our
business and product development.

We also must continue to identify, recruit, hire, train, retain and motivate
highly skilled technical, managerial, sales and marketing and professional
services personnel. Competition for these personnel is intense, and we may not
be able to successfully recruit, assimilate or retain sufficiently qualified
personnel. In particular, in the San Francisco Bay Area, competition is
especially intense for software engineering personnel. We may encounter
difficulties in recruiting a sufficient number of qualified software engineers
and we may not be able to retain these software engineering personnel, which
could harm our relationships with existing and future customers at a critical
stage of development. The failure to recruit and retain necessary technical,
managerial, sales, marketing and professional services personnel could harm our
business and our ability to obtain new customers and develop new products. If
our stock price decreases substantially, it may be more difficult to hire and
retain employees who consider stock options an important part of their
compensation package.

Our business will suffer if we are unable to protect our intellectual property.

We rely upon copyrights, trade secrets, know-how, patents, continuing
technological innovations and licensing opportunities to maintain and further
develop our market position. We rely on outside licensors for patent and
software license rights in encryption technology that is incorporated into and
is necessary for the operation of our products and services. Our success will
depend in part on our continued ability to have access to technologies that are
or may become important to the functionality of our products and services. Any
inability to continue to procure or use this technology could be materially
adverse to our operations.

Our success will also depend in part on our ability to protect our
intellectual property rights from infringement, misappropriation, duplication
and discovery by third parties. We cannot assure you that others will not
independently develop substantially equivalent proprietary technology or gain
access to our trade secrets or disclose our technology or that we can
meaningfully protect our trade secrets. Attempts by others to utilize our
intellectual property rights could undermine our ability to retain or secure
customers. In addition, the laws of some foreign countries do not protect
proprietary rights to the same extent as do the laws of the United States. Our
attempts to enforce our intellectual property rights could be time consuming
and costly.

We cannot assure you that our pending or future patent applications will be
granted or that any patents that are issued will be enforceable or valid.
Additionally, the coverage claimed in a patent application can be significantly
reduced before the patent is issued. We cannot be certain that we were the
first inventor of inventions covered by our issued patent or pending patent
applications or that we are the first to file patent applications for such
inventions. Moreover, we may have to participate in interference proceedings
before the United States Patent and Trademark Office to determine priority of
invention, which could result in substantial cost to us. An adverse outcome
could subject us to significant liabilities to third parties, require disputed
rights to be licensed from or to third parties or require us to cease using the
technology in dispute.

Any claim of infringement by third parties could be costly to defend, and if we
are found to be infringing upon the intellectual property rights of third
parties, we may be required to pay substantial licensing fees.

We may increasingly become subject to claims of intellectual property
infringement by third parties as the number of our competitors grows and the
functionality of their products and services increasingly overlaps with ours.
Because we are in a new and evolving field, customers may demand features which
will subject us to a greater likelihood of claims of infringement.

36


We are aware of pending and issued United States and foreign patent rights
owned by third parties that relate to cryptography technology. Third parties
may assert that we infringe their intellectual property rights based upon
issued patents, trade secrets or know-how that they believe cover our
technology. In addition, future patents may issue to third parties which we may
infringe. It may be time consuming and costly to defend ourself against any of
these claims and we cannot assure you that we would prevail.

Furthermore, parties making such claims may be able to obtain injunctive or
other equitable relief that could block our ability to further develop or
commercialize some or all of our products in the United States and abroad. In
the event of a claim of infringement, we may be required to obtain one or more
licenses from or pay royalties to third parties. We cannot assure you that we
will be able to obtain any such licenses at a reasonable cost, if at all.
Defense of any lawsuit or failure to obtain such license could hurt our
business.

Defects in our software products and services could diminish demand for our
products and services, which may harm our business.

Because our products and services are complex and may contain errors or
defects that are not found until after they are used by our customers, any
undiscovered errors or defects could seriously harm our reputation and our
ability to generate sales to new or existing customers.

Our software products and services are complex and are generally used in
systems with other vendors' products. They can be adequately tested only when
they are successfully integrated with these systems. Errors may be found in new
products or releases after shipment and our products and services may not
operate as expected. Errors or defects in our products and services could
result in:

. loss of revenues and increased service and warranty costs,

. delay in market acceptance and

. sales and injury to our reputation.

If we are unable to raise additional capital when needed, we may be unable to
develop or enhance our products and services.

We may need to seek additional funding in the future. If we cannot raise
funds on acceptable terms, we may not be able to develop or enhance our
products and services, take advantage of future opportunities or respond to
competitive pressures or unanticipated requirements. We may also be required to
reduce operating costs through lay-offs or reduce our sales and marketing or
research and development efforts. If we issue equity securities, stockholders
may experience additional dilution or the new equity securities may have
rights, preferences or privileges senior to those of our common stock.

Failure to increase our brand awareness could limit our ability to compete
effectively.

If the marketplace does not associate ValiCert with high-quality, end-to-end
secure infrastructure software products and services, it may be difficult for
us to keep our existing customers, attract new customers or successfully
introduce new products and services. Competitive and other pressures may
require us to increase our expenses to promote our brand name, and the benefits
associated with brand creation may not outweigh the risks and costs associated
with establishing our brand name. Our failure to develop a strong brand name or
the incurrence of excessive costs associated with establishing our brand name
may harm our business.

We rely on public key cryptography and other security techniques that could be
breached, resulting in reduced demand for our products and services.

A requirement for the continued growth of electronic commerce is the secure
transmission of confidential information over public networks. We rely on
public key cryptography, an encryption method that utilizes two

37


keys, a public and private key, for encoding and decoding data, and on digital
certificate technology, to provide the security and authentication necessary
for secure transmission of confidential information. Regulatory and export
restrictions may prohibit us from using the strongest and most secure
cryptographic protection available, and thereby may expose us or our customers
to a risk of data interception. A party who is able to circumvent our security
measures could misappropriate proprietary information or interrupt our or our
customers' operations. Any compromise or elimination of our security could
result in risk of loss or litigation and possible liability and reduce demand
for our products and services.

If we are not able to continue to include our public root keys within software
applications, our customers may not use our services.

If we are not able to continue to include our public root keys within
software applications, including Microsoft Windows 2000, the Microsoft Internet
Explorer browser and the Netscape browser, customers might perceive our
outsourced services as too cumbersome to use and our business may be harmed.
Our public root keys are used by applications to insure that digitally signed
objects which are generated by our validation authority and digital receipt
services are trustworthy and have not been tampered with or corrupted. The term
of our root key agreement with Netscape ends in November 2001 and we cannot
assure you that this agreement will be renewed. In addition, our root key
agreement with Microsoft may not be extended to cover subsequent releases of
Microsoft Windows 2000 or the Microsoft Internet Explorer browser.

The covenants and restrictions in our existing and future debt instruments
could have a negative effect on our business. The agreement also contains
financial covenants, including requirements that we maintain a minimum level of
cash and available borrowing capacity and a minimum level of tangible net
worth.

The covenants and restrictions in our existing and future debt instruments
could have a negative effect on our business, including impairing our ability
to obtain additional financing and reducing our operational flexibility and
ability to respond to changing business and economic conditions. The terms of
our $2.5 million secured line of credit agreement require that we comply with a
number of financial and other restrictive covenants. For example, it prohibits
us from:

. incurring any indebtedness other than equipment leasing obligations;

. pledging any of our assets, subject to exceptions; and

. making investments in the securities of any other person.

The covenants and restrictions in our existing and future debt instruments
could have a negative effect on our business, including impairing our ability
to obtain additional financing and reducing our operational flexibility and
ability to respond to changing business and economic conditions. In addition,
any failure to comply with the restrictions and covenants in our $2.5 million
line of credit agreement or any other credit facility would generally result in
a default under the facility, permitting the lenders to declare all debt
outstanding under that facility to be immediately due and payable. Further, a
default under any debt facility could, under cross-default provisions, result
in defaults under other debt instruments, entitling other lenders to declare
all debt outstanding under those other facilities to be immediately due and
payable. If any declaration of acceleration were to occur, we might be unable
to make those required payments or to raise sufficient funds from other sources
to make those payments. In addition, we have pledged substantially all of our
assets to secure our credit facilities. If a default occurs with respect to
secured indebtedness, the holders of that indebtedness would be entitled to
foreclose on their collateral, which would harm our business.

38


We could incur substantial costs resulting from product liability claims
relating to our customers' use of our products and services.

Any disruption to a customer's website or application caused by our products
or services could result in a claim for substantial damages against us,
regardless of our responsibility for the failure. Our existing insurance
coverage may not continue to be available on reasonable terms or in amounts
sufficient to cover one or more large claims. Our insurer may also disclaim
coverage as to any claims, which could result in substantial costs to us.

Additional government regulation relating to the Internet may increase our
costs of doing business.

We are subject to regulations applicable to businesses generally and laws or
regulations directly applicable to companies utilizing the Internet. Although
there are currently few laws and regulations directly applicable to the
Internet, it is possible that a number of laws and regulations may be adopted
with respect to the Internet. These laws could cover issues like user privacy,
pricing, content, intellectual property, distribution, antitrust, legal
liability and characteristics and quality of products and services. The
adoption of any additional laws or regulations could decrease the demand for
our products and services and increase our cost of doing business, or otherwise
could harm our business or prospects.

Moreover, the applicability to the Internet of existing laws in various
jurisdictions governing issues like property ownership, sales and other taxes,
libel and personal privacy is uncertain. For example, tax authorities in a
number of states are currently reviewing the appropriate tax treatment of
companies engaged in online commerce. New state tax regulations may subject us
to additional state sales and income taxes. Any new legislation or regulation,
the application of laws and regulations from jurisdictions whose laws do not
currently apply to our business, or the application of existing laws and
regulations to the Internet and commercial online services could harm our
ability to conduct business and our operating results.

Risks Related to Our Industry

The markets for secure online transaction products and services generally, and
our products and services specifically, are new and may not develop, which
would harm our business.

The market for our products and services is new and evolving rapidly. If the
market for our products and services fails to develop and grow, or if our
products and services do not gain broad market acceptance, our business and
prospects will be harmed. In particular, our success will depend upon the
adoption and use by current and potential customers and their end-users of
secure online transaction products and services. Our success will also depend
upon acceptance of our technology as the standard for providing these products
and services. The adoption and use of our products and services will involve
changes in the manner in which businesses have traditionally completed
transactions. We cannot predict whether our products and services will achieve
any market acceptance. Our ability to achieve our goals also depends upon rapid
market acceptance of future enhancements of our products. Any enhancement that
is not favorably received by customers and end-users may not be profitable and,
furthermore, could damage our reputation or brand name.

The intense competition in our industry could reduce our market share or
eliminate the demand for our software products and services, which could harm
our business.

Competition in the security infrastructure market is intense. If we are
unable to compete effectively, our ability to increase our market share and
revenue will be harmed. We compete with companies that provide individual
products and services that are similar to certain aspects of our software
products and services. Certificate authority software vendors and vendors of
other security products and services could enter the market and provide end-to-
end solutions which might be more comprehensive than our solutions. Many of our
competitors have longer operating histories, greater name recognition, larger
installed customer bases and significantly greater financial, technical and
marketing resources. As a result, they may be able to adapt more quickly to new
or emerging technologies and changes in customer requirements, or to devote
greater resources

39


to the promotion and sale of their products. We anticipate that the market for
security products and services that enable valid, secure and provable
electronic commerce and communications over the Internet will remain intensely
competitive. We expect that competition will increase in the near term and
increased competition could result in pricing pressures, reduced margins or the
failure of our Internet-based security products and services to achieve or
maintain market acceptance, any of which could materially harm our business.

In addition, current and potential competitors have established or may in
the future establish collaborative relationships among themselves or with third
parties, including third parties with whom we have strategic alliances, to
increase the ability of their products to address the security needs of our
prospective customers. Accordingly, it is possible that new competitors or
alliances may emerge and rapidly acquire significant market share. If this were
to occur, our business could be materially affected.

Our business depends on the wide adoption of the Internet for conducting
electronic commerce.

In order for us to be successful, the Internet must be widely adopted as a
medium for conducting electronic commerce. Because electronic commerce over the
Internet is new and evolving, it is difficult to predict the size of this
market and its sustainable growth rate. To date, many businesses and consumers
have been deterred from utilizing the Internet for a number of reasons,
including but not limited to:

. potentially inadequate development of network infrastructure;

. security concerns including the potential for merchant or user
impersonation and fraud or theft of stored data and information
communicated over the Internet;

. inconsistent quality of service;

. lack of availability of cost-effective, high-speed service;

. limited numbers of local access points for corporate users;

. inability to integrate business applications on the Internet;

. the need to operate with multiple and frequently incompatible products;
and

. a lack of tools to simplify access to and use of the Internet.

The adoption of the Internet will require a broad acceptance of new methods
of conducting business and exchanging information. Companies and government
agencies that already have invested substantial resources in other methods of
conducting business may be reluctant to adopt new methods. Also, individuals
with established patterns of purchasing goods and services and effecting
payments may be reluctant to change.

The use of the Internet may not increase or may increase more slowly than we
expect because the infrastructure required to support widespread use may not
develop. The Internet may continue to experience significant growth both in the
number of users and the level of use. However, the Internet infrastructure may
not be able to continue to support the demands placed on it by continued
growth. Continued growth may also affect the Internet's performance and
reliability. In addition, the growth and reliability of the Internet could be
harmed by delays in development or adoption of new standards and protocols to
handle increased levels of activity or by increased governmental regulation.
Changes in, or insufficient availability of, communications services to support
the Internet could result in poor performance and adversely affect its usage.
Any of these factors could materially harm our business.

Public key cryptography security, on which our products and services are based,
may become obsolete, which would harm our business.

The technology used to keep private keys confidential depends in part on the
application of mathematical principles and relies on the difficulty of
factoring large numbers into their prime number components. Should a simpler
factoring method be developed, then the security of encryption products
utilizing public key

40


cryptography technology could be reduced or eliminated. Even if no
breakthroughs in factoring or other methods of attacking cryptographic systems
are made, factoring problems can theoretically be solved by computer systems
significantly faster and more powerful than those presently available. Any
significant advance in techniques for attacking cryptographic systems could
render some or all of our existing products and services obsolete or
unmarketable.

Security systems based on public key cryptography assign users a public key
and a private key, each of which is required to encrypt and decrypt data. The
security afforded by this technology depends on the user's key remaining
confidential. It is therefore critical that the private key be kept secure.

Our products are subject to export controls. If we are unable to obtain
necessary approvals, our ability to make international sales could be limited.

Exports of software products utilizing encryption technology are generally
restricted by the United States and various foreign governments. Cryptographic
products typically require export licenses from United States government
agencies. We are currently exporting software products and services with
requisite export approval under United States law. However, the list of
products and countries for which export approval is required, and the related
regulatory policies, could be revised beyond their current scope, and we may
not be able to obtain necessary approval for the export of our products. Our
inability to obtain required approvals under these regulations could limit our
ability to make international sales. Furthermore, our competitors may also seek
to obtain approvals to export products that could increase the amount of
competition we face.

Risks Related to the Stock Market in General

Our stock price may decline due to market and economic factors.

In recent years the stock market in general, and the market for shares of
small capitalization and technology stocks in particular, have experienced
extreme price fluctuations, which have often been unrelated to the operating
performance of affected companies. There can be no assurance that the market
price of our common stock will not experience significant fluctuations in the
future, including fluctuations unrelated to our performance. Such fluctuations
could materially adversely affect the market price of our common stock.

In addition, in the past, securities class action litigation has often been
brought against a company following periods of volatility in the market price
of its securities. This risk is especially acute for us because the extreme
volatility of market prices of technology companies has resulted in a larger
number of securities class action claims against them. Due to the potential
volatility of our stock price, we may in the future be the target of similar
litigation. Securities litigation could result in substantial costs and divert
management's attention and resources.

We are controlled by our executive officers, directors and major stockholders,
whose interests may conflict with yours. Provisions in our charter documents
and Delaware law could prevent or delay a change in control, which could reduce
the market price of our common stock.

Provisions in our certificate of incorporation and bylaws may have the effect
of delaying or preventing a change of control or changes in our management.

In addition, provisions of Delaware law may discourage, delay or prevent
someone from acquiring or merging with us. These provisions could limit the
price that investors might be willing to pay in the future for shares of our
common stock.

41


ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

We develop products in the United States and market our products in North
America, Europe and Asia/Pacific regions. As a result, our financial results
could be affected by changes in foreign currency exchange rates or weak
economic conditions in foreign markets. Because substantially all of our
revenues are currently denominated in U.S. dollars, a strengthening of the
dollar could make our products less competitive in foreign markets. Our
interest income is sensitive to changes in the general level of U.S. interest
rates, particularly since the majority of our investments are in short-term
instruments, including money market funds and commercial paper, and long-term
investments mature between one and two years. Our interest expense is also
sensitive to changes in the general level of U.S. interest rates because the
interest rate charged varies with the prime rate. Due to the nature of our
investments, we believe that there is not a material risk exposure. A
hypothetical change in interest rates of 100 basis points would have an
immaterial effect on our operating results and cash flows.

As of December 31, 2000, we have not entered into any derivative contracts,
either for hedging or trading purposes.

ITEM 8. CONSOLIDATED FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA

The Consolidated Financial Statements and Supplementary Data required by
this Item are set forth at the pages indicated in Item 14(a).

ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND
FINANCIAL DISCLOSURE

On October 15, 1999, PricewaterhouseCoopers LLP resigned as our independent
accountants. We subsequently appointed Deloitte & Touche LLP as our independent
auditors. Our decision to change independent auditors was approved by our board
of directors. There were no disagreements with our former accountants during
the fiscal years ended December 31, 1998 or during any subsequent interim
period preceding their replacement on any matter of accounting principles or
practices, financial statement disclosure or auditing scope or procedures,
which, if not resolved to the former accountants' satisfaction, would have
caused the, to make reference to the disagreement in their reports. The former
independent accountants issued an unqualified report on the financial
statements as of and for the year ended December 31, 1998. We did not consult
with Deloitte & Touche LLP on any accounting or financial reporting matters in
the periods before appointment.

42


PART III

The SEC allows us to include information required in this report by
referring to other documents or reports we have already filed or soon will be
filing. This is called "Incorporation by Reference." We intend to file our
definitive Proxy Statement pursuant to Regulation 14A not later than 120 days
after the end of the fiscal year covered by this report, and certain
information therein is incorporated in this report by reference.

ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT

The following table provides information concerning executive officers and
directors of the Company as of December 31, 2000:



Name Age Position
---- --- --------

Joseph Amram............ 44 President and Chief Executive Officer
Srinivasan Krishnan..... 32 Chairman of the Board of Directors, Chief Technology Officer
Timothy Conley.......... 51 Vice President, Finance and Chief Financial Officer
Rajiv Dholakia.......... 38 Vice President, Product Development and Operations
Alexander Garcia-Tobar.. 32 Vice President, International Operations
David Jevans............ 33 Vice President, Corporate Development
Sathvik Krishnamurthy... 32 Vice President, Marketing and Business Development
Martin Yam.............. 49 Vice President, Sales and Field Operations
Taher Elgamal........... 45 Director
John Johnston........... 48 Director
Scott J. Loftesness..... 53 Director
Magdalena Yesil......... 42 Director

- --------
Mr. Elgamal, Mr. Johnston and Ms. Yesil are members of the audit committee. Mr.
Johnston and Mr. Loftesness are members of the compensation committee.

Joseph Amram has served as our president and chief executive officer since
August 1997. From January 1989 to August 1996, Mr. Amram founded and served as
chairman and chief executive officer for Individual, Inc., a content
aggregation provider of personalized information services. Before that, Mr.
Amram was a venture capitalist at the Aegis Funds, and led the product
marketing group at Rational Software, a provider of object oriented software.
Mr. Amram has served three years in the Israeli air force where he attained the
rank of sergeant major. Mr. Amram holds B.S. and M.S. degrees in electrical
engineering from the Massachusetts Institute of Technology and an M.B.A. with
distinction from Harvard Business School.

Srinivasan Krishnan co-founded ValiCert in February 1996 and has served as
our chairman of the board of directors and chief technology officer since
February 1996. From June 1994 to February 1996, Mr. Krishnan was at Enterprise
Integration Technologies where he was instrumental in launching and managing
Terisa Systems, a security toolkits company and CommerceNet, an industry
consortium to develop business over the Internet. Mr. Krishnan has also served
in various engineering positions at Cadence Design Systems between May 1991 and
June 1994. Mr. Krishnan holds a B.S. degree in computer science from the Indian
Institute of Technology and a M.S. degree in computer science from Duke
University.

Timothy Conley has served as our vice president, finance, and chief
financial officer since January 2000. From September 1998 to January 2000, Mr.
Conley was vice president of finance and chief financial officer of Longboard,
Inc., a provider of telecommunications systems. From June 1997 to August 1998,
Mr. Conley served as vice president of finance and chief financial officer of
Logicvision, a provider of intellectual property for use in the design and
testing of semiconductor devices. Previously, from November 1989 to May 1997,
Mr. Conley was vice president of finance and chief financial officer of
Verilink Corporation, a manufacturer of network access equipment. Mr. Conley
holds a B.S. degree in business administration from Wisconsin State University
and is a certified public accountant.

43


Rajiv Dholakia has served as our vice president, product development and
operations since June 1998. From November 1996 to June 1998, Mr. Dholakia
served as vice president of product engineering for TestDrive, an Internet
software distribution company. From February 1996 to November 1996, Mr.
Dholakia served as chief technical officer at VillageTree Software, a
consulting firm for Internet start-up companies. From May 1993 to February
1996, Mr. Dholakia served as director of engineering for platform products at
Taligent, Inc., a cross platform application frameworks company. Mr. Dholakia
also held senior engineering and managerial positions at Sun Microsystems and
Intellicorp from December 1986 to May 1993. Mr. Dholakia holds a B.E. degree in
chemical engineering from M.S. University, Baroda, India and did graduate work
in chemical engineering at the University of South Florida, Tampa.

Alexander Garcia-Tobar has served as our vice president, international
operations since June 1998. From January 1997 to June 1998, Mr. Garcia-Tobar
served as international director for Forrester Research, Inc., an independent
research firm. Before joining Forrester Research, Mr. Garcia-Tobar served as
executive director and a member of the board of directors of NewsWatch Inc., a
joint venture between Toshiba Corporation, Mitsui & Co. and Individual, Inc.
from October 1995 to January 1997. From March 1994 to October 1995, Mr. Garcia-
Tobar served as international director for Individual. Mr. Garcia-Tobar holds a
B.A. degree in international economics from Yale University.

David Jevans has served as our vice president, corporate development since
January 2000. In April 1996, Mr. Jevans founded Receipt.com and served as its
president and chief executive officer until December 1999 when we acquired
Receipt.com. Before Receipt.com, Mr. Jevans was the vice president of networks
at Catapult Entertainment, an Internet service company, from April 1994 to
April 1996. From December 1989 to April 1994, Mr. Jevans was employed at Apple
Computer where he served as an e-commerce technology advisor to the chief
executive officer and executive management team, and a project leader in the
operating systems group. Mr. Jevans holds an M.S. degree in computer science
from the University of Calgary, Canada.

Sathvik Krishnamurthy has served as our vice president, marketing and
business development since May 1998. From November 1992 to April 1998, Mr.
Krishnamurthy served in various capacities for Worldtalk Corporation, an e-mail
security company that was recently acquired by Tumbleweed, including vice
president of product planning and development and vice president and general
manager of Deming Internet Security, a Worldtalk company. Before joining
Worldtalk, Mr. Krishnamurthy held engineering positions at various data-
communications companies including Retix, TITN and Touch Communications. Mr.
Krishnamurthy holds a B.S. degree in computer science and engineering from the
University of California, Los Angeles.

Martin Yam has served as our vice president, sales and field operations
since October 1998. From May 1997 to October 1998, Mr. Yam served as vice
president of sales and services for Accrue Software, Inc., an Internet software
company. Mr. Yam served as vice president of sales and marketing for ParcPlace,
Inc., an object oriented development software company from May 1990 to October
1994. He returned to serve as senior vice president of sales and marketing from
February 1996 to April 1997. Mr. Yam was vice president of sales for NeXT
Software, Inc., an object oriented development software company, from November
1994 through February 1996. Mr. Yam holds a B.S. degree in business
administration and an M.S. degree in technology and management from the
American University.

Taher Elgamal has served as one of our directors since October 1997. Mr.
Elgamal has served as chief executive officer for Securify, an internet
security company since June 1998. Mr. Elgamal served as chief scientist for
Netscape Communications, an internet software company, from April 1995 to June
1998. Mr. Elgamal has M.S. degree and Ph.D. degree in electric engineering from
Stanford University.

John Johnston has served as one of our directors since May 1998. Mr.
Johnston has been a venture capitalist at August Capital since August 1995 and
from 1988 to the present, has been a venture capitalist at Technology Venture
Investors. Mr. Johnston holds a B.A. degree in English from Princeton
University and an M.B.A. degree from Harvard Business School.

44


Scott J. Loftesness has served as one of our directors since March 1998. Mr.
Loftesness has acted as a private investor since July 1999. From August 1998 to
July 1999, Mr. Loftesness was interim chief executive officer of Digicash
Incorporated, an electronic payment company that filed for Chapter 11
bankruptcy in 1998. From June 1994 to June 1998, Mr. Loftesness was group
executive at First Data Corporation, an electronic payment processing company.
Mr. Loftesness attended the University of California at Berkeley.

Magdalena Yesil has served as one of our directors since October 1999. Ms.
Yesil has been a venture capitalist at US Venture Partners since January 1998.
From August 1996 to December 1997, Ms. Yesil founded MarketPay, a software
company, and served as its president. From 1994 to August 1996, Ms. Yesil
founded Cybercash, a secure electronic payment company, and served as vice
president, marketing and technology. Ms. Yesil holds an M.S. degree in
electrical engineering and a B.S. degree in industrial engineering from
Stanford University.

The information regarding the election of directors required by this Item is
incorporated by reference from the section entitled "Proposal No. 1--Election
of Directors" in our definitive Proxy Statement.

The information required by this Item with respect to compliance with
Section 16(a) of the Securities Exchange Act of 1934 is incorporated by
reference to information set forth in the section entitled "Executive
Compensation" in our definitive Proxy Statement.

ITEM 11. EXECUTIVE COMPENSATION

The information required by this Item is incorporated by reference from the
section entitled "Executive Compensation" in our definitive Proxy Statement.

ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT

The information required by this Item is incorporated by reference from the
section entitled "Security Ownership of Certain Beneficial Owners and
Management" in our definitive Proxy Statement.

ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS

The information required by this Item is incorporated by reference from the
section entitled "Certain Transactions" in our definitive Proxy Statement.

45


PART IV.

ITEM 14. EXHIBITS, FINANCIAL STATEMENTS, SCHEDULES AND REPORTS ON FORM 8-K

(a) The following documents are filed as part of this report:

1. Index to Consolidated Financial Statements:



Page
Number
------

Independent Auditors' Report--Deloitte & Touche LLP.................... F-1

Report of Independent Accountants--PricewaterhouseCoopers LLP.......... F-2

Consolidated Balance Sheets as of December 31, 1999 and 2000........... F-3

Consolidated Statements of Operations and Other Comprehensive Income
(Loss) for the years ended December 31, 1998, 1999 and 2000........... F-4

Consolidated Statements of Stockholders' Equity (Deficiency) for the
years ended December 31, 1998, 1999 and 2000.......................... F-5

Consolidated Statements of Cash Flows for the years ended December 31,
1998, 1999 and 2000................................................... F-6

Notes to Consolidated Financial Statements............................. F-7


2. Financial Statement Schedule:



See Schedule II filed as part of this report. IV-1

All other schedules are omitted because they are not required or the
required information is shown in the financial statements or notes thereto.

3. Exhibits:

See Index to Exhibits. The Exhibits listed in the accompanying Index are
filed as part of this report. IV-3


(b) Reports on Form 8-K:

None.

46


INDEPENDENT AUDITORS' REPORT

To the Board of Directors and Stockholders of
ValiCert, Inc.:

We have audited the accompanying consolidated balance sheets of ValiCert,
Inc. ("the Company") as of December 31, 1999 and 2000, and the related
consolidated statements of operations, stockholders' equity (deficiency), and
cash flows for the years then ended. Our audits also included the financial
statement schedule for the years ended December 31, 1999 and 2000 listed in the
Index at Item 14(a)(2). These consolidated financial statements and schedule
are the responsibility of the Company's management. Our responsibility is to
express an opinion on these consolidated financial statements and schedule
based on our audits.

We conducted our audits in accordance with auditing standards generally
accepted in the United States of America. Those standards require that we plan
and perform the audit to obtain reasonable assurance about whether the
financial statements are free of material misstatement. An audit includes
examining, on a test basis, evidence supporting the amounts and disclosures in
the financial statements. An audit also includes assessing the accounting
principles used and significant estimates made by management, as well as
evaluating the overall financial statement presentation. We believe that our
audits provide a reasonable basis for our opinion.

In our opinion, such consolidated financial statements present fairly, in
all material respects, the financial position of ValiCert, Inc. at December 31,
1999 and 2000, and the results of its operations and its cash flows for the
years then ended in conformity with accounting principles generally accepted in
the United States of America. Also, in our opinion, the related financial
statement schedule for the years ended December 31, 1999 and 2000, when
considered in relation to the basic financial statements taken as a whole,
presents fairly in all material respects the information set forth herein.

/s/ Deloitte & Touche LLP

San Jose, California
January 25, 2001

F-1


REPORT OF INDEPENDENT ACCOUNTANTS

To the Board of Directors and Stockholders of ValiCert, Inc.:

In our opinion, the statements of operations, stockholders' deficiency and
comprehensive loss and cash flows for the year ended December 31, 1998
(appearing under Item 14(a) (1) on page [46]) present fairly, in all material
respects, the results of operations and cash flows of ValiCert, Inc. (the
Company), a development stage company for the year ended December 31, 1998, in
conformity with accounting principles generally accepted in the United States
of America. In addition, in our opinion, the financial statement schedule
listed in the index appearing under Item 14 (a)(2) on page [46] presents
fairly, in all material respects, the information set forth therein for the
year ended December 31, 1998, when read in conjunction with the related
financial statements. These financial statements are the responsibility of the
Company's management; our responsibility is to express an opinion on these
financial statements based on our audit. We conducted our audit of these
statements in accordance with auditing standards generally accepted in the
United States of America, which require that we plan and perform the audit to
obtain reasonable assurance about whether the financial statements are free of
material misstatement. An audit includes examining, on a test basis, evidence
supporting the amounts and disclosures in the financial statements, assessing
the accounting principles used and significant estimates made by management,
and evaluating the overall financial statement presentation. We believe that
our audit provides a reasonable basis for our opinion. We have not audited the
financial statements of ValiCert, Inc. for any period subsequent to December
31, 1998.

/s/ PricewaterhouseCoopers LLP

San Jose, California
March 19, 1999 (May 5, 2000 as to Note 10)

F-2


VALICERT, INC.

CONSOLIDATED BALANCE SHEETS
(In thousands, except share and par value amounts)



December 31,
------------------
1999 2000
-------- --------
ASSETS
------

Current assets:
Cash and cash equivalents.................................... $ 14,023 $ 37,523
Short-term investments....................................... 3,404 --
Accounts receivable, net of allowance of $75 and $156........ 1,079 3,771
Prepaid expenses and other current assets.................... 227 1,333
-------- --------
Total current assets....................................... 18,733 42,627
Property and equipment, net................................... 3,848 5,417
Goodwill, net of accumulated amortization of $0 and $2,467.... 12,491 9,786
Intangible assets, net of accumulated amortization of $0 and
$755......................................................... 2,266 1,511
Other assets.................................................. 354 465
-------- --------
Total assets.................................................. $ 37,692 $ 59,806
======== ========

LIABILITIES, REDEEMABLE CONVERTIBLE PREFERRED STOCK AND
STOCKHOLDERS' EQUITY (DEFICIENCY)
-------------------------------------------------------

Current liabilities:
Accounts payable............................................. $ 1,762 $ 1,140
Accrued liabilities.......................................... 1,385 5,818
Deferred revenue............................................. 814 3,113
Short-term notes............................................. 737 --
Current portion of long-term obligations..................... 710 1,122
-------- --------
Total current liabilities.................................. 5,408 11,193
-------- --------
Long-term obligations......................................... 2,240 2,056
Other liabilities............................................. 74 --
Commitments and contingencies (Note 8)
Redeemable convertible preferred stock, $0.001 par value;
shares authorized--42,855,713 (aggregate liquidation
preference of $39,678 at December 31, 1999):
Series A-Senior shares designated, 1,865,239; issued and
outstanding: 1999, 1,243,491 shares; 2000, none............. 565 --
Series A-Junior shares designated, 8,612,618; issued and
outstanding: 1999, 3,802,204; 2000, none.................... 154 --
Series B shares designated, 5,200,000; issued and
outstanding: 1999, 3,388,361; 2000, none.................... 6,445 --
Series C shares designated, 6,787,414; issued and
outstanding: 1999, 4,507,272; 2000, none.................... 27,147 --
Notes receivable from convertible preferred stockholders..... (55) --
Stockholders' equity (deficiency):
Common stock, $0.001 par value; authorized--1999, 16,666,667
shares; 2000, 100,000,000 shares; issued and outstanding:
1999, 3,621,057; 2000, 22,739,842........................... 4 23
Additional paid-in capital................................... 19,998 101,991
Deferred stock compensation.................................. (5,843) (7,263)
Notes receivable from common stockholders.................... (611) (2,033)
Accumulated deficit.......................................... (17,834) (46,161)
-------- --------
Total stockholders' equity (deficiency).................... (4,286) 46,557
-------- --------
Total liabilities, redeemable convertible preferred stock and
stockholders' equity (deficiency)............................ $ 37,692 $ 59,806
======== ========


See notes to consolidated financial statements.

F-3


VALICERT, INC.

CONSOLIDATED STATEMENTS OF OPERATIONS
(In thousands, except per share amounts)



Years Ended December 31,
---------------------------
1998 1999 2000
------- -------- --------

Revenue:
Software license................................ $ 60 $ 874 $ 8,368
Subscription fees and other services............ -- 761 3,460
------- -------- --------
Total revenues............................... 60 1,635 11,828
------- -------- --------
Cost of revenues:
Software license................................ 3 93 1,199
Subscription fees and other services............ -- 134 5,899
------- -------- --------
Total cost of revenues....................... 3 227 7,098
------- -------- --------
Gross profit 57 1,408 4,730
Operating expenses:
Research and development........................ 1,728 5,608 10,389
Sales and marketing............................. 1,445 4,583 13,788
General and administrative...................... 977 1,373 4,004
Acquired in-process research and development.... -- 2,780 --
Amortization of goodwill and intangible assets.. -- -- 3,222
Amortization of stock compensation*............. -- 162 2,266
------- -------- --------
Total operating expenses..................... 4,150 14,506 33,669
------- -------- --------
Operating loss................................... (4,093) (13,098) (28,939)
Other income (expense):
Interest income................................. 125 477 1,470
Interest expense and other...................... (22) (181) (858)
------- -------- --------
Total other income........................... 103 296 612
------- -------- --------
Net loss......................................... $(3,990) $(12,802) $(28,327)
======= ======== ========
Basic and diluted net loss per share............. $ (8.01) $ (48.86) $ (2.76)
======= ======== ========
Shares used in computation of basic and diluted
net loss per share.............................. 498 262 10,282
======= ======== ========
* Amortization of stock compensation:
Cost of revenues:
Subscription fees and other services........... $ 4 $ 228
Research and development....................... 31 641
Sales and marketing............................ 78 556
General and administrative..................... 49 841
-------- --------
Total........................................ $ 162 $ 2,266
======== ========


See notes to consolidated financial statements.

F-4


VALICERT, INC.

CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY (DEFICIENCY)
(In thousands, except share amounts)



Notes
Common Stock Additional Deferred Receivable
------------------ Paid-In Stock from Accumulated
Shares Amount Capital Compensation Stockholders Deficit Total
---------- ------ ---------- ------------ ------------ ----------- --------

Balances, January 1,
1998................... $ (1,023) $ (1,023)
Issuance of Series A--
Senior preferred
stock.................. (19) (19)
Net loss and
comprehensive loss..... (3,990) (3,990)
-------- --------
Balances, December 31,
1998................... (5,032) (5,032)
Issuance of common stock
and common stock
options in connection
with acquisition (Note
2)..................... 2,182,139 $ 4 $ 17,166 $ (3,733) $ (52) -- 13,385
Exercise of common stock
options and issuance of
stockholder notes...... 1,438,918 -- 560 -- (541) -- 19
Interest on stockholder
notes.................. -- -- -- -- (18) -- (18)
Deferred stock
compensation........... -- -- 2,272 (2,272) -- -- --
Amortization of deferred
stock compensation..... -- -- -- 162 -- -- 162
Net loss and
comprehensive loss..... -- -- -- -- -- (12,802) (12,802)
---------- ----- -------- -------- ------- -------- --------
Balances, December 31,
1999................... 3,621,057 4 19,998 (5,843) (611) (17,834) (4,286)
Issuance of common stock
in connection with
initial public
offering, net of
issuance costs of
$4,923 (Note 10)....... 4,600,000 5 41,072 -- -- -- 41,077
Conversion of preferred
shares into common
stock in connection
with initial public
offering............... 13,410,849 13 34,378 -- (55) -- 34,336
Exercise of common stock
options and issuance of
stockholder notes...... 1,183,206 1 2,942 -- (1,391) -- 1,552
Exercise of warrants.... 1,323 -- 5 -- -- -- 5
Issuance of warrants in
connection with debt
financing.............. -- -- 58 -- -- -- 58
Repurchase of common
stock.................. (76,593) -- (148) -- -- -- (148)
Collection of notes
receivable from
stockholders........... -- -- -- -- 126 -- 126
Interest on stockholder
notes.................. -- -- -- -- (102) -- (102)
Deferred stock
compensation........... -- -- 4,161 (4,161) -- -- --
Cancellation of stock
options................ -- -- (475) 475 -- -- --
Amortization of deferred
stock compensation..... -- -- -- 2,266 -- -- 2,266
Net loss................ -- -- -- -- -- (28,327) (28,327)
---------- ----- -------- -------- ------- -------- --------
Balances, December 31,
2000................... 22,739,842 $ 23 $101,991 $ (7,263) $(2,033) $(46,161) $ 46,557
========== ===== ======== ======== ======= ======== ========


See notes to consolidated financial statements.

F-5


VALICERT, INC.

CONSOLIDATED STATEMENTS OF CASH FLOWS
(In thousands)



Years Ended December 31,
---------------------------
1998 1999 2000
------- -------- --------

Cash flows from operating activities:
Net loss......................................... $(3,990) $(12,802) $(28,327)
Adjustments to reconcile net loss to net cash
used in operating activities:
Depreciation and amortization................... 125 720 2,098
Amortization of deferred stock compensation..... -- 162 2,266
Acquired in-process research and development.... -- 2,780 --
Amortization of goodwill and intangible assets.. -- -- 3,222
Write-off of short-term investments............. -- -- 373
Interest on stockholder notes................... -- (18) (102)
Amortization of warrants issued in connection
with debt financing............................ -- -- 58
Changes in assets and liabilities (net of
acquisitions--Note 2):
Accounts receivable............................. -- (952) (2,392)
Prepaid expenses and other current assets....... (149) (41) (1,168)
Other assets.................................... (285) (2) (111)
Accounts payable................................ 155 2,470 (622)
Accrued liabilities............................. 381 510 4,433
Deferred revenue................................ (54) 486 2,299
Other liabilities............................... 16 59 (74)
------- -------- --------
Net cash used in operating activities.......... (3,801) (6,628) (18,047)
------- -------- --------
Cash flows from investing activities:
Property and equipment additions................. (855) (2,247) (3,667)
Cash from acquisitions........................... -- 834 --
Purchase of short-term investments............... -- (3,031) --
Sale of short-term investments................... -- -- 3,031
Collection of notes receivable from
stockholders.................................... -- -- 126
------- -------- --------
Net cash used in investing activities.......... (855) (4,444) (510)
------- -------- --------
Cash flows from financing activities:
Proceeds from issuance of common stock........... -- -- 41,077
Exercise of common stock options and warrants.... -- 83 1,557
Exercise of preferred stock options and warrants
................................................ -- 294 80
Proceeds from issuance of preferred stock, net... 5,351 22,934 --
Repurchase of common and preferred stock......... -- 2 (148)
Repayment of short term notes.................... (50) -- (737)
Proceeds from borrowings......................... -- 2,689 1,019
Repayment of borrowings.......................... -- (2,070) (791)
------- -------- --------
Net cash provided by financing activities...... 5,301 23,932 42,057
------- -------- --------
Net increase in cash and equivalents.............. 645 12,860 23,500
Cash and cash equivalents--beginning of period.... 518 1,163 14,023
------- -------- --------
Cash and cash equivalents--end of period.......... $ 1,163 $ 14,023 $ 37,523
======= ======== ========
Noncash investing and financing activities:
Common stock issued in exchange for stockholder
notes........................................... $ -- $ 541 $ 1,391
======= ======== ========
Liabilities settled for preferred stock.......... $ 810 $ -- $ --
======= ======== ========
Assets acquired under capital lease.............. $ -- $ 1,117 $ --
======= ======== ========
Equity issued for purchase of Receipt.com (Note
2), net of cash acquired........................ $ -- $ 13,385 $ --
======= ======== ========
Conversion of preferred stock into common stock.. $ -- $ -- $34,336
======= ======== ========
Supplemental disclosure of cash flow information--
cash paid during the period for interest......... $ 3 $ 132 $ 401
======= ======== ========


See notes to consolidated financial statements.

F-6


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
Years Ended December 31, 1998, 1999 and 2000

Note 1. Business and Significant Accounting Policies

Business. ValiCert, Inc. (the Company), incorporated on February 6, 1996,
develops and markets software products and services that provide infrastructure
to enable businesses to conduct valid, secure and provable transactions over
the Internet.

Principles of Consolidation. The consolidated financial statements include
the accounts of the Company and its wholly-owned subsidiaries. All intercompany
transactions and balances have been eliminated in consolidation.

Cash Equivalents. The Company considers all highly liquid debt instruments
purchased with a remaining maturity of three months or less to be cash
equivalents.

Property and Equipment. Property and equipment are stated at cost. Computer
software for internal use is capitalized and accounted for in accordance with
Statement of Position (SOP) 98-1, Accounting for the Costs of Computer Software
Developed or Obtained for Internal Use, issued by the American Institute of
Certified Public Accountants. No such software costs have been capitalized to
date. Depreciation and amortization on property and equipment are computed
using the straight-line method over the estimated useful lives of the assets
ranging from three to five years, or the lease term, as appropriate.

Goodwill. Goodwill related to the Receipt.com acquisition (Note 2) is being
amortized on a straight-line basis over five years.

Intangible Assets. Intangible assets, consisting of purchased technology and
acquired workforce, are related to the acquisition of Receipt.com (Note 2).
Amortization is recorded on a straight-line basis over a period of three years.

Impairment of Long-Lived Assets. The Company evaluates its long-lived assets
for impairment whenever events or changes in circumstances indicate that the
carrying amount of such assets, goodwill or other intangibles may not be
recoverable. Recoverability of assets to be held and used is measured by a
comparison of the carrying amount of an asset to future undiscounted net cash
flows expected to be generated by the asset. If such assets are considered to
be impaired, the impairment to be recognized is measured by the amount by which
the carrying amount of the assets exceeds the fair value.

Software Development Costs. Costs for the development of new software
products and substantial enhancements to existing software products are
expensed as incurred until technological feasibility has been established, at
which time any additional costs would be capitalized in accordance with
Statement of Financial Accounting Standards (SFAS) No. 86, Computer Software To
Be Sold, Leased or Otherwise Marketed. Because the Company believes its current
process for developing software is essentially completed concurrently with the
establishment of technological feasibility, no costs have been capitalized to
date.

Revenue Recognition. The Company's revenue recognition policy is consistent
with Statement of Position No. 97-2, Software Revenue Recognition, as amended.
License revenues are comprised of fees for the Company's software products.
Revenue from license fees is recognized when an agreement has been signed,
delivery of the product has occurred, the fee is fixed or determinable,
collectibility is probable and vendor-specific objective evidence exists to
allocate a portion of the total fee to any undelivered elements of the
arrangement. Fees from license arrangements that include a service element for
which vendor-specific objective evidence does not exist are recognized ratably
over the license term as transaction fees. For electronic delivery, the
software is considered to have been delivered when the Company has provided the
customer with the

F-7


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)

access codes that allow for immediate possession of the software. If the fee
due from the customer is not fixed or determinable, revenue is recognized as
payments become due. If collectibility is not considered probable, revenue is
recognized when the fee is collected.

Other service revenues are comprised of revenue from maintenance
arrangements, consulting fees, services and training. Maintenance arrangements
do not provide for specified upgrade rights and provide technical support and
the right to unspecified upgrades on an if-and-when available basis. Revenue
from maintenance arrangements is recognized on a straight-line basis as service
revenue over the life of the related agreement, which is typically one year. If
maintenance or consulting services are included in an arrangement that includes
a license agreement, amounts related to maintenance or consulting are allocated
based on vendor-specific objective evidence. Vendor-specific objective evidence
for maintenance and professional services is based on the price when such
elements are sold separately, or, when not sold separately, the price is
established by management having the relevant authority. Where discounts are
offered on multiple element arrangements, a proportionate amount of that
discount is applied to each element included in the arrangement based on each
element's fair value. Consulting, service and training revenue is recognized as
services are provided to the customer. Customer advances and amounts billed to
customers in excess of revenue recognized are recorded as deferred revenue.

Income Taxes. Income taxes are computed using an asset and liability
approach which requires recognition of deferred tax liabilities and assets, net
of valuation allowances, for the expected future tax consequences of temporary
differences between the financial statement carrying amounts and the tax bases
of assets and liabilities and net operating loss and tax credit carryforwards.

Stock Compensation. The Company accounts for stock-based awards to employees
using the intrinsic value method in accordance with Accounting Principles Board
Opinion No. 25, Accounting for Stock Issued to Employees. The Company complies
with the disclosure provision of SFAS No. 123, Accounting for Stock-Based
Compensation.

Net Loss per Common Share. Basic net loss per share excludes dilution and is
computed by dividing net loss by the weighted average number of common shares
outstanding for the period. This calculation excludes shares subject to
repurchase and under escrow. Diluted net loss per share was the same as basic
net loss per share for all periods presented. The effect of any potentially
dilutive securities was excluded as they are anti-dilutive because of the
Company's net losses.

Concentration of Credit Risk. Financial instruments that potentially expose
the Company to concentrations of credit risk consist primarily of cash and
equivalents, short-term investments and trade receivables. The Company limits
its exposure to concentration of credit risk with respect to cash and
equivalents and short-term investments by placing then in high quality
securities with major banks and financial institutions. The Company does not
require collateral or other security to support accounts receivable. To reduce
credit risk, management performs ongoing credit evaluations of its customers'
financial condition. The Company maintains allowances for potential credit
losses. As of December 31, 1999, two customers accounted for 23% and 17% of the
accounts receivable balance. As of December 31, 2000, one customer accounted
for 12% of the accounts receivable balance.

Financial Instruments. The Company's financial instruments include cash and
equivalents, notes receivable from stockholders and long-term debt. At December
31, 1999 and 2000, the fair value of these financial instruments approximated
their financial statement carrying amounts because of their short maturities or
because the stated interest rates approximate market rates.

Significant Estimates. The preparation of financial statements in conformity
with accounting principles generally accepted in the United States of America
requires management to make estimates and assumptions

F-8


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)

that affect the reported amounts of assets and liabilities. Management must
also disclose contingent assets and liabilities at the date of the financial
statements and the reported amounts of revenues and expenses during the
reporting period. Actual results could differ from these estimates.

Certain Significant Risks and Uncertainties. The Company operates in the
software industry, and accordingly, can be affected by a variety of factors.
Management believes that changes in any of the following areas could have a
significant negative effect on the Company in terms of its future financial
position, results of operations and cash flows; ability to attain
profitability; regulatory changes; fundamental changes in the technology
underlying software products; market acceptance of the Company's products under
development; development of sales channels; litigation or other claims against
the Company; the hiring, training and retention of key employees; successful
and timely completion of product development efforts; and defects in products.

Comprehensive Loss. The Company had no items of other comprehensive loss for
the years ended December 31, 1998, 1999 or 2000. Accordingly, net loss and
comprehensive loss are the same for all periods presented.

Recently Issued Accounting Standards. In June 1998, the Financial Accounting
Standards Board, or FASB, issued Statement of Financial Accounting Standards
No. 133, Accounting for Derivative Instruments and Hedging Activities ("SFAS
133"). SFAS 133 establishes new accounting and reporting standards for
derivative financial instruments and for hedging activities. SFAS 133 requires
the Company to measure all derivatives at fair value and to recognize them in
the balance sheet as an asset or liability, depending on the Company's rights
or obligations under the applicable derivative contract. In June 2000, the FASB
issued SFAS 138, Accounting for Certain Derivative Instruments and Certain
Hedging Activities--An Amendment to FASB Statement No. 133, which amended
certain provisions of SFAS 133. The amendments, among other things, allow
foreign-currency denominated assets and liabilities to qualify for hedge
accounting, permit the offsetting of selected interentity foreign currency
exposures that reduce the need for third-party derivatives and redefine the
nature of interest rate risk to avoid sources of ineffectiveness. The Company
is required to adopt the provisions of SFAS 133 and the corresponding
amendments of SFAS 138 on January 1, 2001. Management does not believe that the
adoption of these standards will have a material impact on the Company's
consolidated financial position, results of operations or cash flows.

In December 1999, the Securities and Exchange Commission issued Staff
Accounting Bulletin No. 101 ("SAB No. 101"), Revenue Recognition in Financial
Statements. SAB No. 101 provides guidance on the recognition, presentation and
disclosure of revenue in financial statements. SAB No. 101 outlines basic
criteria that must be met to recognize revenue and provides guidance for
disclosure related to revenue recognition policies. The Company was required to
implement SAB No. 101 in the fourth quarter of its fiscal year ending December
31, 2000. The provisions of SAB No. 101 did not have a material impact on the
Company's consolidated financial position or results of operations.

In March 2000, the FASB issued FASB Interpretation No. 44 ("FIN No. 44"),
Accounting for Certain Transactions Involving Stock Compensation--an
Interpretation of APB Opinion No. 25. FIN No. 44, effective July 1, 2000,
clarifies the application of APB No. 25 for matters including: the definition
of an employee for purposes of APB No. 25; the criteria for determining whether
a plan qualifies as a non-compensatory plan; the accounting consequence of
various modifications to the terms of a previously fixed stock option or award;
and the accounting for an exchange of stock compensation awards in a business
combination. The adoption of FIN No. 44 did not have a material impact on the
Company's consolidated financial position or results of operations.

Reclassification. Certain prior year amounts have been reclassified to
conform to current year presentation. These reclassifications had no effect on
net loss or shareholders' equity.

F-9


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


Note 2. Acquisition

On December 30, 1999, the Company acquired Receipt.com (Receipt), which is a
provider of secure data transfer software. The Company exchanged 2,096,137
shares of Series C preferred stock with a fair value of $4,213,000 and
2,182,139 shares of common stock with a fair value of $12,314,000 for all the
outstanding shares of Receipt. In addition, the Company converted outstanding
warrants and options to purchase Receipt common stock into options and warrants
to purchase 2,155,603 shares of common stock of the Company with an aggregate
fair value of $998,000. The fair value of the options and warrants converted
were determined using the Black-Scholes option pricing model with the following
assumptions: expected live of 3.5 years, risk-free interest rate of 6.07%,
volatility of 60% and no dividends during the expected term. For unvested
options that were converted, the fair value of $3,733,000, representing the
portion of the intrinsic value, was allocated to deferred compensation to be
amortized over the future service period. The aggregate fair value of the
transaction, which was accounted for as a purchase, was $17,649,000 assuming an
underlying fair value of $5.64 for the Company's common stock. Acquisition
costs were $124,000. Of the total shares issued under the agreement, 412,507
shares of the Series C preferred stock and common stock were held in escrow for
a period of one year from the closing as collateral for general representations
and warranties made by Receipt under the agreement. Any adjustment to the
shares held in escrow upon release will result in a change to previously
recorded goodwill. Assets acquired and liabilities assumed in the acquisition
were as follows (in thousands):



Tangible assets................................................... $ 1,855
In-process research and development............................... 2,780
Purchased technology.............................................. 1,833
Acquired workforce................................................ 433
Goodwill.......................................................... 12,491
Liabilities assumed............................................... (1,743)
-------
$17,649
=======


The allocation of the purchase price to the respective intangibles was based
on management's estimates of the after-tax cash flows. This allocation gave
explicit consideration to the Securities and Exchange Commission's view on
purchased in-process research and development as set forth in its September 9,
1998 letter to the American Institute of Certified Public Accountants.
Management's estimates gave consideration to the following: (i) the employment
of a fair market value premise excluding any Company-specific considerations
that could result in estimates of investment value for the subject assets; (ii)
comprehensive due diligence concerning all potential intangible assets; (iii)
the determination that none of the technology development had been completed at
the time of acquisition; and (iv) the allocation to in-process research and
development based on a calculation that considered only the efforts completed
as of the transaction date, and only the cash flow associated with these
completed efforts for one generation of the products currently in process.

The Company allocated $2.8 million to acquired in-process research and
development that had not reached technological feasibility as of the date of
the transaction. The acquired in-process research and development was
approximately 60% complete towards development of a system that captures the
digital signatures of the sender and receiver and provides a verifiable time
stamp for each transaction. The primary remaining efforts associated with the
development of the digital receipt technology included code completion in
several key areas. The key areas were management, reporting and access to
receipts in the server vault, application program interfaces and the completion
of a toolkit for developers who need to add digital receipt functionality to
their applications. The Company incurred approximately 30 person-months of
additional development since acquisition completing the initial development of
the digital receipt technology in March 2000.

F-10


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


The values assigned to the acquired in-process research and development was
determined by estimating the costs to develop the purchased in-process
technology into a commercially viable product, estimating the resulting net
cash flows from the product and discounting the net cash flows to their present
value. The revenue projections used to value the acquired in-process research
and development was based on estimates of relevant market sizes, growth
factors, expected trends in technology and other factors. Operating expenses
were estimated based on historical results and anticipated profit margins.

The rates utilized to discount the net cash flows to their present value
were based on cost of capital calculations. Due to the nature of the forecast
and risks associated with the projected growth, profitability and the
developmental nature of the product a discount rate of 27.5% was used to value
the in-process research and development. This discount rate was commensurate
with the stage of development and the uncertainties in the economic estimates
described above. If the acquired in-process research and development product is
not commercially successful, the Company's business, operating results and
financial condition may be materially adversely affected in future periods. In
addition, the value of other intangible assets acquired may become impaired.

The operating results of Receipt since the date of acquisition to December
31, 1999 were nominal. The unaudited pro forma results of operations shown
below (in thousands, except per share data) assumes that the acquisition took
place at the beginning of fiscal 1998:



1998 1999
-------- --------

Revenues.............................................. $ 993 $ 2,947
Net loss.............................................. $(10,497) $(17,845)
Basic and diluted loss per common share............... $ (3.92) $ (7.30)


The pro forma results of operations give effect to certain adjustments,
including amortization of purchased intangibles and goodwill. The $2,780,000
charge for acquired in-process technology has been excluded from the pro forma
results as it is a material nonrecurring charge.

The pro forma amounts are based on certain assumptions and estimates and do
not necessarily represent results which would have occurred if the acquisition
had taken place on the basis assumed above, nor are they indicative of results
of future combined operations.

Note 3. Short-Term Investments

Short-term investments at December 31, 1999 consisted of (in thousands):



Debt securities--available for sale (original maturities less
than one year).................................................. $3,031
Option to acquire equity securities--available for sale.......... 373
------
$3,404
======


At December 31, 1999, the cost of the investments approximated their fair
values. Gains and losses on investments are calculated using the specific
identification method.

At December 31, 2000, the Company did not have any short-term debt
investments. During 2000, the Company incurred a charge to write down the value
of the option to acquire equity securities to zero.

F-11


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


Note 4. Property and Equipment

Property and equipment consist of:



December 31,
----------------
1999 2000
------- -------
(in thousands)

Equipment.............................................. $ 3,762 $ 5,402
Furniture and fixtures................................. 253 1,001
Leasehold improvements................................. 824 1,421
Software............................................... 52 734
------- -------
4,891 8,558
Accumulated depreciation and amortization.............. (1,043) (3,141)
------- -------
$ 3,848 $ 5,417
======= =======

Note 5. Accrued Liabilities

Accrued liabilities consist of:


December 31,
----------------
1999 2000
------- -------
(in thousands)

Compensation and related benefits...................... $ 517 $ 2,241
Royalties.............................................. 86 682
Deferred rent.......................................... 47 973
Other.................................................. 735 1,922
------- -------
$ 1,385 $ 5,818
======= =======

Note 6. Short-Term Notes

In connection with the acquisition of Receipt (Note 2), the Company assumed
promissory notes for $670,000 repayable with interest at 10%. The Company
repaid those notes through April 2000.

Note 7. Long-Term Obligations

Long-term obligations consist of:


December 31,
----------------
1999 2000
------- -------
(in thousands)

Equipment finance obligation........................... $ 620 $ 438
Capital lease obligations (weighted average interest
rate of 15.4%)........................................ 1,164 968
Term loan.............................................. 142 72
Equipment financing line............................... 1,024 1,700
------- -------
2,950 3,178
Less current portion................................... 710 1,122
------- -------
$ 2,240 $ 2,056
======= =======


F-12


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


Loan and Security Agreement

The Company entered into a subordinated loan and security agreement with a
finance company that provides for borrowings which are secured by a first
priority perfected security interest in the assets of the Company. Borrowings
under the loan mature thirty-six months from the date of each borrowing. The
loan bears interest at 11%. Prepayments during the first twelve months of a
note will be subject to a penalty equal to 1.5% of the principal balance being
paid. The Company had equipment finance obligations of $620,000 and $438,000
and capital lease obligations of $1,117,000 and $920,000 outstanding under this
subordinated loan and security agreement at December 31, 1999 and 2000,
respectively.

The Company granted the finance company a warrant to buy 23,659 shares of
common stock at an exercise price of $5.43 per share expiring in five years
from the date of grant or upon the effectiveness of an initial public offering.
The fair value of the warrant of approximately $95,000 is being amortized to
interest expense over the period of the agreement. The fair value was
determined using the Black-Scholes model with the following assumptions:
expected life, 3.5 years; risk-free interest rate of 4.74%; volatility of 60%
and no dividends during the expected term.

Term Loan

In connection with the acquisition of Receipt (Note 2), the Company assumed
$142,000 due under a term loan bearing interest at the Federal Funds rate (5.5%
at December 31, 2000). The loan is payable in monthly installments of
approximately $6,000 through December 2001.

Equipment Financing Line

In December 1999, the Company entered into an equipment financing line with
a finance company that provides for borrowings up to $2,000,000, secured by the
assets acquired through the financing. In January 2000, the Company granted the
finance company a warrant to buy 9,950 shares of common stock at an exercise
price of $6.03 per share in connection with this equipment lease line. The
warrant expires seven years from the issuance date and had a fair value of
$29,000 which is being amortized over the financing term. The Company
determined the fair value of the warrant by using the Black-Scholes model with
the following assumptions: expected life of 3.5 years; risk-free interest rate
of 6.6%; volatility of 60%; and no dividends during the expected term.

Line of Credit

The Company entered into an agreement with a bank to borrow up to a maximum
$2,500,000 at an interest rate of one quarter percent over the prime rate
(9.75% at December 31, 2000). The terms of the revolving facility contain
requirements for meeting a predefined quick asset ratio of 2.5 and a tangible
net worth of $5 million. The line of credit is secured by the assets of the
Company. The Company had no amounts outstanding under this line of credit at
December 31, 1999 or 2000. The Company granted the bank a warrant to purchase
2,222 shares of common stock at an exercise price of $18.00 per share. The
warrant expires five years from the issuance date and had a fair value of
$29,000. The Company determined the fair value of the warrants by using the
Black-Scholes model with the following assumptions: expected life 3.5 years;
risk-free interest rate of 6.6%; volatility of 60%; and no dividends during the
expected term.

F-13


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


Annual maturities under the long-term obligations are as follows:



Capital
Fiscal Year Ending December 31, Leases Other Total
------------------------------- ------- ------ ------
(In thousands)

2001................................................ $ 493 $ 749 $1,242
2002................................................ 475 793 1,268
2003................................................ 188 632 820
2004................................................ -- 36 36
------ ------ ------
Total................................................. 1,156 $2,210 $3,366
====== ======
Amount representing interest.......................... 188
------
Present value......................................... 968
Current portion....................................... 373
------
Long-term portion..................................... $ 595
======


Equipment and leasehold improvements with a net book value of $1,191,000 and
$582,000 at December 31, 1999 and 2000 (net of accumulated amortization of
$183,000 and $534,000, respectively) had been leased under capital leases.

Note 8. Commitments and Contingencies

The Company leases its facilities under a noncancelable operating lease for
which rent expense is ratably recognized over the lease term. The Company
subleases certain office space with an expiration date of June 2001. In respect
of one of its leases, the Company is required to furnish an unconditional
irrevocable standby letter of credit for $1,000,000 as a security deposit. Rent
expense was approximately $1,049,000 and $3,180,000 in 1999 and 2000,
respectively. Rental income was $251,000 and $1,447,000 in 1999 and 2000,
respectively.

Future minimum payments under the Company's operating leases are:



Operating Sublease
Leases Income
--------- --------
(In thousands)

2001.................................................... $ 3,162 $640
2002.................................................... 3,173 --
2003.................................................... 2,551 --
2004.................................................... 2,638 --
2005.................................................... 2,725 --
Thereafter.............................................. 3,879
------- ----
Total................................................... $18,128 $640
======= ====


From time to time, the Company is a party to legal proceedings arising in
the normal course of its business. While it is not feasible to predict or
determine the outcome of these matters, the Company believes that the ultimate
resolution of these claims will not have a material adverse effect on its
financial position or results of operations.

F-14


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


Note 9. Redeemable Convertible Preferred Stock

The significant terms of the redeemable convertible preferred stock
outstanding at December 31, 1999 were as follows:

. Each share of preferred stock is convertible into 1/3 of a share of
common stock, at the option of the holder. Additionally, each share of
Series A-senior preferred stock is convertible into Series A-junior, at
the option of the holder, on a 1-to-1 conversion ratio. Each share of
preferred stock automatically converts into common stock upon the closing
of a public offering of common stock at a per share price of at least $5
with gross proceeds of at least $15,000,000 or upon the consent of the
holders of the majority of preferred stock.

. Each share of preferred stock has voting rights equivalent to the number
of shares of common stock into which it is convertible. Holders of Series
B and Series C preferred stock are entitled to receive noncumulative
dividends at the per annum rate of $0.032 per share and $0.100 per share,
respectively in preference to any payment of dividend on the Series A-
senior, Series A-junior and common stock. The holders of Series A-senior
are entitled to receive noncumulative dividends at the per annum rate of
$0.0075 per share in preference to payment of any dividend on Series A-
junior and common stock. The holders of Series A-junior are entitled to
receive dividends at the per annum rate of $0.0075 per share in
preference to any payment of any dividend on common stock. No dividends
on preferred stock have been declared by the Board from inception.

. In the event of any liquidation, dissolution or winding up, the holders
of Series B and Series C preferred stock are entitled to receive $0.63
per share and $2.01 per share, respectively, plus all declared but unpaid
dividends prior and in preference to any distribution to the holders of
Series A-senior, Series A-junior and common stock. Upon completion of the
initial distribution, the holders of Series A-senior are entitled to
receive $0.078 per share plus all declared but unpaid dividends prior and
in preference to any distribution to the holders of Series A junior and
common stock. Upon completion of the initial and secondary distributions,
the Series A junior are entitled to receive $0.50 per share plus declared
but unpaid dividends prior and in preference to any distribution to the
holders of common stock. Upon completion of the initial, secondary and
tertiary distributions, the holders of common stock are entitled to
receive the remaining assets of the Company.

. The convertible preferred shareholders have certain registration rights.
Simultaneously with the closing of the public offering, all the shares of
the Company's preferred stock were converted to common stock on a three-
for-one basis.

Note 10. Stockholders' Equity

Reverse Stock Split

In July 2000, the Company effected a three-for-one reverse stock split of
the outstanding shares of common stock in connection with its initial public
offering. All share and per share amounts in these consolidated financial
statements have been adjusted to give effect to the reverse stock split.

Initial Public Offering of Common Stock

In July 2000, the Company sold 4,000,000 shares of common stock in an
underwritten public offering and in August 2000 sold an additional 600,000
shares through the exercise of the underwriters' over-allotment option for net
proceeds of approximately $41.1 million at a price of $10.00 per share.

F-15


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


Restricted Stock

The Company has the right to repurchase the unvested portion of restricted
common stock exercised by employees under the 1998 stock plan at the original
purchase price. The Company's right to repurchase these shares expires over 48
months from the grant date. Additionally, certain officers and employees
exercised unvested stock options with full recourse notes. The notes bear
interest at 6% and mature five years from the loan date. The related shares of
common stock are subject to repurchase by the Company at the original purchase
price per share upon the purchaser's cessation of service prior to the vesting
of such shares. The restricted stock continues to vest in accordance with the
terms of the original stock option. At December 31, 2000, 1,116,083 outstanding
shares of such stock were subject to repurchase.

Warrants

During 1998, 1999 and 2000, the Company issued warrants to employees to
purchase 191,666, 316,666 and 50,000 shares of common stock at exercise prices
from $18.00 to $18.90 per share. Such warrants generally vest over a 42-month
or 48-month period and expire in 2009.

In connection with the acquisition of Receipt.Com, Inc., the Company assumed
a warrant to purchase 86,346 shares of common stock at $4.77 per share.

At December 31, 2000, the Company had 653,387 common stock warrants
outstanding with a weighted average exercise price of $16.44. These warrants
expire from 2007 to 2010. 332,851 warrants with a weighted average exercise
price of $14.15 were exercisable at December 31, 2000.

Deferred Stock Compensation

In connection with grants of stock options to employees and issuance of
options upon the acquisition of Receipt.com (Note 2), the Company recorded
deferred compensation of $6,005,000 and $4,161,000 in fiscal 1999 and 2000,
respectively, as the difference between the deemed fair value for accounting
purposes and the stock price as determined by the Board of Directors on the
date of grant. This amount has been presented as a reduction of stockholders'
equity and is being amortized to expense over the vesting period of the related
stock options (generally four years). Amortization of deferred stock
compensation for the years ended December 31, 1999 and 2000 was $162,000 and
$2,266,000, respectively. In 2000, terminated employees forfeited 206,215
options and the amount recorded as deferred stock compensation was reduced by
$475,000.

Employee Stock Purchase Plan

The Company has reserved and the stock holders have approved 333,333 shares
of common stock for issuance to eligible employees under the 2000 Stock
Purchase Plan (the Purchase Plan), which will be automatically increased on
January 1 of each year by 2% of the common stock then outstanding. Under the
Purchase Plan, eligible employees, subject to certain restrictions, may
purchase shares of common stock at a price equal to the lesser of 85% of the
fair market value at either the employee's entry date into the Plan or the date
of purchase. As of December 31, 2000, no shares have been issued under the
Purchase Plan.

Stock Incentive Plans

The Company has adopted several stock plans ("Plans") that provide for grant
of options and restricted stock to employees, consultants and directors.
Incentive stock options are granted at fair value as determined by the Board of
Directors at the date of grant, nonstatutory options may be offered at not less
than 85% of the fair market value. Options generally vest between three and
four years and have a maximum term of ten years. Under these Plans, the Company
was authorized to grant shares of the common stock and Series A-Junior
preferred stock. Upon the completion of the Company's initial public offering
on July 28, 2000, all options outstanding to purchase Series A Junior preferred
stock were converted on a three-for-one basis into options to acquire common
stock. The Company has reserved 3,494,828 shares of common stock for issuance
under the

F-16


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)

Plans. In addition, the number of shares reserved will automatically increase
on the first day of each fiscal year by an amount equal to the lessor of 5% of
the common stock outstanding on the last day of the preceding year, 2,448,333
shares, or a lesser number of shares determined by the board of directors. The
following table presents a summary of the stock option activity for the years
ended December 31, 1988, 1999 and 2000 as if the plans had been combined since
their inception.



Options Weighted Average
Available Number of Option Price
for Grant Options Per Share
---------- ---------- ----------------

Balance at January 1, 1998............ 598,527 1,149,102 $0.06
Authorized for grant.................. 2,000,000 -- --
Shares removed from the plan.......... (180,527) -- --
Granted (weighted average fair value
of $0.05)............................ (1,831,219) 1,831,219 0.21
Exercised............................. -- (214,157) 0.09
Canceled.............................. 58,667 (58,667) 0.24
---------- ---------- -----
Balances, December 31, 1998........... 645,448 2,707,497 $0.17
Authorized for grant.................. 2,642,357 -- --
Granted (weighted average fair value
of $1.24)............................ (1,103,907) 1,103,907 1.26
Assumed upon Receipt.com acquisition--
Note 2 (weighted average fair value
of $4.23)............................ (1,079,023) 1,079,023 1.85
Exercised............................. -- (2,350,816) 0.27
Canceled.............................. 71,371 (71,451) 0.33
---------- ---------- -----
Balances, December 31, 1999........... 1,176,246 2,468,160 $1.28
Authorized for grant.................. 1,333,333 -- --
Granted (weighted average fair value
of $3.37)............................ (2,431,497) 2,431,497 8.31
Exercised............................. -- (1,525,219) 1.95
Canceled.............................. 216,001 (216,001) 4.16
Shares repurchased and returned to the
plan................................. 42,308 -- --
---------- ---------- -----
Balances, December 31, 2000 .......... 336,391 3,158,437 $6.17
========== ========== =====
Options vested at December 31, 2000 337,561 $4.35
========== =====


Additional information regarding options outstanding as of December 31, 2000
is as follows:



Options Outstanding and Exercisable
----------------------------------------------------------
Range of Weighted Average
Exercise Number Remaining Contractual Weighted Average
Prices Outstanding Life (Years) Exercise Price
-------- ----------- --------------------- ----------------

$0.00-$1.97 472,211 7.9 $ 0.97
$1.98-$3.95 692,448 9.7 2.22
$3.96-$5.92 426,207 9.5 4.85
$5.93-$7.90 254,096 8.4 6.52
$7.91-$9.87 1,097,414 9.3 9.29
$9.88-$19.75 216,061 9.8 16.64
--------- --- ------
$0.00-$19.75 3,158,437 9.2 $ 6.17
========= === ======


During fiscal 1999 and 2000, 935,215 and 1,896,281 stock options with a
weighted average exercise price of $0.96 and $7.85 and a weighted average fair
value of $0.36 and $2.19 were issued at less than the estimated fair value at
the grant date, respectively.

F-17


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


SFAS No. 123, Accounting for Stock-Based Compensation, requires the
disclosure of pro forma net loss had the Company adopted the fair value method
as of the beginning of fiscal 1995. Under SFAS No. 123, the fair value of
stock-based awards to employees is calculated through the use of option pricing
models, even though such models were developed to estimate the fair value of
freely tradable, fully transferable options without vesting restrictions, which
significantly differ from the Company's stock option awards. These models also
require subjective assumptions, including future stock price volatility and
expected time to exercise, which greatly affect the calculated values. The
Company's calculations were made using the Black-Scholes option pricing model
with the following weighted average assumptions: expected life, generally five
years; risk free interest rate, 4.56% in 1998, 4.6% to 6% in 1999 and 6.5% in
2000; no dividends during the expected term, no volatility for grants prior to
the Company's initial public offering in July 2000 and volatility of 100%
thereafter. If the computed fair values of the 1998, 1999 and 2000 awards had
been amortized to expense over the vesting period of the awards, pro forma net
loss (net of amortization of deferred compensation expense already recorded for
the year ended December 31, 1999, as discussed above) would have been
approximately $4.03 million ($8.01 per basic and diluted share) in 1998, $12.89
million ($48.86 per basic and diluted share) in 1999 and $27.72 million ($2.70
per basic and diluted share) in 2000.

At December 31, 2000, the Company has reserved shares of common stock for
issuance as follows:



Issuance available under stock plans............................. 3,494,828
Issuance available under employee stock purchase plan............ 333,333
Exercise of warrants............................................. 653,387
---------
Total............................................................ 4,481,548
=========


Note 11. Net Loss Per Share

The following is a reconciliation of the numerators and denominators used in
computing basic and diluted net loss per share (in thousands):



Year Ended December 31,
---------------------------
1998 1999 2000
------- -------- --------

Net loss (numerator), basic and diluted........... $(3,990) $(12,802) $(28,327)
Shares (denominator):
Weighted average common shares outstanding...... 498 717 12,119
Weighted average common shares subject to
repurchase..................................... -- (454) (1,425)
Weighted average common shares held in escrow... -- (1) (412)
------- -------- --------
Shares used in computation, basic and diluted... 498 262 10,282
======= ======== ========
Net loss per share, basic and diluted............. $ (8.01) $ (48.86) $ (2.76)
======= ======== ========


F-18


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


For the above mentioned periods, the Company had securities outstanding
which could potentially dilute basic earnings per share in the future, but were
excluded from the computation of diluted net loss per share in the periods
presented, as their effect would have been antidilutive. Such outstanding
securities consist of the following:



Year Ended December
31,
----------------------
1998 1999 2000
------ ------ ------
(in thousands)

Convertible preferred stock, Series A-Senior,
Series B and Series C............................ 7,498 12,941 --
Shares of common stock subject to repurchase...... (1,587) (981) (1,116)
Outstanding options............................... 2,707 2,468 3,158
Warrants.......................................... 391 761 653
------ ------ ------
Total............................................. 9,009 15,189 2,695
====== ====== ======
Weighted average exercise price of options........ $ 0.16 $ 1.28 $ 6.17
====== ====== ======
Weighted average exercise price of warrants....... $ 9.37 $10.66 $16.44
====== ====== ======


Note 12. Income Taxes

The Company's deferred income tax assets are comprised of the following at
December 31:



1999 2000
------- --------
(in thousands)

Deferred tax assets:
Net operating loss carryforward......................... $ 7,515 $ 15,553
Accruals deductible in different periods................ 523 1,298
Deferred revenue........................................ 162 718
Credits................................................. 382 584
Depreciation and amortization........................... 319 (346)
------- --------
8,901 17,807
Less valuation allowance.................................. (7,998) (17,505)
------- --------
Deferred tax assets....................................... 903 302
Deferred tax liabilities--purchase intangibles............ (903) (302)
------- --------
Net deferred tax.......................................... $ -- $ --
======= ========


A reconciliation of the statutory federal income tax rate and the effective
income tax rate on pre-tax income is as follows:



1998 1999 2000
------ ------ ------

Statutory federal rate.......................... (35.00)% (35.00)% (35.00)%
Nondeductible charge for acquired in-process
technology..................................... -- 7.58 % --
Research and development tax credit............. (1.61) (2.98)% (2.06)
Goodwill amortization........................... -- -- 3.98
Other........................................... 0.30 0.85 0.12
Change in valuation allowance................... 36.31 29.55 32.96
------ ------ ------
Effective tax rate.............................. -- % -- % -- %
====== ====== ======


At December 31, 1999 and 2000, the Company has fully reserved its net
deferred tax assets of approximately $7,998,000 and $17,505,000, respectively,
to reduce them to amounts that are more likely than not to be realized.

F-19


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


At December 31, 2000, the Company has net operating loss (NOL) carryforwards
of approximately $40,760,000 and $23,850,000 for federal and state income tax
purposes, respectively. The federal NOL carryforwards expire from 2011 to 2020
while the state NOL carryforwards expire from 2001 to 2005.

At December 31, 2000, the Company also has research and development credit
carryforwards of approximately $302,000 and $280,000 available to offset future
federal and state income taxes, respectively. The federal credit carryforward
expires in 2020, while the state credit carryforward has no expiration.

The extent to which the loss and credit carryforwards can be used to offset
future taxable income and tax liabilities, respectively, may be limited,
depending on the extent of ownership changes within any three-year period.

Note 13. Related Party Transactions

An affiliate of one of the stockholders provides software development and
consulting services to the Company. Such services totaled $147,000, $682,000
and $561,000 for the years ended December 31, 1998, 1999 and 2000,
respectively. Software license revenues for fiscal 2000 include an aggregate of
$722,000 from four investors in the Company of which $46,000 was included in
the accounts receivable balance at December 31, 2000.

Note 14. Segment Information, Operations by Geographic Area and Significant
Customers

The Company operates primarily in one industry segment: the development and
marketing of internet cryptographic software products. Geographic revenue
information is based on the ship-to location of the customer. Geographic long-
lived asset information is based on the physical location of the assets at each
period end. No single country outside of the United States accounted for 10% or
more of long-lived assets. Geographic revenue information is as follows:



Years Ended December 31,
-------------------------------
1998 1999 2000
---- ------ -------
(in thousands)

United States................................ $60 $ 859 $ 5,710
Japan........................................ -- 164 1,960
United Kingdom............................... -- 272 745
Rest of the world............................ -- 340 3,413
--- ------ -------
$60 $1,635 $11,828
=== ====== =======


Significant Customers

During 1998, one customer accounted for 100% of total revenues; during 1999,
two customers accounted for 22% and 14% of total revenues; in 2000, no customer
accounted for more than 10% of total revenues.

Note 15. Employee Benefit Plan

The Company has a 401(k) tax-deferred savings plan, whereby eligible
employees may contribute a percentage of their eligible compensation (presently
from 2% to 20% up to the maximum allowed under IRS rules). Company
contributions are discretionary; no Company contributions have been made since
the inception of this plan.

F-20


VALICERT, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued)


Note 16. Selected Quarterly Financial Data (Unaudited)



June Sept. Dec.
Mar. 31, 30, 30, 31,
1999 1999 1999 1999
---------- ------- ------- -------
(in thousands, except per share
data)

Total revenues......................... $ 168 $ 251 $ 275 $ 941
Gross profit........................... 132 197 222 857
Operating loss......................... (1,771) (1,811) (2,585) (6,931)
Net loss............................... (1,764) (1,825) (2,437) (6,776)
Basic and diluted net loss per share... $(2,322.60) $ (9.55) $ (8.14) $(13.01)
Shares used in computation of basic and
diluted net loss per share............ 1 191 299 521

June Sept. Dec.
Mar. 31, 30, 30, 31,
2000 2000 2000 2000
---------- ------- ------- -------
(in thousands, except per share
data)

Total revenues......................... $ 1,876 $ 2,518 $ 3,287 $ 4,147
Gross profit........................... 682 954 1,297 1,797
Operating loss......................... (5,586) (7,068) (7,747) (8,538)
Net loss............................... (5,458) (7,080) (7,406) (8,383)
Basic and diluted net loss per share... $ (2.31) $ (2.69) $ (0.49) $ (0.40)
Shares used in computation of basic and
diluted net loss per share............ 2,364 2,633 15,189 20,940


F-21


SCHEDULE II

VALUATION AND QUALIFYING ACCOUNTS AND RESERVES
(In thousands)



Additions
----------
Balance at Charged to Balance
Beginning Costs and at End of
Description of Period Expenses Deductions Period
----------- ---------- ---------- ---------- ---------

Allowance for doubtful accounts:
Year Ended December 31, 1998...... $ -- -- -- $ --
Year Ended December 31, 1999...... $ -- 75 -- $ 75
Year Ended December 31, 2000...... $ 75 160 79 $156


IV-1


SIGNATURES

Pursuant to the requirements of Section 13 or 15(d) of the Securities
Exchange Act of 1934 the Registrant has duly caused this report to be signed
on its behalf by the undersigned, thereunto duly authorized, in the City of
Mountain View, County of Santa Clara, State of California, on the 2nd day of
April, 2001.

VALICERT, INC.

/s/ Joseph Amram
By: _________________________________
Joseph Amram
President and Chief Executive
Officer

POWER OF ATTORNEY

KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature
appears below hereby constitutes and appoints Joseph Amram and Timothy Conley,
and each of them, his true and lawful attorney-in-fact and agent, with full
power of substitution, each with power to act alone, to sign and execute on
behalf of the undersigned any and all amendments to this Report on Form 10-K,
and to perform any acts necessary in order to file the same, with all exhibits
thereto and other documents in connection therewith with the Securities and
Exchange Commission, granting unto said attorney-in-fact and agent full power
and authority to do and perform each and every act and thing requested and
necessary to be done in connection therewith, as fully to all intents and
purposes as he might or could do in person, hereby ratifying and confirming
all that said attorney-in-fact and agent, or their or his or her substitutes,
shall do or cause to be done by virtue hereof.

Pursuant to the requirements of the Securities Exchange Act of 1934, this
report has been signed by the following persons on behalf of the Registrant
and in the capacities and on the dates indicated:



Signature Title Date
--------- ----- ----


/s/ Joseph Amram President and Chief Executive April 2, 2001
_________________________________ Officer (Principal
Joseph Amram Executive Officer)

/s/ Timothy Conley Chief Financial Officer (Principal April 2, 2001
_________________________________ Financial and Accounting
Timothy Conley Officer)

/s/ Rajiv Dholakia Chief Technology Officer April 2, 2001
_________________________________
Rajiv Dholakia

/s/ Srinivasan Krishnan Chairman of the Board of April 2, 2001
_________________________________ Directors
Srinivasan Krishnan

/s/ Taher Elgamal Director April 2, 2001
_________________________________
Taher Elgamal

/s/ John Johnston Director April 2, 2001
_________________________________
John Johnston

/s/ Scott J. Loftesness Director April 2, 2001
_________________________________
Scott J. Loftesness

/s/ Magdalena Yesil Director April 2, 2001
_________________________________
Magdalena Yesil


/s/ Timothy Conley April 2, 2001
*By: ________________________
Timothy Conley
Attorney-in-Fact

IV-2


VALICERT, INC.

EXHIBITS
TO
FORM 10-K ANNUAL REPORT
FOR THE YEAR ENDED
DECEMBER 31, 2000



Exhibit
Number Description of Document
------- -----------------------

23.1 Consent of Deloitte & Touche LLP, Independent Accountants.
23.2 Consent of PricewaterhouseCoopers LLP, Independent Accountants.
24.1 Power of Attorney (see signature page).

- --------
* As filed with the Registrant's Registration Statement on Form S-1 (File No.
333-37020) on , 2000, as amended

IV-3