10-K 1 fire1231201210k.htm 10-K FIRE 12.31.2012 10K


UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
 
FORM 10-K
(Mark One)
ý
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
FOR THE FISCAL YEAR ENDED DECEMBER 31, 2012
¨
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
FOR THE TRANSITION PERIOD FROM              TO             
Commission File Number 1-33350
SOURCEFIRE, INC.
(Exact name of Registrant as Specified in its Charter)
 
 
 
Delaware
 
52-2289365
(State or Other Jurisdiction of
Incorporation or Organization)
 
(I.R.S. Employer
Identification No.)
 
 
9770 Patuxent Woods Drive
Columbia, Maryland
 
21046
(Address of Principal Executive Offices)
 
(Zip Code)
Registrant’s telephone number, including area code: (410) 290-1616
Securities registered pursuant to Section 12(b) of the Act:
 
 
 
Title of Each Class
 
Name of Exchange on Which Registered
Common Stock, $0.001 par value, including associated Series A
Junior Participating Preferred Stock Purchase Rights
 
NASDAQ Global Select Market
Securities registered pursuant to Section 12(g) of the Act:
none
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.    Yes  ¨    No  ý
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.    Yes  ¨    No  ý
Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    Yes  ý    No  ¨
Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).    Yes  ý    No  ¨
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information




statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.  ý
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. See definitions of “large accelerated filer,” “accelerated filer,” and “smaller reporting company” in Rule 12b-2 of the Exchange Act.
Large Accelerated Filer
 
ý
  
Accelerated Filer
 
¨
Non-Accelerated Filer
 
(Do not check if smaller reporting company)
  
Smaller reporting company
 
¨
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).    Yes  ¨    No  ý
As of June 30, 2012, the aggregate market value of the registrant’s Common Stock held by non-affiliates, based upon the closing sale price of the Common Stock on the NASDAQ Global Select Market on such date, was approximately $1.5 billion.
As of February 22, 2013, there were 30,670,141 outstanding shares of the registrant’s Common Stock. 
DOCUMENTS INCORPORATED BY REFERENCE
Certain portions of the definitive Proxy Statement to be used in connection with the registrant’s 2013 Annual Meeting of Stockholders are incorporated by reference into Part III of this Form 10-K to the extent stated. That Proxy Statement will be filed within 120 days of registrant’s fiscal year ended December 31, 2012.





SOURCEFIRE, INC.
Form 10-K
TABLE OF CONTENTS
 
 
 
PART I
 
Item 1.        
Business
Item 1A.
Risk Factors
Item 1B.
Unresolved Staff Comments
Item 2.
Properties
Item 3.
Legal Proceedings
Item 4.
Mine Safety Disclosures
 
 
PART II
 
Item 5.
Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Item 6.
Selected Financial Data
Item 7.
Management’s Discussion and Analysis of Financial Condition and Results of Operations
Item 7A.
Quantitative and Qualitative Disclosures About Market Risk
Item 8.
Financial Statements and Supplementary Data
Item 9.
Changes In and Disagreements With Accountants and Financial Disclosure
Item 9A.
Controls and Procedures
Item 9B.
Other Information
 
 
PART III
 
Item 10.
Directors, Executive Officers and Corporate Governance
Item 11.
Executive Compensation
Item 12.
Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
Item 13.
Certain Relationships and Related Transactions, and Director Independence
Item 14.
Principal Accountant Fees and Services
 
 
PART IV
 
 
 
 
Item 15.
Exhibits and Financial Statement Schedules
Signatures





References in this Annual Report on Form 10-K to “Sourcefire,” “we,” “us,” “our” or “the Company” refer to Sourcefire, Inc. and its subsidiaries, taken as a whole, unless a statement specifically refers to Sourcefire, Inc.

FORWARD-LOOKING STATEMENTS

This annual report contains both historical and forward-looking statements. All statements other than statements of historical fact are, or may be deemed to be, forward-looking statements. For example, statements concerning projections, predictions, expectations, estimates or forecasts and statements that describe our objectives, plans or goals are or may be forward-looking statements. These forward-looking statements reflect management's current expectations concerning future results and events and generally can be identified by use of expressions such as “may,” “will,” “should,” “could,” “would,” “predict,” “potential,” “continue,” “expect,” “anticipate,” “future,” “intend,” “plan,” “foresee,” “believe,” “estimate,” and similar expressions, as well as statements in future tense. These forward-looking statements include, but are not limited to, the following: 

expected growth in the markets for cybersecurity products and solutions;
our plans to continue to invest in and develop innovative technology and products for our existing markets and other security markets;
the timing of expected introductions of new or enhanced products and solutions;
our expectation of growth in our customer base and increasing sales to existing customers;
our plans to increase revenue through additional relationships with resellers, distributors, managed security service providers, government integrators and other partners;
our plans to grow international sales;
our plans to acquire and integrate new businesses and technologies;
our plans to hire more security professionals and broaden our knowledge base; and
our plans to hire additional sales personnel and the additional revenue we expect them to generate.
 

The forward-looking statements included in this annual report are made only as of the date of this annual report. We expressly disclaim any intent or obligation to update any forward-looking statements to reflect subsequent events or circumstances. Forward-looking statements involve known and unknown risks, uncertainties and other factors that may cause our actual results, performance or achievements to be different from any future results, performance and achievements expressed or implied by these statements. These risks and uncertainties include, but are not limited to, those discussed in Item 1A. Risk Factors of this annual report, as well as in Item 1. Business and Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations.
___________________________


Sourcefire, the Sourcefire logo, Snort, the Snort and Pig logo, ClamAV, FireAMP, FirePOWER, FireSIGHT, Agile Security and certain other trademarks and logos are trademarks or registered trademarks of Sourcefire, Inc. in the United States and other countries. This annual report also refers to the products or services of other companies or persons by the trademarks and trade names used and owned by those companies or persons.

1






PART I
Item 1.
BUSINESS
Overview
Sourcefire delivers intelligent cybersecurity technologies. Our comprehensive portfolio of solutions enables commercial enterprises and government agencies worldwide to manage and minimize cybersecurity risks. From our industry-leading next-generation network security platform to our advanced malware protection, Sourcefire provides customers with Agile Security® that addresses the need for more informed, adaptive, and automated security solutions to protect today’s dynamic information technology environments from constantly changing threats.
We sell our solutions to a diverse customer base that includes Global 2000 companies, global enterprises, U.S. and international government agencies and small and mid-size businesses. For the years ended December 31, 2012, 2011 and 2010, we generated approximately 67%, 75%, and 75% of our revenue from customers in the United States and 33%, 25%, and 25% from customers outside of the United States, respectively. We increased our total revenue from $165.6 million in 2011 to $223.1 million in 2012, representing an annual growth rate of 35%. For the year ended December 31, 2012, product revenue and services revenue represented 61% and 39% of our total revenue, respectively. We manage our operations on a consolidated basis for purposes of assessing performance and making operating decisions. Accordingly, we do not have reportable segments of our business.
Business Developments
Product Enhancements and New Product Markets
During 2012, we enhanced our core next-generation intrusion prevention system, or NGIPS, products and our next-generation firewall, or NGFW, products. In addition, we entered the advanced malware protection market with the launch of a new set of solutions. This included the introduction of:

Sourcefire 8290, 8270, & 7000 Series FirePOWER™ Appliances - the addition of these new models gives the FirePOWER Appliance family a performance range from 50 Mbps to 40+ Gbps of inspected throughput.

Sourcefire Virtual Next-Generation IPS with Application Control - provides advanced threat protection for virtualized environments along with application control, URL filtering and a virtual management console.

Sourcefire FireAMP® - an intelligent, enterprise-class malware discovery and analysis solution that analyzes and blocks malware through big data analytics.

Sourcefire FireAMP Mobile - a mobile device security product that identifies and remediates advanced malware using big data analytics.

Sourcefire FireAMP Virtual - protects VMware virtual instances from advanced malware and stops threats that bypass other security layers.

Advanced Malware Protection for FirePOWER - a comprehensive malware protection solution for networks that enables detection and blocking, continuous analysis and retrospective alerting and leverages cloud security intelligence.
Sales Channel Expansion
In 2012, we expanded our indirect sales channel by:
Increasing the number of partners in our indirect sales channel from 576 at December 31, 2011 to 738 at December 31, 2012.
Increasing the number of partner employees certified on our products from 343 at December 31, 2011 to 648 at December 31, 2012.

2




Our Industry
We expect that demand for enterprise network security equipment will continue to rise as organizations seek to address various growing and evolving security challenges, including:
Increasing Change of IT environments. Consumerization (bring your own device to work, or BYOD), mobilization, and virtualization are driving changes in IT environments and the rate of change is increasing. These trends have extended the network to include endpoints, mobile and virtual and spawned new attack vectors including web-enabled and mobile applications, hypervisors, social media and browsers. Malware writers are leveraging these attack vectors to access identity data, trade and classified secrets, intellectual property, and critical infrastructure.
Greater Sophistication, Severity and Frequency of Attacks. In contrast to the hobbyist hackers of the past, the last five years have seen “Industrialization of Hacking” which has spurred more menacing attacks. Today’s attackers are motivated by financial gain, theft of intellectual property and malicious disruption. These motivated attackers are employing much more sophisticated tools and techniques to generate profits for themselves and their well-organized and well-financed sponsors, including organized crime and nation states. Their attacks are increasingly difficult to detect and their tools often establish command and control points on compromised network assets with little or no discernible effect, facilitating future access to the assets, the data, and the networks on which they reside.
Diverse Demands on Security Administrators. Targeted security solutions such as firewalls, intrusion prevention systems, URL filters, spam filters and advanced malware protection are critical layers to enhancing security. However, they can create significant administrative burdens on personnel who must manage numerous disparate technologies that are seldom integrated and often difficult to use. Most security products require manual, labor-intensive incident response and investigation by security administrators, especially when “false positive” results are generated. Compounding these resource constraint issues, many organizations are increasingly challenged by the loss of key personnel as the demand for security experts has risen dramatically in traditional corporate settings, government agencies and a growing number of start-up security companies.
Heightened Government and Industry Regulation. Rapidly increasing government regulation mandates compliance with increased security requirements, escalating demand for solutions that both meet compliance requirements and reduce the burden of compliance reporting and enforcement. These regulations include the Payment Card Industry Data Security Standard, or PCI DSS, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, as well as the Sarbanes-Oxley Act of 2002 for risk management and the Federal Information Security Management Act, or FISMA, which is designed to protect national defense initiatives.
Our Vision
Due to the increasingly sophisticated and evolving nature of cybersecurity challenges, Sourcefire believes that the approach to cybersecurity must also evolve. The best solutions must be agile, based on a continuous process and supported by advanced technologies to better detect, analyze, prevent and remediate these attacks. Sourcefire calls this vision Agile Security.
Sourcefire’s Agile Security vision drives the innovation of our technology and solutions. This vision reflects the realities of today’s network and computer security disciplines and is grounded in four essential elements:
See .......Clarity and vision, reflecting the who, what, where reality of an environment, as it exists right now.
Learn ...Applying intelligence to raw data to improve understanding and decision-making.
Adapt ...Automatic evolution and modification of defenses in response to change.
Act ........Decisive, flexible, and automated responses to events.
Through a continuous process of See, Learn, Adapt and Act, solutions that enable Agile Security can deliver effective protection because they have the ability to respond to continuous change.

3




Our Approach

Given increasingly sophisticated, targeted and relentless attacks, Agile Security must span the full attack continuum - before, during and after an attack. Before an attack, defenders need comprehensive awareness and visibility of their extended network environment in order to implement appropriate policies and controls to defend it. During an attack, the ability to continuously detect the nature of the threat and block it is critical. After a successful attack, defenders need retrospective security to marginalize the impact of the attack by determining the scope of the attack, containing the threat, eliminating the risk of re-infection, and remediating the damage.

Sourcefire's portfolio of integrated solutions that span the network, endpoints, mobile and virtual as well as technologies that include big data analytics and cloud-based security intelligence, address the full attack continuum.
Our Products
Sourcefire’s portfolio of solutions and technologies designed to deliver Agile Security is comprised of hardware with embedded software, software and cloud-based solutions.
Network Security

The foundation for our network security solutions, our FirePOWER platform is a family of high-performance, energy-efficient, network security appliances with flexible deployment options that include NGIPS, NGFW and Advanced Malware Protection. Customers can enable the level of functionality required.

Sourcefire NGIPS (Next Generation Intrusion Prevention System) – Sourcefire’s NGIPS uses a flexible rules-based language for advanced threat protection. Sourcefire appliances equipped with Sourcefire NGIPS software can be placed in passive intrusion detection, or IDS, mode to notify users of network traffic or in inline mode to block threats. Our FireSIGHT® awareness technology provides real-time contextual awareness and full stack visibility. Intelligent security automation reduces the total cost of ownership and enables continuous security.

Sourcefire NGFW (Next Generation Firewall) – Sourcefire's NGFW offers application control integrated with Sourcefire’s industry-leading NGIPS and firewall capabilities in a universal, high-performance security appliance. The solution is designed to bring together control and effective prevention in a flexible, high-performance agile engine to satisfy the larger need for complete enterprise visibility, adaptive security, and advanced threat protection.

Optional security licenses includes Application Control for detailed control of client and web based applications; URL Filtering for filtering of URL's by site or reputation; and Advanced Malware Protection for FirePOWER to detect and block malware on the network.

Sourcefire SSL Appliance – The Sourcefire SSL Appliance decrypts SSL traffic for inspection by network security appliances, allowing security teams to eliminate blind spots and monitor SSL traffic for embedded attacks and data leakage.

Sourcefire Virtual Appliance The Sourcefire Virtual Appliance extends our network security capabilities to environments where physical appliances are impractical. Sourcefire offers security solutions for VMware, Citrix (Xen) and Red Hat (KVM) virtual environments. These appliances inspect communications between different virtual machines residing on the same box, providing the same control and protection as their physical counterparts.
Advanced Malware Protection

Today's attackers are taking a comprehensive view of IT environments and using new attack vectors to accomplish their missions to gather data or simply to destroy. Sourcefire has entered the emerging advanced malware protection market with solutions to protect against malware targeting the network, endpoints, mobile and virtual. These solutions can be deployed separately or together for comprehensive coverage and they leverage big data analytics and cloud-based security intelligence to quickly identify and defeat malware along the full attack continuum.
FireAMP FireAMP is an intelligent, enterprise-class advanced malware protection solution that uses big data analytics to discover, understand and block advanced malware outbreaks. FireAMP delivers the visibility and control needed to stop threats missed by other security layers, prevent reinfection and remediate retrospectively. FireAMP Mobile protects against mobile malware. FireAMP Virtual protects against malware targeting virtual machines.

4





Advanced Malware Protection for FirePOWER – AMP for FirePOWER provides protection against sophisticated network malware, advanced persistent threats, or APTs, and targeted attacks by enabling continuous visibility, analysis and control before, during and after an attack. Available as standalone solution, or as an add-on subscription license for NGIPS or NGFW, eliminating the need for limited-purpose malware appliances.
Management
Sourcefire Defense Center® The Defense Center unifies the critical security functions of the Sourcefire next-generation network security platform using FireSIGHT awareness technology to correlate and prioritize event data with network and user awareness. Through this powerful management tool, customers can conduct forensic analysis, trends analysis, reporting and alerting. Customers can control multiple Sourcefire appliances from a single management console while aggregating and analyzing security and compliance events from across the organization. The Defense Center is highly scalable and extensible, providing application programming interfaces, or APIs, to interoperate with a variety of third-party systems, such as firewalls, routers, log management, Security Information Event Management, or SIEMs, trouble ticketing, patch management systems and other technologies. The Sourcefire Virtual Defense Center provides the same monitoring and management controls as its physical counterpart. To centrally manage Sourcefire's advanced malware protection solutions, FireAMP Console provides management, deployment, policy configuration and reporting for desktop systems and mobile devices.
Our Open Source Projects
Sourcefire embraces open source technology as a means to fuel collaboration and innovation in the security industry. Marked by accelerated development and a community of experts that continually reviews, tests and proposes improvements, these technologies deliver high-quality, affordable solutions.
Sourcefire manages some of the world’s most respected open source security initiatives, including:
Snort® – The traffic inspection engine used in our intrusion prevention system is the open source technology called Snort. Snort uses a rule-driven language which combines the benefits of signature, protocol, and anomaly-based inspection methods. Snort has become the de facto industry standard for intrusion prevention. We believe that most Fortune 100 companies and 30 of the largest U.S. government agencies use Snort technology to monitor network traffic and that Snort is the most widely deployed intrusion prevention technology worldwide. Because of its wide availability, Snort is also the standard intrusion technology used in colleges and universities worldwide to teach network security.
ClamAV® – ClamAV is one of the most commonly used open source anti-malware products in the world. Renowned for its speed and accuracy, ClamAV has been integrated within leading enterprise solutions to identify deeply embedded threats such as viruses, trojans, spyware and other forms of malware.
Razorback – Established in August 2010, Razorback is an innovative open-source project that addresses complex threat detection and protection, including deep file inspection and defense coordination. This project is intended to provide enterprise defense teams with an open source detection platform for developing the kinds of detection necessary to combat ‘advanced persistent threats’, or APTs, and client-side attacks in conjunction with their existing security technologies.
Our Services
In addition to our commercial product offerings and open source projects, we also offer the following services to aid our customers and partners with installing and supporting our solutions:
Sourcefire Customer Support – Sourcefire’s customer support is designed to ensure customer satisfaction with Sourcefire products. Sourcefire’s comprehensive support services include online technical support, over-the-phone support, hardware repair and advanced replacement, and ongoing software updates to Sourcefire products.
Sourcefire Professional Services – Sourcefire offers a variety of professional services solutions to provide customers and partners with best practices for planning, installing, configuring and managing all components of the Sourcefire product portfolio and applying the security intelligence gained from Sourcefire products for incident response. The Sourcefire Professional Services Team provides individualized, highly concentrated attention that gives organizations a “running start” and lasting knowledge transfer.
Sourcefire Education & Certification – Sourcefire offers a variety of training programs to use Sourcefire commercial or open source security solutions. Sourcefire training includes instructor-led and custom classes delivered at various locations around the world, onsite at customer premises, and online. Security professionals can achieve certifications for proprietary Sourcefire products as well as open source Snort.

5




Our Competitive Strengths
We are a leading provider of products and services that support Agile Security, enabling our customers to protect their IT environments in an intelligent, effective, and highly automated manner. Our competitive strengths include:
Advanced Protection. Sourcefire’s innovative and industry-leading technologies have been demonstrated, through third party tests, to provide the best protection available against both client-side and server-side attacks. In a world with dynamically evolving threats, targeted attacks, and advanced persistent threats, the ability to customize protection is a requirement. Based on the flexibility of Snort, customers can create their own custom rules and signatures to protect their unique environments.
Comprehensive Network and User Intelligence. Sourcefire’s FireSIGHT awareness technology provides real-time persistent visibility into the composition, behavior, topology (the relationship of network components), and risk profile of the network, as well as the correlation of security and network events with specific users. The ability to continuously and passively discover characteristics and vulnerabilities of practically any computing device communicating on a network enables Sourcefire NGIPS and NGFW to more precisely identify and block threatening traffic and to more efficiently classify threatening or suspicious behavior. Correlation and context provide automatic decision-making and automated policy enforcement and tuning to resolve security and compliance events more quickly and easily.
Intelligent Security Automation. Our solutions are designed to adapt to constant change with intelligent automation. Automated impact assessment and policy tuning enable customers to evolve and modify defenses for their unique environment based on intelligence gained before, during and after an attack, despite limited resources or lack of expertise.
Real-Time Approach to Security. Our approach to security enables our customers to secure their environments by providing real-time defense against both known and unknown threats. Our solutions are designed to support a continuum of security functions that span pre-attack hardening of assets, high fidelity attack identification and disruption and real-time compromise detection and incident response. This real-time approach is critical for protection across the full attack continuum.

Retrospective Security. We believe we offer the leading technology able to retrospectively understand the scope of a compromise and deliver actionable intelligence to manually or automatically clean up all affected devices based on customers' specific policies. Because today's advanced malware can disguise itself as safe, pass through defenses unnoticed and later exhibit malicious behavior, this is an important capability to minimize damage after an attack and remediate it.
Leading-Edge Performance. Our solutions are built to maintain high performance across the network while also providing high levels of network security. Specifically, our FirePOWER hardware acceleration technology delivers 10 Gbps of threat inspected throughput with latency in the microseconds, and up to 40 Gbps of threat inspected throughput and up to 80 Gbps throughput of packet filtering when stacked. Our NGIPS technology incorporates advanced traffic processing functionality, including packet acquisition, protocol normalization and target-based traffic inspection, which yields increased inspection precision and efficiency and enables more granular inspection of network traffic. Our next generation network security platform deploys a single-pass, hardware-accelerated design to afford maximum scalability, threat effectiveness, performance and security.
The Open Source Community. Since our founding in 2001, we have been a staunch advocate for open source security solutions. Over the years, this has developed into a key competitive distinction. We manage the security industry’s leading open source initiative, Snort, which was first published in 1998 by Sourcefire founder, interim Chief Executive Officer and Chief Technology Officer, Martin Roesch, and has become the de facto standard for intrusion detection and prevention. We also manage the ClamAV and Razorback open source security initiatives. These solutions form the foundation of our commercial product offerings which we extend by including enterprise-class features, manageability, scalability, performance, and support. We believe that the combined open source user communities of Snort, ClamAV and Razorback, along with our collective security intelligence, provide us with significant benefits, including a broad threat intelligence network, significant research and development leverage, and a large pool of security experts that are skilled in the use of our technologies. These communities enable us to more cost-effectively test new algorithms and concepts on a vast number of diverse networks and significantly expedite the process of product innovation. We believe that the broad acceptance of these products makes us one of the most trusted sources of security solutions.
Security Industry Intelligence. The Sourcefire VRT is a group of leading edge network security experts who proactively discover, assess and respond to the latest trends in hacking activities, intrusion attempts and vulnerabilities. Some of the most renowned security professionals in the industry, including the authors of several standard security reference books, are members of the Sourcefire VRT. This team is also supported by the vast resources of the open source Snort and ClamAV communities and our community of cloud-based users, making it the largest group dedicated to advances in the network security industry. The VRT’s research and insights into network security are published on http://vrt-sourcefire.blogspot.com/. Information appearing on this website is not incorporated by reference in and is not a part of this annual report.

6




Our Growth Strategy
Our goal is to become the preeminent provider of commercial and open source cybersecurity solutions on a global basis by:
Expanding the breadth of, and our leadership in, security solutions. Sourcefire is expanding its product and service portfolio by creating purpose-built solutions to address specific market and user problems. In 2011 and 2012 we launched two innovative solutions into two adjacent markets – next generation firewalls and advanced malware protection. Over time we expect to further penetrate these and additional markets with innovative products and technologies. By leveraging the intelligence from the open source community, we believe that we have more visibility into threats worldwide, and that we will be able to continue our leadership position in providing users access to the latest information on current threats and ways to protect their organizations against them.

Growing our international presence. International expansion is a key initiative and we continue to increase our international head count to support our expansion into new territories, to manage our growing network of channel partners and to meet the growing demand for our solutions.

Expanding relationships with partners, resellers, distributors, MSSPs and government integrators. We intend to expand our indirect sales channel, both internationally and domestically, to create a more leveraged sales model. We have established our Global Security Alliance Channel program to strengthen channel reseller relationships and support them through meaningful programs, including higher margin participation, training, and marketing activities. We are making investments in our partners and our objective is to continue to increase the percentage of channel-influenced revenue.

Continuing to develop innovative security technology; evaluating selective adjacent market technologies for partnering or potential acquisition. We intend to maintain and enhance our technological leadership position in network, advanced malware, and cloud-based security. We will continue to invest significantly in internal development and product enhancements and to recruit, train, develop and retain experienced security professionals to broaden our proprietary knowledge base.
Awards and Certifications
We have received numerous industry awards and certifications since January 1, 2012, including:
Leader in Security Effectiveness with 99% detection and protection and exceptional throughput; Sourcefire 8260, 8250 and 8120 appliances individual product test results, NSS Labs Inc., April 2012.

‘Five-Star Rating’ by Everything Channel Partner Program Guide, April 2012. For the third consecutive year, the Sourcefire Channel Program was recognized for its Global Security Alliance Program.

'Protector of the Year' by SC Magazine Australia, May 2012. Sourcefire was honored for doing the most to protect its users' online presences from attacks with the Sourcefire NGIPS.

Leader in IPS Security Effectiveness and Total Cost of Ownership, Security Value Map for IPS, NSS Labs, July 2012.

Named to the DoD Unified Capabilities Approved Products List, August, 2012. The Sourcefire NGIPS successfully completed Interoperability (IO) and Information Assurance (IA) certification.

Named “One of 12 Hot Companies to Watch,” by Federal Computer Week, September 2012.

Common Criteria Certification by the National Information Assurance Partnership, September 2012. Sourcefire’s FirePOWER Appliances, NGIPS, Virtual NGIPS and Defense Center were evaluated and certified using the Common Methodology for IT Security Evaluation for conformance to the Common Criteria.

Leader in NGFW Security Effectiveness; FirePOWER 8250 NGFW achieved 99% protection, superior performance and total cost of ownership, Sourcefire Individual Product Test Results, NSS Labs Inc., October 2012.
Customers
We provide products and services to a broad spectrum of customers and organizations within diverse industry sectors,

7




including some of the world’s largest financial institutions, health care providers, IT companies, telecommunication companies and retailers, as well as U.S. and other national, state and local government agencies.
For the year ended December 31, 2012, one customer, a distributor of our products to the U.S. government, EC America, a subsidiary of immixGroup, accounted for 19% of total revenue. For the year ended December 31, 2011, two customers, a distributor of our products to the U.S. government, EC America, a subsidiary of immixGroup, and a distributor of our products, Fishnet Security, accounted for 18% and 11%, respectively, of total revenue. For the year ended December 31, 2010, two customers, a distributor of our products to the U.S. government, immixTechnology, a subsidiary of immixGroup, and a distributor of our products, Fishnet Security, accounted for 16% and 11%, respectively, of total revenue.
Sales and Marketing
We market and sell our appliances, software and services to our customers primarily through our global network of resellers, distributors, MSSPs, government integrators and other partners.
Sales. Our sales organization is organized into two geographic regions: the U.S. and International. We maintain sales offices in North America, Europe, Latin America and Asia. Our sales personnel are responsible for market development, including managing our relationships with resellers and distributors, assisting them in winning and supporting key customer accounts and acting as liaisons between the end customers and our marketing and product development organizations. We employ dedicated, regional channel managers to support partner sales and activities. We are also investing in the capacity of our international sales and channel personnel to provide expanded levels of support throughout Europe, Latin America, and the Asia/Pacific region.
Each sales organization is supported by experienced security engineers who are responsible for providing pre-sales technical support and technical training for the sales team and for our resellers, distributors and other partners. All of our sales personnel are responsible for lead follow-up and account management. Our sales personnel have quota requirements and are compensated with a combination of base salary and earned commissions.
Our indirect sales channel, comprised primarily of resellers and distributors, is supported by our sales force, including dedicated channel managers, with substantial experience in selling cybersecurity products to, and through, resellers and distributors. We maintain a global network of value-added resellers and distributors. Our arrangements with our resellers and distributors are non-exclusive, generally cover all of our products and services, and provide for appropriate discounts based on a variety of factors, including their transaction volume. We also provide our resellers and distributors with marketing assistance, technical training and support.
Marketing. Our marketing activities consist primarily of product marketing, product management and sales support programs. Marketing also includes public relations, social media, advertising, our corporate website, trade shows, and direct marketing. Our marketing programs are designed to build the Sourcefire brand, increase customer awareness, generate leads and communicate our product advantages. We also use our marketing programs to support the sale of our products through new channels and to new markets.
Research and Development
Our research and development efforts are focused both on improving and enhancing our existing network security products and on developing new products, features and functionality. We communicate with our customers and the open source community when considering product improvements and enhancements, and we regularly release new versions of our products incorporating these improvements and enhancements.
Research & Development Team. Our Research and Development Team is comprised of highly skilled and experienced security and network experts. The team encompasses the full lifecycle of product concept, design, development, integration, quality assurance testing, deployment, maintenance and support. Our development experts focus on the FirePOWER platform, Sourcefire security products, as well as manage the administration and testing of the open source Snort, Clam AV and Razorback initiatives. The development is performed in the United States and, for our advanced malware protection solutions, in the United States and Canada.
Cloud Technology Group. The Cloud Technology Group focuses on the research and development of next generation cloud-based security technologies. This includes the development of advanced malware protection, cloud-delivered security intelligence, and a broader cloud-security platform.
Vulnerability Research Team. Our VRT is comprised of leading security experts working to proactively discover, assess and respond to the latest network threats and security vulnerabilities. By gathering and analyzing this information, our VRT

8




creates and updates Snort rules, ClamAV signatures, advanced malware file analysis and security tools that are designed to identify, characterize and defeat attacks. The VRT also supports FireAMP’s file analysis that provides detailed information on malware behavior.
Our VRT participates in extensive collaboration with hundreds of network security professionals in the Snort, ClamAV, and Sourcefire user communities and other security authorities to learn of new vulnerabilities and exploits. Because of the knowledge and experience of our VRT personnel, as well as its extensive coordination with the open source community, we believe that we have access to one of the largest and most sophisticated groups of IT security experts researching vulnerabilities and threats on a real-time basis.
Our research and development expense was $41.6 million, $33.1 million, and $18.8 million for the years ended December 31, 2012, 2011 and 2010, respectively.
Backlog
While it is our practice to promptly ship our products upon receipt of properly finalized purchase orders, we generally have product license orders that have not shipped as of the end of a particular period. In the ordinary course of our business, such orders are generally shipped within 30 days. Although the amount of such product license orders varies, we do not believe the amount of such orders, as of any particular date, is a reliable indicator of our future performance.
Manufacturing and Suppliers
We typically hold limited inventory. We utilize two principal contract equipment manufacturers to source components, assemble, integrate and test our appliances and to ship those appliances to our customers. The two principle contract manufacturers give us manufacturing presence in North America, Latin America, Europe and Asia. In addition, we utilize a third contract manufacturer to design and integrate some of our software and hardware components for use in the high-performance models of our appliances. Our agreements with these contract manufacturers are non-exclusive and subject to expiration at the end of terms ranging from one to three years. We would be faced with the burden, cost and delay of having to qualify and contract with a new supplier if any of these agreements expire or terminate for any reason.
Intellectual Property
To protect our intellectual property, both domestically and abroad, we rely primarily on patent, trademark, copyright and trade secret laws. We hold 23 issued patents and have dozens of patent applications pending for examination in the U.S. and foreign jurisdictions. The claims for which we have sought patent protection relate to methods and systems we have developed for intrusion detection and prevention and anti-malware detection used in our solutions. In addition, we utilize contractual provisions, such as license agreements with our partners and customers, non-disclosure and non-compete agreements with our employees and consultants, and confidentiality procedures to strengthen our protection.
Despite our efforts to protect our intellectual property, unauthorized parties may attempt to copy aspects of our products or obtain and use information that we regard as proprietary. While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States, and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties.
Seasonality
Our business is subject to seasonal fluctuations. For a discussion of seasonality affecting our business, see Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations — Results of Operations — Seasonality.
Competition
The market for cybersecurity solutions is intensely competitive and we expect strong competition to continue in the future. Many of our competitors have longer operating histories, greater brand recognition, stronger relationships with strategic channel partners, larger technical staffs, established relationships with hardware vendors and/or greater financial, technical and marketing resources and other market advantages. Increasingly, commoditized security protection is offered by third parties at significant discounts to our prices or, in some cases is bundled for free. Potential customers may perceive our products as less valuable or even unnecessary if similar functionality is available at a significant discount or free.
Large companies may have advantages over us because of their longer operating histories, greater brand name recognition, larger customer bases or greater financial, technical and marketing resources. As a result, they may have greater

9




resources to devote to the promotion and sale of their products.
Our principal competitors are set forth below:
Network Security. In the market for network security, including intrusion prevention and next generation firewall, our chief competitors generally fall within the following categories:
large companies, including Cisco Systems, Inc., IBM Corporation, HP Corporation, Check Point Software Technologies, Ltd. and Intel Corporation as a result of its acquisition of McAfee, Inc., that sell competitive products and offerings;
software or hardware network infrastructure companies that could integrate features that are similar to our products into their own products;
smaller software companies offering applications for network and Internet security monitoring, detection, prevention or response; and
small and large companies offering point solutions that compete with components of our product offerings.
Advanced Malware Protection. Sourcefire has entered the emerging advanced malware protection market. Sourcefire’s solutions complement existing endpoint and network security products to protect from threats that may bypass these existing defenses. In the advanced malware protection market, our chief competitors are large established endpoint protection market players and new entrants in an emerging network-based advanced malware protection market. New market entrants consist primarily of venture-backed point product companies with a singular focus and aggressive sales and marketing efforts.
Several companies currently sell security software products that our customers and potential customers have broadly adopted. Some of these companies sell products that perform the same functions as some of our products. In addition, the vendors of operating system software or networking hardware may enhance their products to include functions similar to those that our products currently provide.
We believe that the principal competitive factors affecting the market for information security solutions include security effectiveness, manageability, technical features, performance, ease of use, price, scope of product offerings, professional services capabilities, distribution relationships and customer service and support. We believe that our solutions generally compete favorably with respect to such factors.
Employees
As of December 31, 2012, we had 599 employees, of whom 182 were engaged in product research and development and 259 were engaged in sales and marketing. Our current employees are not represented by a labor union and are not the subject of a collective bargaining agreement. We believe that we have good relations with our employees.
Corporate Information
We were incorporated in Delaware in 2001. We completed our initial public offering in March 2007. Our executive offices are located at 9770 Patuxent Woods Drive, Columbia, Maryland 21046, and our main telephone number is (410) 290-1616.
Available Information
Our Internet address is www.sourcefire.com. We provide free of charge on the Investor Relations page of our corporate web site access to our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended, as soon as reasonably practicable after they are electronically filed with or furnished to the Securities and Exchange Commission, or SEC. Information appearing on our website is not incorporated by reference in and is not a part of this annual report.

10





Item 1A.
RISK FACTORS
Set forth below and elsewhere in this Annual Report on Form 10-K and in other documents we file with the SEC are risks and uncertainties that could cause actual results to differ materially from the results contemplated by the forward-looking statements contained in this Annual Report on Form 10-K. Because of the following factors, as well as other variables affecting our operating results, past financial performance should not be considered as a reliable indicator of future performance, and investors should not use historical trends to anticipate results or trends in future periods.
Risks Relating to Our Business, Operations and Industry
Adverse economic, market and political conditions may negatively affect our revenue and results of operations.
Our business depends significantly on a range of factors that are beyond our control. These include:
general economic and business conditions;
the overall demand for network security products and services and other security products and services; and
constraints on budgets and changes in spending priorities of corporations and government agencies.
The U.S. and global economies have experienced a period of prolonged economic weakness, including a reduction in business confidence and activity, reduced capital spending, a lack of availability of credit, high unemployment and disruptions in financial markets. These and other factors have affected, and in the future may affect, one or more of the industries or geographies to which we sell our products and services. Our customers include, but are not limited to, financial institutions, defense contractors, health care providers, information technology companies, telecommunications companies and retailers. These customers may suffer from reduced operating budgets, which could cause them to defer or forego purchases of our products or services. In addition, negative effects on the financial condition of our resellers and distributors could affect their ability or willingness to market our product and service offerings; negative effects on the financial condition of our product manufacturers could affect their ability to manufacture our products; and declines in economic and market conditions could impair our short-term investment portfolio. Any of these developments could adversely affect our revenue and results of operations.
Federal and state governmental agencies have contributed to our revenue growth and have become important customers for us. If we cannot attract sufficient government agency customers, our revenue and competitive position will suffer. If U.S. Government Agencies reduce spending levels for network security programs, it could have a negative effect on our revenue and results of operations.
Federal and state governments have become important customers for us. There can be no assurance that we will maintain or grow our revenue from these customers. Contracts with the U.S. federal and state government agencies collectively accounted for 20%, 21% and 25% of our total revenue for the years ended December 31, 2012, 2011 and 2010, respectively.
Our reliance on government customers subjects us to a number of risks, including:
Budgetary Constraints and Cycles. Demand and payment for our products and services are impacted by public sector budgetary cycles and funding availability. Reductions or delays in funding, including reductions or delays caused by the failure to pass a budget, automatic spending cuts, continuing resolutions or other temporary funding arrangements, could adversely impact public sector demand for our products. As of the date of this annual report, the U.S. federal government has not adopted a budget for its fiscal year ending September 30, 2013 and is operating under a continuing budget resolution. If U.S. Government Agencies reduce spending levels for network security programs, it may negatively affect our sales to the federal government for the year ended December 31, 2013, and negatively affect our results of operations;
Procurement. Contracting with public sector customers is highly competitive and can be expensive and time-consuming, often requiring that we incur significant upfront time and expense without any assurance that we will win a contract;
Modification or Cancellation of Contracts. Public sector customers often have contractual or other legal rights to terminate current contracts for convenience or due to a default. If a contract is canceled for convenience, which can occur if the customer’s product needs change, we may only be able to collect for products and services delivered prior to termination. If a contract is canceled because of our default, we may only be able to collect for products and alternative products and services delivered to the customer;
Governmental Audits. National governments and state and local agencies routinely investigate and audit government contractors’ administrative processes. They may audit our performance and pricing and review our compliance with applicable rules and regulations. If they find that we improperly allocated costs, they may require us to refund those costs or may refuse to pay us for outstanding balances related to the improper allocation. An unfavorable audit could

11




result in a reduction of revenue, and may result in civil or criminal liability; and
Replacing Existing Products. Many government agencies already have installed network security products of our competitors. It can be very difficult to convince government agencies or other prospective customers to replace their existing network security solutions with our products, even if we can demonstrate the superiority of our products.
We face intense competition in our markets, especially from larger, better-known companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
The market for our products and services is intensely competitive and we expect competition to increase in the future. We may not compete successfully against our current or potential competitors, especially those with significantly greater financial resources or brand name recognition. Our chief competitors currently include: large software companies; software or hardware network infrastructure companies; smaller software companies offering applications for network and Internet security monitoring, detection, prevention or response; and small and large companies offering point solutions that compete with components of our product offerings.
For example, Cisco Systems, Inc., IBM Corporation, HP Corporation, Intel Corporation, as a result of its acquisition of McAfee, Inc., and Check Point Software Technologies, Ltd. have intrusion detection or prevention technologies that compete with our network security product offerings. Similarly, several large and small companies have anti-malware and endpoint protection products that compete with our FireAMP® product. In addition, our Next Generation Firewall product competes with both new and traditional firewall vendors.
Large companies may have advantages over us because of their longer operating histories, greater brand name recognition, larger customer bases, broader product portfolios, or greater financial, technical and marketing resources. They also have greater resources to devote to the promotion and sale of their products than we have. In addition, in some cases our competitors have aggressively reduced, and could continue to reduce, the price of their security monitoring, detection, prevention and response products, managed security services, maintenance and support services, and other security services and products which intensifies pricing pressures within our market. Moreover, in some cases, customers may make purchasing decisions based primarily on price rather than product functionality.
In addition, the vendors of operating system software or networking hardware may enhance their products to include functions similar to those that our products provide. The widespread inclusion of features comparable to our software in operating system software or networking hardware could render our products less competitive or obsolete, particularly if such features are of a high quality. Even if security functions integrated into operating system software or networking hardware are more limited than those of our products, a significant number of customers may accept more limited functionality to avoid purchasing additional products such as ours.
One of the characteristics of open source software is that anyone can offer new software products for free under an open source licensing model in order to gain rapid and widespread market acceptance. Such competition can develop without the degree of overhead and lead time required by traditional technology companies. It is possible for new competitors with greater resources than ours to develop their own open source security solutions, potentially reducing the demand for our solutions. We may not be able to compete successfully against current and future competitors. Competitive pressure and/or the availability of open source software may result in price reductions, reduced revenue, reduced operating margins and loss of market share, any one of which could seriously harm our business.
New competitors could emerge and could impair our sales.
New sources of competition for sales of our products could emerge. These include:
emerging companies as well as larger companies who have not previously entered the market for network intrusion detection and prevention products, next generation firewall products or advanced malware protection products;
established companies that develop their own network intrusion detection and prevention products, next generation firewall products or advanced malware protection products;
established companies that acquire or establish product integration, distribution or other cooperative relationships with our current competitors; and
new competitors or alliances among competitors that emerge and rapidly acquire significant market share due to factors such as greater brand name recognition, a larger installed customer base and significantly greater financial, technical, marketing and other resources and experience.


12





Our quarterly operating results are likely to vary significantly and be unpredictable, in part because of the purchasing and budget practices of our customers, which could cause the trading price of our stock to decline.
Our operating results have historically varied significantly from period to period, and we expect that they will continue to do so as a result of a number of factors, most of which are outside of our control, including:
the budgeting cycles, internal approval requirements and funding available to our existing and prospective customers for the purchase of network security products;
reductions or delays in funding for projects by U.S. federal and state government agencies, for example the reductions and delays in spending that have resulted, and may continue to result, from the failure of the U.S. federal government to adopt a budget for its fiscal year ending September 30, 2013,
the timing, size and contract terms of orders received, which have historically been highest in the third and fourth quarters, but may fluctuate seasonally in different ways;
the effect of one or more large orders on our operating results for a particular quarter and the effect of such large order or orders on comparisons of operating results for subsequent quarters;
the level of perceived threats to network security, which may fluctuate from period to period;
the level of demand for products sold by resellers, distributors, MSSPs, government integrators and other partners;
the market acceptance of open source software solutions;
the announcement or introduction of new product offerings by us or our competitors, and the levels of anticipation and market acceptance of those products;
price competition;
general economic conditions, both domestically and in our foreign markets;
the product mix of our sales; and
the timing of revenue recognition for our sales.
In particular, the network security technology procurement practices of many of our customers have had a measurable influence on the historical variability of our operating performance. Our prospective customers usually exercise great care and invest substantial time in their network security technology purchasing decisions. As a result, our sales cycles are long, generally between six and twelve months or sometimes longer, which further impacts the variability of our results. Additionally, many of our customers have historically finalized purchase decisions in the last weeks or days of a quarter. A delay in even one large order beyond the end of a particular quarter can substantially diminish our anticipated revenue for that quarter. In addition, many of our expenses must be incurred before we generate revenue. As a result, the negative impact on our operating results would increase if our revenue fails to meet expectations in any period.
The cumulative effect of these factors may result in larger fluctuations and unpredictability in our quarterly operating results than in the operating results of many other software and technology companies. This variability and unpredictability could result in our failing to meet the revenue or operating results expectations of securities industry analysts or investors for a particular period. If we fail to meet or exceed such expectations for these or any other reasons, the market price of our shares could fall substantially, and we could face costly securities class action suits as a result. Therefore, you should not rely on our operating results in any quarter as being indicative of our operating results for any future period, nor should you rely on other expectations, predictions or projections of our future revenue or other aspects of our results of operations.
We achieved profitability on an annual basis for the first time in 2009, which we may not be able to maintain.
We incurred operating losses each year from our inception in 2001 through 2008. We achieved profitability on an annual basis for the first time in 2009. Maintaining profitability will depend in large part on our ability to generate and sustain increased revenue levels in future periods. Although our revenue has generally been increasing, there can be no assurances that we will maintain or increase our level of profitability. Our operating expenses may continue to increase as we seek to expand our customer base, increase our sales and marketing efforts and continue to invest in research and development of our technologies and products. These efforts may be more costly than we expect and we may not be able to increase our revenue to offset our operating expenses. If we cannot increase our revenue at a greater rate than our expenses, we will not remain profitable.
If we do not continue to establish and effectively manage our indirect distribution channels, or if our resellers, distributors and other partners fail to perform as expected, our revenue could suffer.
As part of our growth strategy, we have expanded, and intend to continue to expand, our indirect distribution channel. Our ability to sell our network security software and other products in new markets and to increase our share of existing

13




markets will be impaired if we fail to manage or expand our indirect distribution channels. Our sales strategy involves the establishment of multiple distribution channels domestically and internationally through strategic resellers, distributors, MSSPs, government integrators and other partners. We cannot predict the extent to which these companies will be successful in marketing or selling our products. In addition, our agreements with these companies could be terminated on short notice, and the agreements do not prevent these companies from selling the network security software of other companies, including our competitors. Any distributor of our products could give higher priority to other companies’ products or to their own products than they give to ours, which could cause our revenue to decline. There is also a risk that some or all of our resellers, distributors and other partners may be acquired, change their business models or go out of business, any of which could adversely affect our business.
We are subject to risks of operating internationally that could impair our ability to grow our revenue abroad.
We market and sell our products in the United States and internationally, and we plan to increase our international sales presence. Therefore, we are subject to risks associated with having worldwide operations. Sales to customers located outside of the United States accounted for 33%, 25% and 25% of our total revenue for the years ended December 31, 2012, 2011 and 2010, respectively. The expansion of our existing operations and entry into additional worldwide markets will require significant management attention and financial resources. We are also subject to a number of risks customary for international operations, including:
economic or political instability in foreign markets;
greater difficulty in accounts receivable collection and longer collection periods;
difficulties and costs of staffing and managing foreign operations;
import and export controls;
the uncertainty of protection for intellectual property rights in some countries;
compliance with tax laws in multiple jurisdictions;
the failure to realize expected tax benefits associated with our international operations;
changes in regulatory or tax requirements;
costs of compliance and penalties for noncompliance with foreign laws and laws applicable to companies doing business in foreign jurisdictions;
costs of compliance and penalties for noncompliance with laws and regulations regarding consumer and data protection, privacy and encryption;
management communication and integration problems resulting from cultural differences and geographic dispersion; and
foreign currency exchange rate fluctuations.
To date, a substantial portion of our sales have been denominated in U.S. dollars, although the majority of our expenses that we incur in our international operations are denominated in local currencies. To date, we have not used risk management techniques or “hedged” the risks associated with fluctuations in foreign currency exchange rates. As a result, our results of operations are subject to losses from fluctuations in foreign currency exchange rates.
The market for network security products is rapidly evolving, and the complex technology incorporated in our products makes them difficult to develop. If we do not accurately predict, prepare for and respond promptly to technological and market developments and changing customer needs, our competitive position and prospects could be harmed.
The market for network security products is expected to continue to evolve rapidly. Moreover, many customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt increasingly complex enterprise networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. In addition, computer hackers and others who try to attack networks employ increasingly sophisticated techniques to gain access to and attack systems and networks. Customers look to our products to continue to protect their networks against these threats in this increasingly complex environment without sacrificing network efficiency or causing significant network downtime. The software in our products is especially complex because it needs to effectively identify and respond to new and increasingly sophisticated methods of attack, without impeding the high network performance demanded by our customers. Although the market expects speedy introduction of software to respond to new threats, the development of these products is difficult and the timetable for commercial release of new products is uncertain. Therefore, in the future we may experience delays in the introduction of new products or new versions, modifications or enhancements of existing products. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing and introducing on a timely basis new and effective products, upgrades and services that can respond adequately to new security threats, our competitive position and business prospects will be harmed.

14





If our new products and product enhancements do not achieve sufficient market acceptance, our results of operations and competitive position could suffer.
We spend substantial amounts of time and money to research and develop new products and enhance versions of our open source and proprietary commercial products. In 2012 and 2011, we developed and introduced new products in two adjacent markets, the next generation firewall market and the advanced malware protection market. In addition, we introduced new versions of our next generation intrusion prevention system products. We introduce new products and incorporate additional features, improve functionality or add other enhancements to our existing products in order to meet our customers’ rapidly evolving demands for security in our highly competitive industry. When we develop a new product or an advanced version of an existing product, we typically expend significant money and effort upfront to develop, market, promote and sell the new offering. Therefore, when we develop and introduce new or enhanced products, they must achieve high levels of market acceptance in order to justify the amount of our investment in developing and bringing the products to market.
Our new products, including our next generation firewall products and advanced malware protection products, or enhancements could fail to attain sufficient market acceptance for many reasons, including:
reluctance of customers to incur the costs of purchasing and implementing new products or product enhancements;
delays in introducing new, enhanced or modified products;
defects, errors or failures in any of our products;
inability to operate effectively with the networks of our prospective customers;
inability to protect against new types of attacks or techniques used by hackers;
negative publicity about the performance or effectiveness of our network security products;
reluctance of customers to purchase products based on open source software; and
disruptions or delays in the availability and delivery of our products, including products from our contract manufacturers.
If our new products or enhancements do not achieve adequate acceptance in the market, our competitive position could be impaired, our revenue will be diminished and the effect on our operating results may be particularly acute because of the significant research, development, marketing, sales and other expenses we incurred in connection with the new product.
If existing customers do not make subsequent purchases from us or renew their support arrangements with us, or if our relationships with our largest customers are impaired, our revenue could decline.
For the years ended December 31, 2012, 2011 and 2010, existing customers that purchased additional products and services from us, whether for new locations or additional technology to protect existing networks and locations, generated a majority of our total revenue. Part of our growth strategy is to sell additional products to our existing customers. We may not be effective in executing this or any other aspect of our growth strategy. Our revenue could decline if our current customers do not continue to purchase additional products from us. In addition, as we deploy new versions of our existing products or introduce new products, our current customers may not require the functionality of these products and may not purchase them.
We also depend on our installed customer base for future service revenue from annual maintenance fees. Our maintenance and support agreements typically have durations of one year. If customers choose not to continue their maintenance service or seek to renegotiate the terms of maintenance and support agreements prior to renewing such agreements, our revenue may decline.
Defects, errors or vulnerabilities in our products could harm our reputation and business and divert our resources.
Because our products are complex, they may contain defects, errors or vulnerabilities that are not detected until after our commercial release and installation by our customers. We may not be able to correct any errors or defects or address vulnerabilities promptly, or at all. Any defects, errors or vulnerabilities in our products could result in:
expenditure of significant financial and product development resources in efforts to analyze, correct and eliminate defects, to address and eliminate vulnerabilities or to create alternative solutions;
loss of existing or potential customers;
delayed or lost revenue;
failure to timely attain or maintain market acceptance;
increased service, warranty, product replacement and product liability insurance costs; and
negative publicity, which could harm our reputation.

15




In addition, because our products and services provide and monitor network security and may protect valuable information, we could face claims for product liability, tort or breach of warranty. Anyone who circumvents our customers’ security measures using our products could misappropriate the confidential information or other valuable property of, or interrupt the operations of, our customers. If that happens, affected customers or others could sue us. In addition, we may face liability for breaches of our product warranties or product failures. Provisions in our contracts relating to warranty disclaimers and liability limitations may be deemed by a court to be unenforceable. Some courts, for example, have found contractual limitations of liability in standard computer and software contracts to be unenforceable in some circumstances. Defending a lawsuit, regardless of its merit, could be costly and divert management attention from the operation of our business. Our business liability insurance coverage may be inadequate or future coverage may be unavailable on acceptable terms or at all.
Our networks, products and services may be subject to intentional disruption.
As a leading network security solutions company, we are a high profile target for cyberattacks. We expect our networks, products and services to be targeted by attacks specifically designed to disrupt our business and harm our reputation. Experienced computer programmers may attempt to penetrate our networks, information systems and websites and impede the performance of our products, cause interruptions of our services or misappropriate information. Although we believe we have sufficient controls in place to prevent disruption and misappropriation, and to respond to such situations, we expect efforts to intentionally disrupt our networks, products and services to continue. If these efforts are successful, our operations could be disrupted, our business could be significantly affected as a result of harm to our reputation, and we could suffer monetary and other losses.
We have acquired, and in the future may acquire, additional businesses, products or technologies as part of our long-term growth strategy, and such acquisitions may not ultimately be successful or may not result in expected strategic benefits.
In December 2010, we acquired Immunet Corporation. We may seek to buy or make investments in additional complementary or competitive businesses, products or technologies as part of our long-term growth strategy. We may not be successful in making these additional acquisitions. We may face competition for acquisition opportunities from other companies, including larger companies with greater financial resources. We may incur substantial expenses in identifying and negotiating acquisition opportunities, whether or not completed.
Acquisitions may not result in the expected strategic benefits, and completed acquisitions, including our acquisition of Immunet Corporation, could negatively affect our operating results and financial position because of the following and other factors:
the Immunet acquisition was dilutive to our earnings per share for the years ended December 31, 2012 and 2011 and any acquisitions we complete in the future may also be dilutive to our earnings;
in connection with our acquisition of Immunet Corporation, for the years ended December 31, 2012 and 2011 we recognized expenses for the amortization of intangible assets, employee retention payments and stock-based compensation expense and this and other acquisitions may result in substantial accounting charges for restructuring and other expenses, write-offs of in-process research and development, write-offs of goodwill, amortization of intangible assets and stock-based compensation expense;
we may not effectively integrate an acquired business, product or technology into our existing business and operations;
completing a potential acquisition and integrating an acquired business into our existing business could significantly divert management’s time and resources from the operation of our business;
acquired companies, particularly privately held and non-U.S. companies, may have internal controls, policies and procedures that do not meet the requirements of the Sarbanes-Oxley Act of 2002 and public company accounting standards;
we may use a significant portion of our cash resources to fund acquisitions; and
we may issue stock to fund acquisitions, which could dilute the interests of our existing stockholders.
In the future, we may not be able to secure financing necessary to make acquisitions or to operate and grow our business as planned.
In the future, we may need to raise additional funds to make acquisitions or to expand our sales and marketing and research and development efforts. Additional equity or debt financing may not be available on favorable terms, or at all. If adequate funds are not available on acceptable terms, we may be unable to take advantage of acquisition or other opportunities or to fund the expansion of our sales and marketing and research and development efforts, which could seriously harm our business and operating results. If we issue debt, the debt holders could have rights senior to common stockholders to make claims on our assets and the terms of any debt could restrict our operations, including our ability to pay dividends on our common stock. Furthermore, if we issue additional equity securities, stockholders would experience dilution, and the new

16




equity securities could have rights senior to those of our common stock.
If other parties claim commercial ownership rights to Snort®, Razorback or ClamAV®, our reputation, customer relations and results of operations could be harmed.
While we created a majority of the current Snort code base, Razorback code base and ClamAV code base, a portion of the current code for each of Snort, Razorback and ClamAV was created, or in the future may be created, by the combined efforts of Sourcefire and the open source software community, and a portion was created, or in the future may be created, solely by the open source community. We believe that the portions of the Snort code base, Razorback code base and ClamAV code base created by anyone other than us are required to be licensed by us pursuant to the GNU General Public License, or GPL, which is how we currently license Snort and ClamAV. There is a risk, however, that a third party could claim some ownership rights in Snort, Razorback or ClamAV, attempt to prevent us from commercially licensing Snort, Razorback or ClamAV in the future (rather than pursuant to the GPL as currently licensed) or claim a right to licensing royalties. Any such claim, regardless of its merit or outcome, could be costly to defend, harm our reputation and customer relations or result in our having to pay substantial compensation to the party claiming ownership.
We rely on software licensed from other parties, the loss of which could increase our costs and delay delivery of our products.
We utilize various types of software licensed from unaffiliated third parties. For example, we license MySQL database software that we use in our products. Our agreement with Oracle Corporation permits us to distribute MySQL software on our products to our customers worldwide until June 30, 2014. Our agreement with Oracle gives us the unlimited right to distribute MySQL software in exchange for a one-time lump-sum payment. We believe that the MySQL agreement is material to our business because we have spent a significant amount of development resources to allow the MySQL software to function in our products. If we were forced to find replacement database software or replacements for any of the other software we license from others for our products, our business would be disrupted and we could be required to expend significant resources, and there would be no guarantee that we would be able to procure the replacement on the same or similar commercial terms and conditions, or at all.
Additionally, we would be required to either redesign our products to function with software available from other parties or develop these components ourselves, which could result in increased costs and could result in delays in our product shipments and the release of new product offerings. Furthermore, we might be forced to limit the features available in our current or future products. If we fail to maintain or renegotiate any of these software licenses, we could face significant delays and diversion of resources in attempting to license and integrate a functional equivalent of the software.
Our inability to hire or retain key personnel, or to effectively manage headcount increases, could impair our intended growth.
Our business is dependent on our ability to hire, retain, motivate and manage highly qualified personnel, including senior management and sales and technical professionals. In particular, as part of our growth strategy, we have expanded, and intend to continue to expand the size of our sales force domestically and internationally and have hired, and expect to continue to hire, additional engineering, customer support and professional services personnel. However, competition for qualified engineering and services personnel is intense, and if we are unable to attract, train or retain the number of highly qualified sales, engineering and services personnel that our business needs, our reputation, customer satisfaction and potential revenue growth could be seriously harmed. To the extent that we hire personnel from competitors, we may also be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information. Our intended future growth may also place a significant strain on our management, financial, personnel and other resources.
In addition, our future success will depend to a significant extent on the continued services of our executive officers and senior personnel. Although we have adopted retention plans applicable to certain of these officers, there can be no assurance that we will be able to retain their services. The loss of the services of one or more of these individuals could adversely affect our business and could divert other senior management time in searching for their replacements.
The inability to effect a smooth transition to a new Chief Executive Officer could harm our business.
As previously disclosed, John C. Burris, our former Chief Executive Officer, retired on October 1, 2012 and passed away on October 19, 2012. Our efforts to identify and retain a permanent Chief Executive Officer are ongoing. A search for a permanent Chief Executive Officer may take longer than we expect, and there can be no assurance that we will be able to attract a permanent Chief Executive Officer on acceptable terms. Even if we are able to hire a qualified successor, the search process and transition period may be difficult to manage, may cause concerns from current and potential customers and other third parties with whom we do business, may result in operational disruptions during such time that could adversely affect our

17




business and may result in a drop in our stock price. In addition, we may incur substantial costs in connection with the transition, including the fees of the executive search firm we have retained to assist us in identifying Chief Executive Officer candidates and the cash and equity compensation for a new Chief Executive Officer.
Our business is subject to corporate governance, public disclosure, accounting and tax requirements that have increased both our costs and the risk of noncompliance.
Because our common stock is publicly traded, we are subject to the rules and regulations of federal, state and financial market exchange entities, such as the Public Company Accounting Oversight Board, the SEC, and the Nasdaq stock exchange, that are charged with the protection of investors and the oversight of companies whose securities are publicly traded. Our efforts to comply with these rules and regulations have resulted in, and are likely to continue resulting in, increased general and administrative expenses and diversion of management time and attention from revenue-generating activities to compliance activities.
We completed our evaluation of our internal controls over financial reporting for the fiscal year ended December 31, 2012 as required by the Sarbanes-Oxley Act of 2002. Although our assessment, testing and evaluation resulted in our conclusion that as of December 31, 2012, our internal controls over financial reporting were effective, we cannot predict the outcome of our testing in future periods. If our internal controls are ineffective in future periods, our business and reputation could be harmed. We may incur additional expenses and commitment of management’s time in connection with further evaluations, either of which could materially increase our operating expenses.
Because new and modified laws, regulations and standards are subject to varying interpretations in many cases due to their lack of specificity, their application in practice may evolve over time as new guidance is provided by
regulatory and governing bodies. This evolution may result in continuing uncertainty regarding compliance matters and additional costs necessitated by ongoing revisions to our disclosure and governance practices.
Any material disruption or problem with the operation of our information systems may adversely impact our business, operating processes and internal controls.
The efficient operation of our business is dependent on the successful operation of our information systems. In particular, we rely on our information systems to process financial information, manage inventory and administer our sales transactions. In recent years, we have experienced considerable growth in transaction volume and headcount, and we are increasingly relying upon international resources in our operations. Our information systems need to be sufficiently scalable to support the continued growth of our operations and the efficient management of our business. In an effort to improve the efficiency of our operations, achieve greater automation and support the growth of our business, we have implemented an enterprise resource planning, or ERP, system and a customer resource management, or CRM, system.
These information systems may not work as we currently intend. Any material disruption or similar problems with the operation of our information systems could have a material negative effect on our business and results of operations. In addition, if our information system resources are inadequate, we may be required to undertake costly modifications and the growth of our business could be harmed.
Potential uncertainty resulting from unsolicited acquisition proposals and related matters may adversely affect our business.
In the past we have received, and in the future we may receive, unsolicited proposals to acquire our company or our assets. The review and consideration of acquisition proposals and related matters could require the expenditure of significant management time and personnel resources. Such proposals may also create uncertainty for our employees, customers and business partners. Any such uncertainty could make it more difficult for us to retain key employees and hire new talent, and could cause our customers and business partners to not enter into new arrangements with us or to terminate existing arrangements. Additionally, we and members of our board of directors could be subject to future lawsuits related to unsolicited proposals to acquire us. Any such future lawsuits could become time consuming and expensive. These matters, alone or in combination, may harm our business.
Risks Relating to Our Intellectual Property and Litigation
Our products contain open source software, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products.
Like many other technology companies, we use and distribute “open source” software in order to expedite development of new products and features. Open source software is generally licensed by its authors or other third parties under “open source” licenses, including, for example, the GNU General Public License, or GPL, the GNU Lesser Public License, or LGPL,

18




the BSD License and the Apache License. This open source software includes, without limitation, Snort, ClamAV, Linux Kernel, Apache HTTP Server, OpenSSL and Perl. These license terms may be ambiguous, in many instances have not been interpreted by the courts and could be interpreted in a manner that results in unanticipated obligations regarding our products. Depending upon how the open source software is deployed by our developers and the underlying licenses are interpreted by the courts, we could be required to offer our products that use the open source software for no cost, make available the source code for modifications or derivative works, or secure an additional license to the underlying patent rights. Any of these obligations could have an adverse impact on our intellectual property rights and revenue from products incorporating the open source software.
Our use of open source software could also result in us developing and selling products that infringe third-party intellectual property rights. It may be difficult for us to accurately determine the developers of the open source code and whether the code incorporates proprietary software or otherwise infringes another party’s intellectual property rights (including patent rights). We have processes and controls in place that are designed to address these risks and concerns, including a review process for screening requests from our development organizations for the use of open source software. However, we cannot be sure that all open source software is submitted for approval prior to use in our products.
We also have processes and controls in place to review the use of open source software in the products developed by companies that we may acquire. Even if we conduct due diligence prior to completing an acquisition, the acquired products or technologies may nonetheless include open source software that was not identified during the initial due diligence. Our ability to commercialize products or technologies of any companies we may acquire that incorporate open source software or to otherwise fully realize the anticipated benefits of any such acquisition may be restricted in the same manner as if the open source software had been incorporated into our own products.
Our intellectual property rights may be difficult to enforce, which could enable others to compete with us or to copy or use aspects of our products without compensating us.
We rely primarily on a combination of copyright, trademark, patent and trade secret laws, confidentiality procedures and contractual provisions to establish and protect our proprietary rights in our technology. However, the steps we have taken to protect our proprietary rights and technology may not deter its misuse, theft or misappropriation. Competitors may independently develop technologies or products that are substantially equivalent or superior to our products or that inappropriately incorporate our proprietary technology into their products. Our products incorporate open source Snort software, which is readily available to the public. To the extent that our proprietary software is included by others in what are purported to be open source products, it may be difficult and expensive to enforce our intellectual property rights in such software. Competitors also may hire our former employees who may misappropriate our proprietary technology.
In addition, from time to time, we become aware that users of our security products may not have paid adequate license, technical support, or subscription fees to us. However, some jurisdictions may not provide an adequate legal infrastructure for effective protection or enforcement of our intellectual property rights. Furthermore, changing legal interpretations of liability for unauthorized use of our software or lessened sensitivity by corporate, government or institutional users to refraining from intellectual property piracy or other infringements of intellectual property could also harm our business.
In limited instances we have agreed to place, and in the future may agree to place, source code for our proprietary software in escrow. In most cases, the escrowed source code may be made available to certain of our customers and partners in the event that we were to file for bankruptcy or materially fail to support our products in the future. Release of our source code upon any such event would increase the likelihood of misappropriation or other misuse of our software. We have rarely agreed to source code escrow arrangements in the past and usually only in connection with prospective customers considering a significant purchase of our products and services.
If we are unable to protect our intellectual property rights in our technologies, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create competitive technologies. As a result, litigation may be necessary to enforce and protect our intellectual property rights.
Efforts to assert intellectual property ownership rights in our products could impact our standing in the open source community, which could limit our product innovation capabilities.
If we were to undertake actions to protect and maintain ownership and control over our intellectual property rights, our standing in the open source community could be diminished. This could in turn limit our ability to rely on this community as a resource to identify and defend against new viruses, threats and techniques to attack secure networks, explore new ideas and concepts and further our research and development efforts.

19




Claims that our products infringe the proprietary rights of others could harm our business and cause us to incur significant costs.
The security technology industry has increasingly been subject to patent and other intellectual property rights litigation, particularly from special purpose entities that seek to monetize their intellectual property rights by asserting claims against others. We expect this trend to continue and accelerate and expect that we may from time to time be required to defend against this type of litigation. For example, as described under Item 3. Legal Proceedings below, we and nine other network security companies have been named as defendants in a patent infringement lawsuit. Third party asserted claims or initiated litigation can include claims against us or our customers, end-users, manufacturers, suppliers, partners or distributors, alleging infringement of intellectual property rights with respect to our existing or future products or components of those products. The litigation process can be costly and is subject to inherent uncertainties, so we may not prevail in litigation matters regardless of the merits of our position. In addition to the expense and distraction associated with litigation, adverse determinations could cause us to lose our proprietary rights, prevent us from manufacturing or selling our products, require us to obtain licenses to patents or other intellectual property rights that our products are alleged to infringe, which licenses may not be available on reasonable commercial terms or at all, and subject us to significant liabilities. Under the terms of our contracts, we may also be required to indemnify customers and others for losses or costs arising from such claims and such indemnification obligations may not be subject to maximum loss clauses.
If we acquire technology to include in our products from third parties, our exposure to infringement actions may increase because we must rely upon these third parties to verify the origin and ownership of such technology. Similarly, we face exposure to infringement actions if we hire software engineers who were previously employed by competitors and those employees inadvertently or deliberately incorporate proprietary technology of our competitors into our products despite efforts by our competitors and us to prevent such infringement.
Future litigation could have a material adverse impact on our results of operations, financial condition and liquidity.
From time to time we have been, and may be in the future, subject to litigation, including stockholder derivative actions. Risks associated with legal liability are difficult to assess and quantify, and their existence and magnitude can remain unknown for significant periods of time. While we maintain director and officer insurance, the amount of insurance coverage may not be sufficient to cover a claim, and there can be no assurance as to the continued availability of this insurance. We may in the future be the target of additional proceedings, with or without merit, and these proceedings may result in substantial costs and divert management’s attention and resources.
Risks Relating to Manufacturing
We depend on a limited number of manufacturers of our hardware products, which increases our vulnerability to supply disruption.
Our ability to meet our customers’ demand for our products depends upon obtaining adequate hardware platforms on a timely basis and integrating them with our software. We utilize two principal contract equipment manufacturers, Patriot Technologies, Inc. and Premio, Inc., to source components, assemble, integrate and test our appliances and to ship those appliances to our customers. In addition, we utilize a third contract manufacturer, Netronome Systems Inc., to design and integrate some of our software and hardware components for use in the high-performance models of our appliances. The unexpected termination of our relationship with any of these manufacturers would be disruptive to our business and our reputation, and could result in a material decline in our revenue as well as shipment delays and possible increased costs as we seek and implement production with an alternative manufacturer.
In addition, we rely on our contract manufacturers to source the majority of the components for our hardware platforms and they in turn obtain materials from a limited number of suppliers. These suppliers may extend lead times, limit the supply to our manufacturers or increase prices due to capacity constraints or other factors. Although we work closely with our manufacturers and suppliers to avoid shortages, we may encounter these problems in the future. Our results of operations would be adversely affected if we were unable to obtain adequate supplies of hardware platforms in a timely manner or if there were significant increases in the costs of hardware platforms or problems with the quality of those hardware platforms.

20




We commit in advance to purchase products from contract manufacturers based on our expectations of future demand and a portion of these commitments are non-cancelable. In addition, in some cases we purchase products from contract manufacturers and hold them in inventory based on our expectations of future demand. If demand for our products does not meet our expectations, or if products become obsolete as a result of our introduction of new products, we could be required to recognize an expense related to our purchase commitments or write down the value of our inventory, which could adversely affect our results of operations.
We commit in advance to purchase products from our contract manufacturers based on our expectations of future demand and a portion of these commitments are non-cancelable. In addition, in some cases we purchase products from contract manufacturers based on our expectations of future demand. Demand for our products may not meet our expectations as a result of a number of factors, including weakness in general economic conditions, reductions in our customers’ purchasing budgets, discounting of prices on competitive products, defects or perceived defects in the products or the introduction by us or our competitors of new or enhanced products. In the past, we have recognized expenses related to purchase commitments and inventory write-offs and, in the future, if we reduce our estimate of future demand for products that we are committed to purchase or hold in inventory, or if such products become obsolete as a result of our introduction of new products, we may be required to recognize additional expenses for purchase commitments or inventory write-offs, which could negatively impact our gross margin and results of operations.
Risks Relating to Our Common Stock
The price of our common stock may be subject to wide fluctuations.
Since the time of our initial public offering in March 2007, the market price of our common stock has been subject to significant fluctuations, and we expect this volatility to continue for the foreseeable future. For example, during the year ended December 31, 2012, our stock traded between a high of $59.64 per share and a low of $29.25 per share. Among the factors that could affect our common stock price are the risks described in this “Risk Factors” section and other factors, including:
quarterly variations in our operating results compared to market expectations;
changes in expectations as to our future financial performance, including financial estimates or reports by securities analysts;
changes in market valuations of similar companies or of our competitors;
liquidity and activity in the market for our common stock;
actual or expected sales of our common stock by our stockholders;
strategic moves by us or our competitors, such as acquisitions or restructurings;
general market conditions; and
domestic and international economic, legal and regulatory factors unrelated to our performance.
Stock markets in general, and the stocks of technology companies in particular, have experienced extreme volatility that has often been unrelated to the operating performance of a particular company. These broad market fluctuations may adversely affect the trading price of our common stock, regardless of our operating performance.
Sales of substantial amounts of our common stock in the public markets, or the perception that they might occur, could reduce the price that our common stock might otherwise attain.
As of February 22, 2013, we had 30,670,141 outstanding shares of common stock. This number includes shares held by institutional investors who own a significant majority of our common stock. This number also includes shares held by directors and officers who may sell such shares at their discretion, subject to volume limitations contained in federal securities laws. Sales of substantial amounts of our common stock in the public market, or the perception that such sales could occur, could adversely affect the market price of our common stock and may make it more difficult for you to sell your common stock at a time and price that you deem appropriate.
Anti-takeover provisions in our charter documents and under Delaware law and our adoption of a stockholder rights plan could make an acquisition of our company, which may be beneficial to our stockholders, more difficult and may prevent attempts by our stockholders to replace or remove our current management.
Our certificate of incorporation and our bylaws contain provisions that may delay or prevent an acquisition of our company or a change in our management. These provisions include a classified board of directors, a prohibition on actions by written consent of our stockholders and our ability to issue preferred stock without stockholder approval. In addition, we have adopted a stockholder rights plan under which we would issue preferred stock rights upon specified events, which could substantially dilute the stock ownership of a person or group attempting to take us over without the approval of our board of directors. Although we believe these provisions of our certificate of incorporation, bylaws, Delaware corporate law and our

21




stockholder rights plan collectively provide for an opportunity to receive higher bids by requiring potential acquirers to negotiate with us, they would apply even if stockholders consider the offer to be beneficial. In addition, these provisions may frustrate or prevent attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management.
 
Item 1B.
UNRESOLVED STAFF COMMENTS
None.
 
Item 2.
PROPERTIES
Our corporate headquarters and principal executive offices are located in Columbia, Maryland under a lease that expires in May 2015. Significant leased locations include offices in Vienna, Virginia; Livonia, Michigan; Calgary, Alberta; Bracknell, United Kingdom; Tokyo, Japan; and Singapore. We also lease other sales offices in multiple locations worldwide. We believe that our facilities are generally suitable to meet our needs for the foreseeable future; however, we will continue to seek additional space as needed in accordance with our growth.
 
Item 3.
LEGAL PROCEEDINGS
On May 29, 2009 and August 3, 2009, Enhanced Security Research, LLC, or ESR, filed two nearly identical complaints in the United States District Court for the District of Delaware against 10 defendants, including Cisco Systems, Inc., International Business Machines Corporation, Check Point Software Technologies, Ltd., Check Point Software Technologies, Inc., SonicWALL, Inc., 3Com Corporation, Nokia Corporation, Nokia, Inc., Fortinet, Inc., and us. The only significant difference between the first and second complaints is the addition of Security Research Holdings LLC as a plaintiff. The complaints allege, among other things, that our network security appliances and software infringe two U.S. patents. Plaintiffs seek unspecified damages, enhancement of those damages, an attorney’s fee award and an injunction against further infringement. We believe that the patents in this case are invalid and that the allegations of infringement are without merit, and we intend to defend this case vigorously on these bases. Both patents in this litigation have been subject to reexamination by the United States Patent and Trademark Office, or USPTO, and the USPTO has rejected all claims of both patents as not patentable. The patent owner has filed an appeal of the rejections of US Patent No 6,119,236 in the U.S. Court of Appeals for the Federal Circuit, or CAFC. The patent owner filed the opening brief on February 25, 2013 and briefing is not expected to be complete before April 29, 2013. The patent owner did not appeal the rejections of the other patent and, on January 9, 2013, the USPTO issued Reexamination Certificate US 6,304,975 C1 canceling all claims. On June 25, 2010, the District Court dismissed the action filed May 29, 2009, for lack of standing. The CAFC affirmed the dismissal following Plaintiff’s appeal. Also on June 25, 2010, the District Court stayed the action filed August 3, 2009 pending conclusion of the reexaminations. Given the inherent unpredictability of litigation and jury trials, we cannot at this early stage of the matter estimate the possible outcome of this litigation. Because patent litigation is time consuming and costly to defend, we may incur significant costs related to this matter in future periods. In addition, an unfavorable outcome in this matter could have a material adverse effect on our future results of operations or cash flows.
 
Item 4.
MINE SAFETY DISCLOSURES
Not Applicable.


22






PART II

Item 5.
MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
Market Information
Our common stock is publicly traded on the NASDAQ Global Select Market under the symbol “FIRE.” The following table sets forth, for the periods indicated, the high and low sales prices of our common stock as reported by the NASDAQ Global Select Market.
 
 
 
High
 
Low
Year Ended December 31, 2011:
 
 
 
 
First Quarter
 
$27.57
 
$22.61
Second Quarter
 
$30.23
 
$23.20
Third Quarter
 
$31.47
 
$23.26
Fourth Quarter
 
$35.90
 
$24.76
Year Ended December 31, 2012:
 
 
 
 
First Quarter
 
$50.47
 
$29.25
Second Quarter
 
$59.64
 
$45.06
Third Quarter
 
$57.98
 
$41.34
Fourth Quarter
 
$50.85
 
$40.68
As of February 22, 2013, there were approximately 19 holders of record of our common stock. The number of holders of record of our common stock does not reflect the number of beneficial holders whose shares are held by depositories, brokers or other nominees.
Dividend Policy
We have never declared or paid any cash dividends on our common stock. We currently intend to retain all available funds and any future earnings for use in the operation and expansion of our business and do not anticipate paying any cash dividends in the foreseeable future.
Stock Performance Graph
The following graph illustrates a comparison of the total cumulative stockholder return on our common stock for the period beginning December 31, 2007 through December 31, 2012 to two indices: the Russell 2000 Index and the RDG Software Composite Index. The graph assumes an initial investment of $100 on December 31, 2007 in Sourcefire common stock in each of the two indices. The comparisons in the graph are required by the Securities and Exchange Commission and are not intended to forecast or be indicative of possible future performance of our common stock.


23




* $100 invested on 12/31/07 in stock or index, including reinvestment of dividends.
Use of Proceeds
In March 2007, we completed the initial public offering of shares of our common stock. Our portion of the net proceeds from the initial public offering was approximately $83.9 million after deducting underwriting discounts and commissions of $6.5 million and $2.4 million in offering expenses.
We intend to use the net proceeds from the offering for working capital and other general corporate purposes, including financing our growth, developing new products and funding capital expenditures. Pending such usage, we have invested the net proceeds primarily in short-term, interest-bearing investment grade securities.
Repurchases of Equity Securities During 2012
Repurchases are made under the terms of our 2007 Stock Incentive Plan. Under this plan, we award shares of restricted stock to our non-employee directors. These shares of restricted stock are subject to a lapsing right of repurchase by us. We may exercise this right of repurchase in the event that a restricted stock recipient’s service to us is terminated. If we exercise this right, we are required to repay the purchase price paid by or on behalf of the recipient for the repurchased restricted shares, which typically is the par value per share of $0.001. Repurchased shares are returned to the 2007 Stock Incentive Plan and are available for future awards under the terms of that plan.
These were the no repurchases of equity securities made by us during the fiscal quarter ended December 31, 2012. We do not have a stock repurchase program.

24






Item 6.
SELECTED FINANCIAL DATA
The consolidated statement of operations data for the three years ended December 31, 2012, 2011 and 2010 and the consolidated balance sheet data as of December 31, 2012 and 2011 have been derived from our audited consolidated financial statements appearing elsewhere in this report. The consolidated statement of operations data for the years ended December 31, 2009 and 2008 and the consolidated balance sheet data as of December 31, 2010, 2009 and 2008 have been derived from our audited consolidated financial statements that do not appear in this report. The selected consolidated financial data set forth below should be read in conjunction with Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations set forth below and our consolidated financial statements and related notes included elsewhere in this report. The historical results are not necessarily indicative of the results to be expected in any future period.
 
 
 
Year Ended December 31,
 
 
2012
 
2011
 
2010
 
2009
 
2008
 
 
(in thousands, except share and per share data)
Consolidated statement of operations data:
 
 
 
 
 
 
 
 
 
 
Revenue:
 
 
 
 
 
 
 
 
 
 
Products
 
$
135,490

 
$
98,166

 
$
78,436

 
$
62,585

 
$
45,245

Services
 
87,600

 
67,480

 
52,136

 
40,880

 
30,428

Total revenue
 
223,090

 
165,646

 
130,572

 
103,465

 
75,673

Cost of revenue:
 
 
 
 
 
 
 
 
 
 
Products
 
40,695

 
28,368

 
20,000

 
15,641

 
12,408

Services
 
11,321

 
8,841

 
6,828

 
6,379

 
4,952

Total cost of revenue
 
52,016

 
37,209

 
26,828

 
22,020

 
17,360

Gross profit
 
171,074

 
128,437

 
103,744

 
81,445

 
58,313

Operating expenses:
 
 
 
 
 
 
 
 
 
 
Research and development
 
41,570

 
33,145

 
18,789

 
16,256

 
12,620

Sales and marketing
 
86,759

 
64,589

 
48,735

 
36,498

 
33,169

General and administrative
 
28,194

 
19,709

 
18,814

 
16,761

 
18,713

Depreciation and amortization
 
5,187

 
3,917

 
3,375

 
3,647

 
2,627

Total operating expenses
 
161,710

 
121,360

 
89,713

 
73,162

 
67,129

Income (loss) from operations
 
9,364

 
7,077

 
14,031

 
8,283

 
(8,816
)
Other income (expense), net
 
20

 
(351
)
 
125

 
926

 
3,064

Income (loss) before income taxes
 
9,384

 
6,726

 
14,156

 
9,209

 
(5,752
)
Provision for (benefit from) for income taxes
 
4,357

 
536

 
(5,821
)
 
331

 
319

Net income (loss)
 
$
5,027

 
$
6,190

 
$
19,977

 
$
8,878

 
$
(6,071
)
Net income (loss) per common share:
 
 
 
 
 
 
 
 
 
 
Basic
 
$
0.17

 
$
0.22

 
$
0.72

 
$
0.34

 
$
(0.24
)
Diluted
 
$
0.16

 
$
0.21

 
$
0.69

 
$
0.32

 
$
(0.24
)
Shares used in per common share calculations:
 
 
 
 
 
 
 
 
 
 
Basic
 
29,787,100

 
28,607,013

 
27,670,356

 
26,458,273

 
25,379,791

Diluted
 
30,929,210

 
29,529,525

 
28,896,246

 
27,987,115

 
25,379,791









25




Consolidated Balance Sheet Data
 
 
 
As of December 31,
 
 
2012
 
2011
 
2010
 
2009
 
2008
 
 
(in thousands)
Cash and cash equivalents
 
$
96,178

 
$
59,407

 
$
54,410

 
$
53,071

 
$
39,768

Investments
 
107,777

 
98,407

 
99,309

 
70,149

 
61,800

Working capital
 
184,518

 
122,486

 
122,760

 
103,055

 
99,017

Total assets
 
364,674

 
283,927

 
241,074

 
174,167

 
146,305

Deferred revenue
 
90,241

 
61,570

 
46,422

 
34,177

 
24,108

Total liabilities
 
119,548

 
86,070

 
74,990

 
45,678

 
37,264

Total stockholders’ equity
 
245,126

 
197,857

 
166,084

 
128,489

 
109,041


Item 7.
MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
Introduction
Management’s discussion and analysis of financial condition, changes in financial condition and results of operations is provided as a supplement to the accompanying consolidated financial statements and notes to help provide an understanding of Sourcefire, Inc.’s financial condition and results of operations. This item of our Annual Report on Form 10-K is organized as follows:
Overview. This section provides a general description of our business, the key financial metrics that we use in assessing our performance, and anticipated trends that we expect to affect our financial condition and results of operations.
Results of Operations. This section provides an analysis of our results of operations for the years ended December 31, 2012, 2011 and 2010.
Non-GAAP Financial Measures and Supplemental Operating Data. This section discusses non-GAAP financial results that we use in evaluating the operating performance of our business. These measures should be considered in addition to results prepared in accordance with United States generally accepted accounting principles, or GAAP, but should not be considered a substitute for, or superior to, GAAP results. The non-GAAP measures discussed have been reconciled to the nearest GAAP measure in a table included in this section. This section also includes supplemental operating data.
Liquidity and Capital Resources. This section provides an analysis of our cash flows for the years ended December 31, 2012, 2011 and 2010 and a discussion of our capital requirements and the resources available to us to meet those requirements.
Critical Accounting Policies and Estimates. This section discusses accounting policies that are considered important to our financial condition and results of operations, require significant judgment or require estimates on our part in applying them. Our significant accounting policies, including those considered to be critical accounting policies, are summarized in Note 2 to the accompanying consolidated financial statements.
Overview
Sourcefire delivers intelligent cybersecurity technologies. Our comprehensive portfolio of solutions enables commercial enterprises and government agencies worldwide to manage and minimize cybersecurity risks. From our industry-leading next-generation network security platform to our advanced malware protection, Sourcefire provides customers with Agile Security® that addresses the need for more informed, adaptive, and automated security solutions to protect today’s dynamic information technology environments from constantly changing threats.
We sell our solutions to a diverse customer base that includes Global 2000 companies, global enterprises, U.S. and international government agencies and small and mid-size businesses. We also manage the security industry’s leading open source initiative, Snort®, as well as the ClamAV® and Razorback open source initiatives.
Key Financial Metrics and Trends
Sales to U.S. commercial customers accounted for 47%, 54% and 50% of our total revenue for the years ended December 31, 2012, 2011 and 2010, respectively. Our revenues from U.S. commercial customers increased by 17% for the year ended

26




December 31, 2012 as compared to the prior year.
Sales to international customers accounted for 33%, 25% and 25% of our total revenue for the years ended December 31, 2012, 2011 and 2010, respectively. Our revenues from international customers increased by 77% for the year ended December 31, 2012 as compared to the prior year.
Sales to U.S. federal and state government agencies collectively accounted for 20%, 21% and 25% of our total revenue for the years ended December 31, 2012, 2011 and 2010, respectively. Our revenues from U.S. federal and state government agencies increased by 28% for the year ended December 31, 2012, as compared to the prior year.
We believe that our revenue from product sales for the year ended December 31, 2012 was positively affected by a number of factors, including (i) the introduction of new, enhanced versions of our products in 2012 and 2011, (ii) the expansion of our indirect sales channel in the U.S. and internationally, (iii) investments in our international operations and the resulting increase in workforce, and (iv) a stabilized environment in U.S. government spending. In addition, our revenue from sales of services during 2012 was positively affected by an increase in our installed customer base. In general, we expect these factors to continue to positively affect our product and services revenue in 2013. However, uncertainty related to the federal budget process and a potential reduction in federal spending levels may limit any increase in our sales to the federal government.
We evaluate our performance on the basis of several key financial metrics, including revenue, cost of revenue, gross profit, and operating expenses. We compare these key performance indicators, on a quarterly basis, to both target amounts established by management and to our performance for prior periods. We also evaluate performance on the basis of adjusted net income, adjusted net income per share, adjusted income from operations, adjusted income from operations as a percentage of revenue and free cash flow, which are non-GAAP financial measures. Information regarding our non-GAAP financial measures and a reconciliation of each to the nearest GAAP measure is provided under “Non-GAAP Financial Measures” below.
Revenue
We currently derive revenue from product sales and services. Product revenue is principally derived from the sale of our network security solutions. These solutions include a perpetual software license bundled with a third-party hardware platform. Services revenue is principally derived from technical support and professional services and training. We typically sell technical support to complement our network security product solutions.

Technical support entitles a customer to product updates and new rule releases on a when and if available basis and both telephone and web-based assistance for using our products. Our professional services include optional installation, configuration and tuning, which we refer to collectively as network security deployment services. These services typically occur on-site after delivery has occurred. Our training includes instructor-led and custom classes delivered at various locations around the world, onsite at customer premises, and online.
Product sales are typically recognized as revenue upon shipment of the product to the customer. For sales through resellers and distributors, we recognize revenue upon the shipment of the product only if those resellers and distributors provide us, at the time of placing their order, with the identity of the end-user customer to whom the product has been sold. We recognize revenue from services when the services are performed. For technical support services, we recognize revenue ratably over the term of the support arrangement, which is primarily 12 months. Our support agreements generally provide for payment in advance.
We sell our network security solutions globally. Revenue generated by sales to U.S.-based customers was 67% for the year ended December 31, 2012 and 75% for each of the years ended December 31, 2011 and 2010. We believe that our revenue from customers based outside of the United States will increase in absolute dollars and as a percentage of revenue as we strengthen our international presence.
We continue to generate a majority of our product revenue through sales to existing customers, both for new locations and for additional technology to protect existing networks and locations. Product sales to existing customers accounted for 59%, 59% and 62% of total product revenue for the years ended December 31, 2012, 2011 and 2010, respectively. We expect product sales to existing customers to continue to account for a significant portion of our product revenue in 2013.
Historically, our product revenue has been seasonal, with a significant portion of our total product revenue in recent fiscal years generated in the third and fourth quarters. Revenue from our government customers has been influenced by the September 30th fiscal year-end of the U.S. federal government, which has historically resulted in our revenue from government customers being highest in the second half of the year. While we expect these historical trends to continue, they could be affected by a number of factors, including another decline in general economic conditions, changes in the timing or amounts of U.S. government spending and our planned international expansion. Notwithstanding these general seasonal patterns, our

27




revenue within a particular quarter is often affected significantly by the unpredictable procurement patterns of our customers. Our prospective customers usually spend a long time evaluating and making purchase decisions for network security solutions. Historically, many of our customers have not finalized their purchasing decisions until the final weeks or days of a quarter. We expect these purchasing patterns to continue in the future. Therefore, a delay in even one large order beyond the end of the quarter could materially reduce our anticipated revenue for a quarter. In addition, because we typically recognize revenue upon shipment, the timing of our quarter-end and year-end shipments could materially affect our reported product revenue for a given quarter or year. Delayed orders could negatively impact our results of operations and cash flows for a particular period and could therefore cause us to fail to meet the financial performance expectations of financial and industry research analysts or investors.
Cost of Revenue
Cost of product revenue includes the cost of the hardware platform, third-party manufacturing costs, royalties for third-party software, personnel costs associated with logistics and quality control, stock-based compensation expense, amortization of acquired intangible assets, supplies, warranty, shipping and handling costs, expense for excess and obsolete inventory and depreciation in the instances where we lease our network security solutions to our customers. In addition, in the first quarter of 2012, we began to incur cost of revenue expenses to support and run the infrastructure of our advanced malware protection products. We allocate overhead costs, including facilities, supplies, communication and information systems and employee benefits, to the cost of product revenue. Overhead costs are reflected in each cost of revenue and operating expense category. As our product volume increases, we anticipate incurring an increased amount of both direct and overhead expenses to supply and manage the increased volume. In addition, hardware unit costs or other costs of manufacturing could increase in the future.

Cost of services revenue includes the direct labor costs of our employees and outside consultants engaged to furnish those services, as well as their travel and associated direct material costs and stock-based compensation expense. Additionally, we include in cost of services revenue an allocation of overhead costs, as well as the cost of time and materials to service or repair the hardware component of our products covered under a renewed support arrangement beyond the manufacturer’s warranty, the amortization of a long-term contract for a third-party to provide maintenance and support services for certain product offerings and the expense for advance replacement unit inventory excess and obsolescence. As our customer base continues to grow, we anticipate incurring an increasing amount of these service and repair costs, as well as costs for additional personnel to provide support and service to our customers.
Gross Profit
Our gross profit is affected by a variety of factors, including the mix and average selling prices of our products, our pricing policy, new product introductions, the cost of hardware platforms, expense for excess and obsolete inventory, warranty expense, the cost of labor and materials and the mix of distribution channels through which our products are sold. Our gross profit would be adversely affected by price declines or pricing discounts if we are unable to reduce costs on existing products and fail to introduce new products with higher margins. Currently, product sales typically have a lower gross profit as a percentage of revenue than our services due to the cost of the hardware platform. Our gross profit for any particular quarter could be adversely affected if we do not complete a sufficient level of sales of higher-margin products by the end of the quarter. As discussed above, many of our customers do not finalize purchasing decisions until the final weeks or days of a quarter, so a delay in even one large order of a high-margin product could significantly reduce our gross margin for that quarter.
We completed the transition of our product line to our next generation platform in 2012. Generally, the gross margins of our new products are lower as compared to the previous generation of products they are replacing. In addition, in the first quarter of 2012, we began to incur cost of revenue expenses to support and run the infrastructure of our advanced malware protection products. These items had a negative impact on our gross margin for the year ended December 31, 2012 and we expect this impact to continue in 2013. In addition, as we expand our international operations, our gross margin may be negatively impacted due to the additional costs associated with operating in certain jurisdictions.
Operating Expenses
Research and Development. Research and development expenses consist primarily of salaries, incentive compensation and allocated overhead costs for our engineers; stock-based compensation expense; retention obligations related to our hiring of former Immunet employees; costs for professional services to design, test and certify our products; and costs associated with data used by us in our product development.
We have expanded our research and development capabilities and expect to continue to expand these capabilities in the future. We are committed to increasing the level of innovative design and development of new products as we strive to enhance our ability to serve our existing commercial and federal government markets as well as new markets for security solutions. To

28




meet the changing requirements of our customers, we will need to fund investments in several development projects in parallel. Accordingly, we anticipate that our research and development expenses will continue to increase in absolute dollars for the year ending December 31, 2013 and, as a percentage of revenue, will be consistent with 2012.
Sales and Marketing. Sales and marketing expenses consist primarily of salaries, incentive compensation and allocated overhead costs for sales and marketing personnel; stock-based compensation expense; trade show, advertising, marketing and other brand-building costs; marketing consultants and other professional services; training, seminars and conferences; and travel and related costs.
As we continue to focus on increasing our market penetration, expanding internationally, increasing our indirect sales channel and building brand awareness, we anticipate that selling and marketing expenses will continue to increase in absolute dollars for the year ending December 31, 2013 and, as a percentage of revenue, will be consistent with 2012.
General and Administrative. General and administrative expenses consist primarily of salaries, incentive compensation and allocated overhead costs for executive, legal, finance, information technology, human resources and administrative personnel; stock-based compensation expense; corporate development expenses and professional fees related to legal, audit, tax and regulatory compliance; travel and related costs; and corporate insurance. We anticipate that general and administrative expenses will increase in absolute dollars for the year ending December 31, 2013.
Stock-Based Compensation. Stock-based compensation expense is based on the grant date fair value of stock awards. We use the Black-Scholes option pricing model to estimate the fair value of stock options granted and employee stock purchases. The use of option valuation models requires the input of highly subjective assumptions, including the expected term and the expected stock price volatility. Based on the estimated grant date fair value of stock-based awards, we recognized aggregate stock-based compensation expense of $26.2 million, $14.9 million, and $9.3 million for the years ended December 31, 2012, 2011 and 2010, respectively. In the fourth quarter of 2012, we incurred approximately $3.7 million of additional stock-based compensation expense in connection with the acceleration of vesting of restricted stock units under the Retirement Agreement we entered into with John C. Burris on October 1, 2012.
Results of Operations
Revenue. The following table shows products and technical support and professional services revenue (in thousands):
 
 
 
Year Ended December 31,
 
Variance
 
Year Ended December 31,
 
Variance
 
 
2012
 
2011
 
$
 
%
 
2011
 
2010
 
$
 
%
Products
 
$
135,490

 
$
98,166

 
$
37,324

 
38
%
 
$
98,166

 
$
78,436

 
$
19,730

 
25
%
Percentage of total revenue
 
61
%
 
59
%
 
 
 
 
 
59
%
 
60
%
 
 
 
 
Technical support and professional services
 
87,600

 
67,480

 
20,120

 
30
%
 
67,480

 
52,136

 
15,344

 
29
%
Percentage of total revenue
 
39
%
 
41
%
 
 
 
 
 
41
%
 
40
%
 
 
 
 
Total revenue
 
$
223,090

 
$
165,646

 
$
57,444

 
35
%
 
$
165,646

 
$
130,572

 
$
35,074

 
27
%
The increase in our product revenue for the year ended December 31, 2012, as compared to the prior-year, was primarily due to higher product sales volume and the sales product mix favoring our higher priced appliances. The increase in our services revenue for the year ended December 31, 2012, as compared to the prior year, resulted from an increase in our installed customer base due to new product sales in which associated support was purchased, as well as technical support renewals by our existing customers.
The increase in our product revenue for the year ended December 31, 2011, as compared to the prior year, was primarily due to increased revenue from U.S. commercial and international customers and the sales product mix favoring our higher priced appliances. The increase in our services revenue for the year ended December 31, 2011, as compared to the prior year, resulted from an increase in our installed customer base due to new product sales in which associated support was purchased, as well as technical support renewals by our existing customers.

29




Cost of revenue. The following table shows products and technical support and professional services cost of revenue (in thousands):
 
 
 
Year Ended December 31,
 
Variance
 
Year Ended December 31,
 
Variance
 
 
2012
 
2011
 
$
 
%
 
2011
 
2010
 
$
 
%
Products
 
$
40,695

 
$
28,368

 
$
12,327

 
43
%
 
$
28,368

 
$
20,000

 
$
8,368

 
42
%
Percentage of total revenue
 
18
%
 
17
%
 
 
 
 
 
17
%
 
15
%
 
 
 
 
Technical support and professional services
 
11,321

 
8,841

 
2,480

 
28
%
 
8,841

 
6,828

 
2,013

 
29
%
Percentage of total revenue
 
5
%
 
5
%
 
 
 
 
 
5
%
 
5
%
 
 
 
 
Total cost of revenue
 
$
52,016

 
$
37,209

 
$
14,807

 
40
%
 
$
37,209

 
$
26,828

 
$
10,381

 
39
%
Percentage of total revenue
 
23
%
 
22
%
 
 
 
 
 
22
%
 
21
%
 
 
 
 
The increase in our product cost of revenue for the year ended December 31, 2012, as compared to the prior year, was primarily due to an increase in unit volume associated with higher revenue, higher costs of our new product platform and the infrastructure costs to support and run our advanced malware protection products, partially offset by lower inventory write-downs related to excess and obsolete inventory and a prior-year expense of $1.2 million for purchase commitments we made to our contract manufacturers for the product and component inventory that was estimated to be in excess of future demand for existing products due to the introduction of our new products.
The increase in our services cost of revenue for the year ended December 31, 2012, as compared to the prior year, was primarily due to our hiring of additional personnel to service our larger installed customer base, provide training to our resellers and customers and provide professional services to our customers and increased hardware service expense we pay to our contract manufacturers to help maintain our install base.
The increase in our product cost of revenue for the year ended December 31, 2011, as compared to the prior year, was primarily due to the sales product mix favoring our higher priced and more costly appliances, an increase in inventory write-downs related to excess and obsolete inventory of $1.1 million as a result of the introduction of new products, the amortization of acquired technology intangible assets and a $1.2 million expense for purchase commitments we made to our contract manufacturers for the product and component inventory that was estimated to be in excess of future demand for existing products due to the introduction of our new products.

The increase in our services cost of revenue for the year ended December 31, 2011, as compared to the prior year, was primarily due to our hiring of additional personnel to service our larger installed customer base, provide training to our resellers and customers and provide professional services to our customers and increased hardware service expense we pay to our third-party integrators to help maintain our install base.

30




Gross profit. The following table shows products and technical support and professional services gross profit (in thousands):
 
 
 
Year Ended December 31,
 
Variance
 
Year Ended December 31,
 
Variance
 
 
2012
 
2011
 
$
 
%
 
2011
 
2010
 
$
 
%
Products
 
$
94,795

 
$
69,798

 
$
24,997

 
36
%
 
$
69,798

 
$
58,436

 
$
11,362

 
19
%
Product gross margin
 
70
%
 
71
%
 
 
 
 
 
71
%
 
75
%
 
 
 
 
Technical support and professional services
 
76,279

 
58,639

 
17,640

 
30
%
 
58,639

 
45,308

 
13,331

 
29
%
Technical support and professional services gross margin
 
87
%
 
87
%
 
 
 
 
 
87
%
 
87
%
 
 
 
 
Total gross profit
 
$
171,074

 
$
128,437

 
$
42,637

 
33
%
 
$
128,437

 
$
103,744

 
$
24,693

 
24
%
Total gross margin
 
77
%
 
78
%
 
 
 
 
 
78
%
 
79
%
 
 
 
 
Product gross margin for the year ended December 31, 2012 decreased as compared to the prior year, primarily due to the higher costs of our new products and the infrastructure costs to support and run our advanced malware protection products, partially offset by lower inventory write-downs related to excess and obsolete inventory and a prior-year expense of $1.2 million for purchase commitments we made to our contract manufacturers for the product and component inventory that was estimated to be in excess of future demand for existing products due to the introduction of our new products.
Technical support and professional services gross margin for the year ended December 31, 2012 remained relatively flat over the prior year.
Product gross margin decreased for the year ended December 31, 2011, as compared to the prior year, primarily due to an increase in inventory write-downs related to excess and obsolete inventory of $1.1 million as a result of the introduction of new products, the amortization of acquired technology intangible assets and a $1.2 million expense for purchase commitments we made to our contract manufacturers for the product and component inventory that was estimated to be in excess of future demand for existing products due to the introduction of our new products.
Technical support and professional services gross margin for the year ended December 31, 2011 remained relatively flat over the prior year.


31




Operating expenses. The following table shows our operating expenses (in thousands):
 
 
 
Year Ended December 31,
 
Variance
 
Year Ended December 31,
 
Variance
 
 
2012
 
2011
 
$
 
%
 
2011
 
2010
 
$
 
%
Research and development
 
$
41,570

 
$
33,145

 
$
8,425

 
25
%
 
$
33,145

 
$
18,789

 
$
14,356

 
76
%
Percentage of total revenue
 
19
%
 
20
%
 
 
 
 
 
20
%
 
14
%
 
 
 
 
Sales and marketing
 
86,759

 
64,589

 
22,170

 
34
%
 
64,589

 
48,735

 
15,854

 
33
%
Percentage of total revenue
 
39
%
 
39
%
 
 
 
 
 
39
%
 
37
%
 
 
 
 
General and administrative
 
28,194

 
19,709

 
8,485

 
43
%
 
19,709

 
18,814

 
895

 
5
%
Percentage of total revenue
 
13
%
 
12
%
 
 
 
 
 
12
%
 
14
%
 
 
 
 
Depreciation and amortization
 
5,187

 
3,917

 
1,270

 
32
%
 
3,917

 
3,375

 
542

 
16
%
Percentage of total revenue
 
2
%
 
2
%
 
 
 
 
 
2
%
 
3
%
 
 
 
 
Total operating expenses
 
$
161,710

 
$
121,360

 
$
40,350

 
33
%
 
$
121,360

 
$
89,713

 
$
31,647

 
35
%
Percentage of total revenue
 
72
%
 
73
%
 
 
 
 
 
73
%
 
69
%
 
 
 
 
Research and development expenses for the year ended December 31, 2012 increased over the prior year, primarily due to an increase of $4.5 million in salaries, incentive compensation and benefits as a result of additional personnel, an increase of $2.1 million in stock-based compensation expense, an increase of $1.0 million in consulting fees and an increase of $0.7 million in allocated overhead costs as a result of increased overhead costs.
Research and development expenses for the year ended December 31, 2011 increased over the prior year, primarily due to an increase of $5.7 million in salaries, incentive compensation and benefits as a result of additional personnel to support continued enhancements of existing products and development of new products, including the hiring of former Immunet employees. The increase was also due to an increase of $2.4 million in consulting fees, $2.7 million for the accrual of retention obligations related to our hiring of former Immunet employees, an increase of $2.0 million in stock-based compensation expense and an increase of $1.0 million in allocated overhead costs as a result of additional personnel and increased overhead costs.
Sales and marketing expenses for the year ended December 31, 2012 increased over the prior year, primarily due to an increase of $13.2 million in salaries, commissions and incentive compensation, and benefits as a result of additional personnel, an increase of $4.0 million in stock-based compensation expense, an increase of $2.3 million in advertising, promotion, partner-marketing programs and trade show expenses, an increase of $1.0 million in travel and travel-related expenses and an increase of $0.7 million in allocated overhead costs as a result of increased overhead costs.
Sales and marketing expenses for the year ended December 31, 2011 increased over the prior year, primarily due to an increase of $8.6 million in salaries, commissions and incentive compensation, and benefits as a result of additional personnel, mainly attributable to expansion of our sales force, an increase of $2.4 million in stock-based compensation expense, an increase of $1.3 million in advertising, promotion, partner-marketing programs and trade show expenses and an increase of $1.2 million in travel and travel-related expenses.

General and administrative expenses for the year ended December 31, 2012 increased over the prior year, primarily due to an increase of $4.7 million in stock-based compensation expense, of which $3.7 million resulted from the acceleration of vesting of restricted stock units under the Retirement Agreement entered into with our former CEO, an increase of $1.9 million in salaries, incentive compensation and benefits as a result of additional personnel and an increase of $1.0 million in professional fees related to legal and accounting services, primarily as a result of our international expansion.
General and administrative expenses for the year ended December 31, 2011 increased from the prior year, primarily due to an increase of $0.9 million in stock-based compensation expense, an increase of $0.2 million in salaries, incentive compensation and benefits as a result of additional personnel and an increase of $0.2 million in allocated overhead costs as a

32




result of additional personnel and increased overhead costs, offset by a net decrease of $0.5 million in professional fees.
Depreciation and amortization expense for the year ended December 31, 2012 increased from the prior-year period, primarily due to depreciation of additional lab and testing equipment purchased for our engineering department, computers purchased for personnel hired and leasehold improvements to new office spaces.
Depreciation and amortization expense for the year ended December 31, 2011 increased over the prior year, primarily due to the depreciation of additional lab and testing equipment purchased for our engineering department and computers purchased for personnel hired.
Provision for (benefit from) income taxes. The following table shows our provision for (benefit from) income taxes (in thousands):
 
 
 
Year Ended December 31,
 
Variance
 
Year Ended December 31,
 
Variance
 
 
2012
 
2011
 
$
 
%
 
2011
 
2010
 
$
 
%
Provision for (benefit from) income taxes
 
$
4,357

 
536

 
$
3,821

 
713
%
 
$
536

 
(5,821
)
 
$
6,357

 
(109
)%
Percentage of total revenue
 
2
%
 
%
 
 
 
 
 
%
 
(4
)%
 
 
 
 
During the year ended December 31, 2012, we recorded $4.4 million of income tax expense, which resulted in an annual effective rate of 46.4%. The provision for income tax consists of a $3.0 million U.S. income tax expense and $1.4 million of foreign income tax expense. Our annual effective tax rate differs from the U.S. federal statutory rate of 35% primarily due to permanent differences, state income taxes and foreign income taxed at different rates.
During the year ended December 31, 2011, we recorded $0.5 million of income tax expense, which resulted in an annual effective rate of 8.0%. The provision for income tax consists of a $0.3 million U.S. tax benefit offset by $0.8 million of foreign income tax expense. Our income tax expense for the year ended December 31, 2011 includes a discrete tax benefit from research tax credits, which resulted in a net reduction of tax expense of $2.0 million. Excluding the impact of the discrete tax benefit, our annual effective tax rate was 37.7%, which differs from the U.S. federal statutory rate of 35% primarily due to the current year research tax credit, state income taxes, permanent differences and foreign income taxed at different rates.
Our effective tax rate for the year ended December 31, 2010 resulted in a benefit of 41.1%. Our effective tax rate differs from the U.S. federal statutory rate of 34% primarily due to the reversal of the valuation allowance on our U.S. deferred tax assets, state income taxes and foreign income taxed at different rates. The benefit from income taxes for the year ended December 31, 2010 consisted of a $6.3 million U.S. income tax benefit, partially offset by $0.5 million of foreign income tax expense. The U.S. income tax benefit is primarily related to the release of the valuation allowance recorded against our deferred tax assets in the U.S.
Our future effective tax rate may be materially impacted by the amount of income taxes associated with our foreign earnings, which are taxed at rates different from the U.S. federal statutory rate, as well as the timing and extent of the realization of deferred tax assets and changes in the tax law. Further, our effective tax rate may fluctuate within a fiscal year, including from quarter-to-quarter, due to items arising from discrete events, including the resolution or identification of tax position uncertainties and acquisitions of other companies.
With respect to foreign earnings, it is our policy to invest the earnings of foreign subsidiaries indefinitely outside the U.S. Accordingly, we do not record deferred taxes on such earnings. Any excess tax benefit, above amounts previously recorded for stock-based compensation expense, from the exercise of stock options is recorded in additional paid-in-capital in the consolidated balance sheets to the extent that cash taxes payable are reduced.
Seasonality
Our product revenue has tended to be seasonal, with a significant portion generated in the third and fourth quarters. Revenue from our government customers has been influenced by the September 30th fiscal year-end of the U.S. federal government, which has historically resulted in our revenue from government customers being highest in the second half of the year. In the fourth quarter, revenues have historically been strong due to purchases by North American enterprise customers, which operate on a calendar year budget and often wait until the fourth quarter to make their most significant capital equipment purchases. In addition, increased fourth quarter sales in Europe have historically resulted in higher fourth quarter revenues following a decline in sales in the summer months due to vacation practices in Europe and the resulting delay in capital

33




purchase activities until the fall. While we expect these historical trends to continue, they could be affected by a number of factors, including another decline in general economic conditions, changes in the timing or amounts of U.S. government spending, and our planned international expansion. The timing of transactions could materially affect our quarterly or annual product revenue.
Quarterly Timing
On a quarterly basis, we have usually generated the majority of our sales in the final month of the quarter. We believe this occurs for two reasons. First, many customers wait until the end of the quarter to extract favorable pricing terms from their vendors, including Sourcefire. Second, our sales personnel, who have a strong incentive to meet quarterly sales targets, have tended to increase their sales activity as the end of a quarter nears, while their participation in sales management review and planning activities is typically scheduled at the beginning of a quarter. The timing of our quarter-end and year-end shipments also affects our quarterly and annual product revenue, since we typically recognize revenue upon shipment of the product and orders received at the end of a quarter or year may not be shipped until the beginning of the following quarter or year.
Non-GAAP Financial Measures
To supplement our consolidated financial statements presented in accordance with GAAP, we consider certain financial measures that are not prepared in accordance with GAAP, including non-GAAP adjusted net income, adjusted net income per share, adjusted income from operations, adjusted income from operations as a percentage of revenue and free cash flow. We use these non-GAAP financial measures, in addition to GAAP financial measures, to evaluate our operating and financial performance and to compare such performance to that of prior periods and to the performance of our competitors. We also use these non-GAAP financial measures in making operational and financial decisions and in establishing operational goals. We believe that providing these non-GAAP financial measures to investors, as a supplement to GAAP financial measures, helps investors to evaluate our operating and financial performance and trends in our business, consistent with how management evaluates such performance and trends. We also believe these non-GAAP financial measures may be useful to investors in comparing our performance to the performance of other companies, although our non-GAAP financial measures are specific to us and the non-GAAP financial measures of other companies may not be calculated in the same manner.
Adjusted Net Income, Adjusted Net Income per Share, Adjusted Income from Operations and Adjusted Income from Operations as a Percentage of Revenue: In evaluating the operating performance of our business, we exclude certain charges and credits that are required by GAAP. These non-GAAP measures exclude (i) stock-based compensation, which does not involve the expenditure of cash, (ii) amortization of acquisition-related intangible assets, which does not involve the expenditure of cash, and (iii) other acquisition-related expenses, which are unrelated to the ongoing operation of our business in the ordinary course. For 2012, non-GAAP results were adjusted to reflect the effect of an assumed tax rate of 35%. This adjustment is intended to normalize the tax rate and provide a tax rate that approximates our expected long-term GAAP tax rate.
Free Cash Flow: We define free cash flow as net cash provided by operating activities minus capital expenditures. We consider free cash flow to be a liquidity measure that provides useful information to management and investors about the amount of cash generated by the business that, after the purchase of property and equipment, can be used for strategic opportunities, including investing in the business, making strategic acquisitions and strengthening the balance sheet.

34




These measures should be considered in addition to results prepared in accordance with GAAP, but should not be considered a substitute for, or superior to, GAAP results. Our Non-GAAP financial measures are as follows:
 
 
 
Year Ended December 31,
 
 
2012
 
2011
 
2010
Reconciliation to adjusted income from operations:
 
 
 
 
 
 
GAAP income from operations
 
$
9,364

 
$
7,077

 
$
14,031

Stock-based compensation expense
 
26,164

 
14,881

 
9,349

Amortization of acquisition-related intangible assets
 
1,368

 
1,008

 

Other acquisition-related expenses*
 
1,436

 
2,790

 
235

Adjusted income from operations
 
$
38,332

 
$
25,756

 
$
23,615

Adjusted income from operations as a % of revenue
 
17.2
%
 
15.5
%
 
18.1
%
 
 
 
 
 
 
 
Reconciliation to adjusted net income:
 
 
 
 
 
 
GAAP net income
 
$
5,027

 
$
6,190

 
$
19,977

Stock-based compensation expense
 
26,164

 
14,881

 
9,349

Amortization of acquisition-related intangible assets
 
1,368

 
1,008

 

Other acquisition-related expenses**
 
1,436

 
3,246

 
235

Tax credit for research and experimentation
 

 
(2,001
)
 

Release of the valuation allowance
 

 

 
(7,613
)
Income tax adjustment ***
 
(9,066
)
 
(6,514
)
 
(6,516
)
Adjusted net income
 
$
24,929

 
$
16,810

 
$
15,432

 
 
 
 
 
 
 
Adjusted net income per share—basic
 
$
0.84

 
$
0.59

 
$
0.56

Adjusted net income per share—diluted
 
$
0.81

 
$
0.57

 
$
0.53

 
 
 
 
 
 
 
Weighted average number of shares—basic
 
29,787,100

 
28,607,013

 
27,670,356

Weighted average number of shares—diluted
 
30,929,210

 
29,529,525

 
28,896,246

 
 
 
 
 
 
 
Reconciliation to free cash flow:
 
 
 
 
 
 
GAAP net cash provided by operating activities
 
$
42,685

 
$
14,602

 
$
36,425

Purchase of property and equipment
 
(8,935
)
 
(6,511
)
 
(5,403
)
Free cash flow
 
$
33,750

 
$
8,091

 
$
31,022

 
*
Includes the accrual of retention obligations related to our hiring of former Immunet employees and other acquisition-related expenses.
**
Includes the accrual of retention obligations related to our hiring of former Immunet employees, the increase in the fair value of the acquisition-related contingent consideration and other acquisition-related expenses.
***
Income tax adjustment is used to adjust the GAAP provision for income taxes to a non-GAAP provision for income taxes utilizing an assumed tax rate of 35%.


35




The following table shows supplemental data regarding our operations:

 
Year Ended December 31,
 
2012
 
2011
 
2010
Supplemental operating data:
 
 
 
 
 
Number of deals in excess of $500,000
76

 
68

 
36

Number of deals in excess of $100,000
406

 
333

 
240

Number of new customers
452

 
452

 
376

Percentage of channel-influenced deals
46
%
 
51
%
 
39
%
Total channel partners
738

 
576

 
339

Number of full-time employees at end of period
599

 
451

 
351

Liquidity and Capital Resources
Cash Flows
The following table summarizes our cash flow activities for the periods indicated (in thousands):
 
 
 
Year Ended December 31,
 
 
2012
 
2011
 
2010
Cash and cash equivalents:
 
 
 
 
 
 
Provided by operating activities
 
$
42,685

 
$
14,602

 
$
36,425

Used in investing activities
 
(22,298
)
 
(16,949
)
 
(43,353
)
Provided by financing activities
 
16,384

 
7,344

 
8,267

Increase in cash and cash equivalents
 
36,771

 
4,997

 
1,339

Net cash at beginning of period
 
59,407

 
54,410

 
53,071

Net cash at end of period
 
96,178

 
59,407

 
54,410

Investments
 
107,777

 
98,407

 
99,309

Total cash, cash equivalents and investments
 
$
203,955

 
$
157,814

 
$
153,719

Operating Activities. Cash provided by operating activities for the year ended December 31, 2012 is the result of our net income of $5.0 million adjusted for a net cash inflow of $29.6 million of net non-cash revenues and expenses, and a net cash inflow of $8.1 million for changes in our operating assets and liabilities. Cash provided by operating activities for the year ended December 31, 2011 is the result of our net income of $6.2 million adjusted for a net cash inflow of $14.6 million of net non-cash revenues and expenses, offset by changes in our operating assets and liabilities of $6.2 million, which include a payment of $11.0 million for a long-term contract for a third-party to provide maintenance and support services for certain product offerings. Cash provided by operating activities for the year ended December 31, 2010 is the result of our net income of $20.0 million adjusted for a net cash inflow of $1.9 million of net non-cash revenues and expenses, which includes $7.6 million related to the release of the valuation allowance on our deferred tax assets, and a net cash inflow of $14.5 million for changes in our operating assets and liabilities.
Investing Activities. Cash used in investing activities for the year ended December 31, 2012 was primarily the result of purchases of investments of $156.5 million, capital expenditures of $8.9 million, and the payment for a cost method investment of $2.1 million, partially offset by maturities of investments of $145.4 million. Cash used in investing activities for the year ended December 31, 2011 was primarily the result of purchases of investments of $159.1 million, acquisition-related payments of $9.2 million and capital expenditures of $6.5 million, partially offset by maturities of investments of $157.8 million. Cash used in investing activities for the year ended December 31, 2010 was primarily the result of purchases of investments of $129.5 million, payments related to our acquisition of Immunet of $7.6 million and capital expenditures of $5.4 million, partially offset by maturities of investments of $99.1 million.
Financing Activities. Cash provided by financing activities for the years ended December 31, 2012, 2011 and 2010 was primarily related to proceeds from the issuance of common stock under our employee stock-based plans, as well as the excess tax benefits relating to share-based payments.

36




Liquidity Requirements
We manufacture our products through contract manufacturers and other third parties. This approach provides us with the advantage of relatively low capital expenditure requirements and significant flexibility in scheduling production and managing inventory levels. The majority of our products are delivered to our customers directly from our contract manufacturers. Accordingly, our contract manufacturers are generally responsible for purchasing and stocking the components required to produce our products, and they invoice us when the finished goods are shipped. By leasing our office facilities, we also minimize the cash needed for expansion. Our capital spending is generally limited to leasehold improvements, computers, office furniture and lab and test equipment.
We expect our short-term liquidity requirements through December 31, 2013 will consist primarily of the funding of working capital requirements and capital expenditures. We expect to meet these short-term requirements primarily through cash flow from operations. To the extent that cash flow from operations is not sufficient to meet these requirements, we expect to fund these amounts through the use of existing cash and investment resources. As of December 31, 2012, we had cash, cash equivalents and investments of $204.0 million and working capital of $184.5 million.
As described above, our product sales are, and are expected to continue to be, seasonal. We believe that our current cash reserves are sufficient for any short-term needs arising from the seasonality of our business.
Our long-term liquidity requirements consist primarily of obligations under our operating leases. We expect to meet these long-term requirements primarily through cash flow from operations.
In addition, we may utilize existing cash resources, equity financing or debt financing to fund acquisitions or investments in complementary businesses, technologies or product lines.
Contractual Obligations
The following table describes our commitments to settle contractual obligations in cash as of December 31, 2012 (in thousands):
 
 
 
Payments Due by Period
 
 
Total
 
Less than
One Year
 
1-3 Years
 
3-5 Years
 
Thereafter
Operating lease obligations
 
$
5,898

 
$
2,382

 
$
2,990

 
$
408

 
$
118

Purchase commitments 
 
26,345

 
26,345

 

 

 

Investment funding
 
900

 
900

 

 

 

We purchase components for our products from a variety of suppliers and use several contract manufacturers to provide manufacturing services for our products. During the normal course of business, in order to manage manufacturing lead times and help ensure adequate component supply, we enter into agreements with contract manufacturers and suppliers that allow them to procure inventory based upon information we provide. In certain instances, these agreements allow us the option to cancel, reschedule, and adjust our requirements based on our business needs prior to firm orders being placed. A portion of our reported purchase commitments arising from these agreements are firm, non-cancelable, and unconditional commitments. As of December 31, 2012, we had total purchase commitments for inventory of approximately $26.3 million due within the next 12 months.
At December 31, 2012, we had a liability for unrecognized tax benefits of $1.7 million. Of this $1.7 million, we expect that $1.0 million will reverse in the next twelve months as a result of statute closure, tax settlement, or tax filing. Due to inherent uncertainty, we are unable to make a reasonable estimate of the period in which payments will be made for the remaining amount.
Critical Accounting Policies and Estimates
Our consolidated financial statements are prepared in accordance with accounting principles generally accepted in the United States of America. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, costs and expenses and related disclosures. We evaluate our estimates and assumptions on an ongoing basis. Our actual results may differ from these estimates.
We believe that, of our significant accounting policies, which are described in Note 2 to the consolidated financial statements contained in this report, the following accounting policies involve a greater degree of judgment and complexity. Accordingly, we believe that the following accounting policies are the most critical to aid in fully understanding and evaluating

37




our consolidated financial condition and results of operations.
Revenue Recognition. We derive revenue from arrangements that include hardware products with embedded software, software licenses, technical support, and professional services. Revenue from products in the accompanying consolidated statements of operations consists primarily of sales of hardware appliances containing software, but also includes fees for the license of our technology in a software-only format, subscriptions of our advanced malware products and subscriptions to receive rules released by the Vulnerability Research Team, or VRT, that are used to update the appliances for current exploits and vulnerabilities. Technical support, which primarily has a contractual term of 12 months, includes telephone and web-based support, software updates, and rights to software upgrades on a when-and-if-available basis. Professional services include training and consulting.
For each arrangement, we recognize revenue when: (a) persuasive evidence of an arrangement exists (e.g., a signed contract); (b) delivery of the product has occurred and there are no remaining obligations or customer acceptance provisions; (c) the fee is fixed or determinable; and (d) collection of the fee is deemed probable.
For sales through resellers and distributors, we recognize revenue upon the shipment of the product only if those resellers and distributors provide us, at the time of placing their order, with the identity of the end-user customer to whom the product has been sold. To the extent that a reseller or distributor requests an inventory or stock of products, we defer revenue on that product until we receive notification that it has been sold through to an identified end-user.
All amounts billed or received in excess of the revenue recognized are included in deferred revenue. In addition, we defer all direct costs associated with revenue that has been deferred. These amounts are included in either prepaid expenses and other current assets or inventory in the accompanying balance sheets, depending on the nature of the costs and the reason for the deferral.
In October 2009, the Financial Accounting Standards Board, or FASB, amended the accounting standards for revenue recognition to remove from the scope of industry-specific software revenue recognition guidance any tangible products containing software components and non-software components that operate together to deliver the product’s essential functionality. In addition, the FASB amended the accounting standards for certain multiple-element revenue arrangements to:
i.
provide updated guidance on whether multiple elements exist, how the elements in an arrangement should be separated and how the arrangement consideration should be allocated to the separate elements;
ii.
require an entity to allocate arrangement consideration to each element based on a selling price hierarchy, where the selling price for an element is based on vendor-specific objective evidence, or VSOE, if available; third-party evidence, or TPE, if available and VSOE is not available; or the best estimate of selling price, or BESP, if neither VSOE or TPE is available; and
iii.
eliminate the use of the residual method and require an entity to allocate arrangement consideration based on the relative selling price of each element within the arrangement.
We adopted this accounting guidance on January 1, 2011 on a prospective basis for applicable transactions originating or materially modified after December 31, 2010.
The majority of our products are hardware appliances containing software components that operate together to provide the essential functionality of the product. Therefore, our hardware appliances are considered non-software deliverables and are no longer accounted for under the industry-specific software revenue recognition guidance.
Our product revenue also includes revenue from the sale of stand-alone software products. Stand-alone software may operate on our hardware appliance, but is not considered essential to the functionality of the hardware. Stand-alone software sales generally include a perpetual license for the use of our software. Stand-alone software sales continue to be accounted for under industry-specific software revenue recognition guidance.
For stand-alone software sales, we recognize revenue based on software revenue recognition guidance. Under the software revenue recognition guidance, we allocate the total arrangement fee among each deliverable based on the fair value of each of the deliverables, determined based on VSOE. If VSOE of fair value does not exist for each of the deliverables, all revenue from the arrangement is deferred until the earlier of the point at which sufficient VSOE of fair value can be determined for any undelivered elements or all elements of the arrangement have been delivered. If the only undelivered elements are elements for which we currently have VSOE of fair value, we recognize revenue for the delivered elements based on the residual method. When VSOE of fair value does not exist for undelivered elements such as maintenance and support, the entire arrangement fee is recognized ratably over the performance period.
For all transactions originating or materially modified after December 31, 2010, we recognize revenue in accordance with

38




the amended accounting guidance. Certain arrangements with multiple deliverables may continue to have stand-alone software deliverables that are subject to the industry-specific software revenue recognition guidance. The revenue for all of our other multiple deliverable arrangements is allocated to each element based on the relative selling prices of all of the elements in the arrangement using the fair value hierarchy in the amended revenue recognition guidance.
We have established VSOE of fair value for substantially all of our technical support based upon actual renewals of each type of technical support that is offered for each customer class. Technical support and technical support renewals are currently priced based on a percentage of the list price of the respective product or software and historically have not varied from a narrow range of values in the substantial majority of our arrangements. Revenue related to technical support is deferred and recognized ratably over the contractual period of the technical support arrangement, which is primarily 12 months. The VSOE of fair value of our other services is based on the price for these same services when they are sold separately. Revenue for professional services that are sold either on a stand-alone basis or included in multiple element arrangements is deferred and recognized as the services are performed.
We are typically not able to determine TPE for our products or services. TPE is determined based on competitor prices for similar deliverables when sold separately. Generally, our offerings contain a significant level of differentiation such that the comparable pricing of products with similar functionality cannot be obtained. Furthermore, we are unable to reliably determine what similar competitor products’ selling prices are on a stand-alone basis.
When we are unable to establish the selling price of our non-software deliverables using VSOE or TPE, we use BESP in our allocation of arrangement consideration. The objective of BESP is to determine the price at which we would transact a sale if the product or service were sold on a stand-alone basis. We determine BESP for a product or service by considering multiple factors including, but not limited to, gross margin objectives, pricing practices, customer classes and geographies and distribution channels.
For our non-software deliverables we allocate the arrangement consideration based on the relative selling price of the deliverables. For our hardware appliances we use BESP to determine our selling price. For our services, we generally use VSOE to determine our selling price.
An estimate of the revenue that would have been reported if we had applied the new revenue recognition guidance for the year ended December 31, 2010 is $132.5 million, compared to the $130.6 million of revenue recognized under the industry specific software revenue recognition rules.
We record taxes collected on revenue-producing activities on a net basis.
Changes in our judgments and estimates about these assumptions could materially impact the timing of our revenue recognition.
Accounting for Stock-Based Compensation. Stock-based awards granted include stock options, restricted stock awards, restricted stock units and stock purchased under our Amended and Restated 2007 Employee Stock Purchase Plan, or ESPP. Stock-based compensation expense is measured at the grant date, based on the fair value of the awards, and is recognized as expense over the requisite service period, net of estimated forfeitures.
We use the Black-Scholes option pricing model for estimating the fair value of stock options granted and for employee stock purchases under the ESPP. The use of option valuation models requires the input of highly subjective assumptions, including the expected term and the expected stock price volatility. Additionally, the recognition of expense requires the estimation of the number of stock-based awards that will ultimately vest and the number that will ultimately be forfeited. The fair value of stock-based awards is recognized as expense ratably over the requisite service period, net of estimated forfeitures. We rely on historical experience of employee turnover to estimate our expected forfeitures.
The key assumptions used in the Black-Scholes option valuation of stock options granted under the 2007 Stock Incentive Plan, or 2007 Plan, and ESPP grants include the following:
Average risk-free interest rate — This is the average U.S. Treasury rate, with a term that most closely resembles the expected life of the option, as of the grant date.
Expected dividend yield — We use an expected dividend yield of zero, as we have never declared or paid dividends on our common stock and do not anticipate paying dividends in the foreseeable future.
Expected life — This is the period of time that the stock options granted under our equity incentive plans and ESPP grants are expected to remain outstanding.

39




For determining the expected term of the stock options granted prior to July 2012, we based our expected term on the simplified method. This estimate is derived from the average midpoint between the weighted-average vesting period and the contractual term. Beginning in July 2012, we began using our own data in estimating the expected life as we have developed appropriate historical experience of employee exercise and post-vesting termination behavior considered in relation to the contractual life of the option. For ESPP grants, the expected life is the offering period.
Expected volatility — Volatility is a measure of the amount by which a financial variable such as a share price has fluctuated (historical volatility) or is expected to fluctuate (expected volatility) during a period.
For stock options granted prior to February 2012, since our historical stock data from our IPO in March 2007 was less than the expected life of the stock options, we used a blended volatility to estimate expected volatility. The blended volatility includes a weighting of our historical volatility from the date of our IPO to the respective grant date and an average of our peer group historical volatility consistent with the expected life of the option. Our peer group historical volatility includes the historical volatility of companies that are similar in revenue size, are in the same industry or are competitors. Beginning in February 2012, the expected volatility of any stock options granted will be based on the daily historical volatility of our stock price over the expected life of the options.
For ESPP grants, we use our historical volatility since we have historical data available since our IPO, which is consistent with the expected life.
If we were to employ different assumptions for estimating stock-based compensation expense in future periods, or if we were to decide to use a different valuation model, the amount of expense recorded in future periods could differ significantly from what we have recorded in recent periods.
The Black-Scholes option pricing model was developed for use in estimating the fair value of traded options that have no vesting restrictions and are fully transferable, which are characteristics that are not present in our option grants. Existing valuation models, including the Black-Scholes and Lattice models, may not provide reliable measures of the fair values of our stock-based compensation awards. Consequently, there is a risk that our estimates of the fair values of our stock-based compensation awards on the grant dates may be significantly different than the actual values upon the exercise, expiration, early termination or forfeiture of those stock-based payments in the future. Certain stock-based payments, such as employee stock options, may expire worthless or otherwise result in zero intrinsic value as compared to the fair values originally estimated on the grant date and reported in our financial statements. Alternatively, values may be realized from these instruments that are significantly higher than the fair values originally estimated on the grant date and reported in our financial statements.
The application of these principles may be subject to further interpretation and refinement over time. There are significant differences among valuation models, and there is a possibility that we will adopt different valuation models in the future. This may result in a lack of consistency between past and future periods and materially affect the fair value estimate of stock-based payments. It may also result in a lack of comparability with other companies that use different models, methods, and assumptions.
Our stock awards are generally subject to service-based vesting; however, in some instances, awards contain provisions for acceleration of vesting upon achievement of performance measures, change in control and in certain other circumstances. On a quarterly basis, we evaluate the probability of achieving performance measures and adjust stock-based compensation expense accordingly. The stock-based compensation expense is recognized ratably over the estimated vesting period. Stock-based compensation expense may fluctuate within a fiscal year, including from quarter-to-quarter, based on the probability of achieving those performance measures.
Accounting for Income Taxes. Deferred tax assets and liabilities are determined based on temporary differences between financial reporting and tax bases of assets and liabilities and for tax carryforwards at enacted statutory tax rates in effect for the years in which the differences are expected to reverse.
We assess the realizability of our deferred tax assets, which primarily consist of temporary differences associated with stock-based compensation expense and deferred revenue. In assessing the realizability of these deferred tax assets, we consider whether it is more likely than not that some portion or all of the deferred tax assets will be realized. In assessing the need for a valuation allowance, we consider all available evidence, both positive and negative, including historical levels of income, expectations and risks associated with estimates of future taxable income and ongoing prudent and feasible tax planning strategies.
With respect to foreign earnings, it is our policy to invest the earnings of foreign subsidiaries indefinitely outside the U.S. Any excess tax benefit, above amounts previously recorded for stock-based compensation expense, from the exercise of stock

40




options is recorded in additional paid-in-capital in the consolidated balance sheets to the extent that cash taxes payable are reduced.
Because tax laws are complex and subject to different interpretations, significant judgment is required. As a result, we make certain estimates and assumptions, in (i) calculating our income tax expense, deferred tax assets and deferred tax liabilities, (ii) determining any valuation allowance recorded against deferred tax assets and (iii) evaluating the amount of unrecognized tax benefits, as well as the interest and penalties related to such uncertain tax positions. Our estimates and assumptions may differ significantly from tax benefits ultimately realized.
Allowance for Doubtful Accounts and Sales Return Allowance. We make estimates regarding the collectability of our accounts receivable. When we evaluate the adequacy of our allowance for doubtful accounts, we consider multiple factors, including historical write-off experience, the need for specific customer reserves, the aging of our receivables, customer creditworthiness and changes in customer payment cycles. Historically, our allowance for doubtful accounts has been adequate based on actual results. If any of the factors used to calculate the allowance for doubtful accounts change or if the allowance does not reflect our actual ability to collect outstanding receivables, changes to our provision for doubtful accounts may be needed, and our future results of operations could be materially affected.
We also use our judgment to make estimates regarding potential future product returns related to reported product revenue in each period. We analyze factors such as our historical return experience, current product sales volumes, and changes in product warranty claims when evaluating the adequacy of the sales returns allowance. If any of the factors used to calculate the sales return allowance were to change, we may experience a material difference in the amount and timing of our product revenue for any given period.
Inventory. Inventory consists of hardware and related component parts and is stated at the lower of cost on a first-in, first-out basis, or market value, except for evaluation and advance replacement units which are stated at the lower of cost, on a specific identification basis, or market value. Evaluation units are used for customer testing and evaluation and are predominantly located at the customers’ premises. Advance replacement units, which include fully functioning appliances and spare parts, are used to provide replacement units under technical support arrangements if a customer’s unit is not functioning properly. We make estimates of forecasted demand for our products, and inventory that is obsolete or in excess of our estimated demand is written down to its estimated net realizable value based on historical usage, expected demand, the timing of new product introductions and age. It is reasonably possible that our estimate of future demand for our products could change in the near term and result in additional inventory write-downs, which would negatively impact our future results of operations.
Investments. We determine the appropriate classification of our investments at the time of purchase and reevaluate such classification as of each balance sheet date. Our available-for-sale investments are comprised of money market funds, corporate debt investments, commercial paper, government-sponsored enterprise securities, government securities and certificates of deposit. These investments are stated at fair value, with the unrealized gains and losses, net of tax, reported in the consolidated statements of comprehensive income. Amortization is included in interest and investment income. Interest on securities classified as available-for-sale is also included in interest and investment income.
We evaluate our available-for-sale investments on a regular basis to determine whether an other-than-temporary impairment in fair value has occurred. If an investment is in an unrealized loss position and we have the intent to sell the investment, or it is more likely than not that we will have to sell the investment before recovery of its amortized cost basis, the decline in value is deemed to be other-than-temporary and is charged against earnings for the period. For investments that we do not intend to sell or it is more likely than not that we will not have to sell the investment, but we expect that we will not fully recover the amortized cost basis, the credit component of the other-than-temporary impairment is charged against earnings for the applicable period and the non-credit component of the other-than-temporary impairment is recognized in the consolidated statements of comprehensive income and in accumulated other comprehensive income on our consolidated statement of stockholders’ equity. Unrealized losses entirely caused by non-credit related factors related to investments for which we expect to fully recover the amortized cost basis are recorded in accumulated other comprehensive income.
We account for our investment in a minority interest in a company over which we do not exercise significant influence using the cost method. Under the cost method, an investment is carried at cost until it is sold or there is evidence that changes in the business environment or other facts and circumstances suggest it may be other-than-temporarily impaired. If a decline in the fair value of a cost method investment is determined to be other-than-temporary, an impairment charge will be recorded and the fair value will become the new cost basis of the investment. Our cost method investment is included in other assets on the consolidated balance sheets.
Recent Accounting Pronouncements. In September 2011, the Financial Accounting Standards Board, or FASB, issued Accounting Standards Update No. 2011-08, Intangibles—Goodwill and Other (Topic 350)—Testing Goodwill for Impairment

41




to simplify how entities test goodwill for impairment. Entities are allowed to first assess qualitative factors to determine whether it is more likely than not that the fair value of a reporting unit is less than its carrying amount. If a greater than 50 percent likelihood exists that the fair value is less than the carrying amount then a two-step goodwill impairment test must be performed. We adopted this accounting gudiance in the fourth quarter of fiscal 2012, with no impact to our consolidated financial statements.
In June 2011, the FASB issued Accounting Standards Update No. 2011-05, Comprehensive Income (Topic 220)—Presentation of Comprehensive Income, to require an entity to present the total of comprehensive income, the components of net income, and the components of other comprehensive income either in a single continuous statement of comprehensive income or in two separate but consecutive statements. This guidance eliminates the option to present the components of other comprehensive income as part of the statement of equity. We adopted this guidance in the first quarter of fiscal 2012.

Off-Balance Sheet Arrangements
We have no off-balance sheet arrangements.
Item 7A.
QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK
Foreign Currency Risk
Nearly all of our revenue is derived from transactions denominated in U.S. dollars, which is our functional currency in the jurisdictions in which we operate; however, due to our foreign operations we incur costs and carry assets and liabilities that are denominated in foreign currencies. As a result, we have exposure to adverse changes in exchange rates, particularly the British Pound, Euro, Singapore Dollar, Swiss Franc, Brazilian Real and Japanese Yen. All assets, liabilities and operations of our foreign subsidiaries are remeasured into the U.S. dollar and all gains or losses from foreign currency remeasurement are recorded within other expense, net in the Consolidated Statements of Operations. Remeasurement adjustments resulted in a net expense of $0.5 million, $0.3 million and $0.3 million for the years ended December 31, 2012, 2011 and 2010, respectively.
Additionally, because a substantial portion of our operating expenses are denominated in foreign currencies, to the extent the U.S. dollar weakens against foreign currencies, the remeasurement of our foreign operating expenses into the U.S. dollar would result in increased expenses for our non-U.S. operations. For 2012, a 10% adverse change in exchange rates versus the U.S. dollar would have resulted in an increase of approximately $3.1 million in our consolidated operating expenses.
As we grow our international operations, our exposure to foreign currency risk could become more significant. We do not currently engage in currency hedging activities to limit the risk of exchange rate fluctuations.
Interest Rate Sensitivity
We had cash, cash equivalents and investments totaling approximately $204.0 million at December 31, 2012. The cash equivalents are held for working capital purposes while investments, made in accordance with our conservative investment policy, take advantage of higher interest income yields. In accordance with our investment policy, we do not enter into investments for trading or speculative purposes. Some of the securities in which we invest, however, may be subject to market risk. This means that a change in prevailing interest rates may cause the fair value of the investment to fluctuate. To minimize this risk in the future, we intend to maintain our portfolio of cash equivalents, short-term and long-term investments in a variety of securities, including commercial paper, money market funds, debt securities and certificates of deposit. Due to the nature of these investments, we believe that we do not have any material exposure to changes in the fair value of our investment portfolio as a result of changes in interest rates.
Credit Market Risk
We invest our cash in accordance with an established internal policy and our investments are comprised of money market funds, corporate debt investments, commercial paper, government-sponsored enterprise securities, government securities and certificates of deposit, that historically have been highly liquid and have matured at their full par values. Therefore, we believe our credit market risk is not material at this time. However, there is a risk that we may incur other-than-temporary impairment charges with respect to our investments as a result of volatility in financial markets or other factors.
Item 8.
FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA
Our consolidated financial statements are submitted on pages F-1 through F-28 of this report.

42




Item 9.
CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE
None.
Item 9A.
CONTROLS AND PROCEDURES
Evaluation of Disclosure Controls and Procedures. We maintain “disclosure controls and procedures,” as defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as amended (the “Exchange Act”), which are controls and other procedures that are designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the SEC’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is accumulated and communicated to the company’s management, including its principal executive and principal financial officers, as appropriate to allow timely decisions regarding required disclosure. Management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving their objectives and management necessarily applies its judgment in evaluating the cost-benefit relationship of possible controls and procedures. In addition, the design of any system of controls also is based in part upon certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions; over time, controls may become inadequate because of changes in conditions, or the degree of compliance with policies or procedures may deteriorate. Because of the inherent limitations in a control system, misstatements due to error or fraud may occur and not be detected.
Under the supervision and with the participation of our management, including our Interim Chief Executive Officer and Chief Financial Officer, we evaluated the effectiveness of the design and operation of our disclosure controls and procedures as of the end of the period covered by this report. Based on this evaluation, our Interim Chief Executive Officer and Chief Financial Officer have concluded that, as of the end of the period covered by this report, our disclosure controls and procedures were effective at the reasonable assurance level.
Changes in Internal Control Over Financial Reporting. No change in our internal control over financial reporting (as defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act) occurred during the fiscal quarter ended December 31, 2012 that has materially affected, or is reasonably likely to materially affect, our internal control over financial reporting.

43




Management’s Report on Internal Control Over Financial Reporting
Our management is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Rules 13a-15(f) and 15d-15(f) under the Exchange Act. Internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with U.S. generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (iii) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on our consolidated financial statements.
There are inherent limitations in the effectiveness of any internal control over financial reporting, including the possibility of human error and the circumvention or overriding of controls. Accordingly, even effective internal control over financial reporting can provide only reasonable assurance with respect to financial statement preparation and may not prevent or detect all misstatements. Further, because of changes in conditions, effectiveness of internal control over financial reporting may vary over time. Our internal control system was designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with U.S. generally accepted accounting principles.
Under the supervision and with the participation of our management, including our Interim Chief Executive Officer and Chief Financial Officer, we conducted an evaluation of the effectiveness of our internal control over financial reporting based on the framework in Internal Control — Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (the COSO criteria). Based on this evaluation, our management concluded that our internal control over financial reporting was effective as of December 31, 2012 to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with U.S. generally accepted accounting principles.
The effectiveness of our internal control over financial reporting as of December 31, 2012 has been audited by Ernst & Young LLP, independent registered public accounting firm, as stated in their report which is included herein.

44




Report of Independent Registered Public Accounting Firm on
Internal Control Over Financial Reporting
The Board of Directors and Stockholders of Sourcefire, Inc.:
We have audited Sourcefire, Inc.’s internal control over financial reporting as of December 31, 2012, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (the COSO criteria). Sourcefire, Inc.’s management is responsible for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting included in the accompanying Management’s Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the company’s internal control over financial reporting based on our audit.
We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
In our opinion, Sourcefire, Inc. maintained, in all material respects, effective internal control over financial reporting as of December 31, 2012, based on the COSO criteria.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated balance sheets of Sourcefire, Inc. as of December 31, 2012 and 2011, and the related consolidated statements of operations, comprehensive income, stockholders’ equity, and cash flows for each of the three years in the period ended December 31, 2012 of Sourcefire, Inc., and our report dated February 28, 2013 expressed an unqualified opinion thereon.
 
 
  
/s/ Ernst & Young LLP
Baltimore, Maryland
February 28, 2013
  
 

45





Item 9B.
OTHER INFORMATION
None.

PART III

Item 10.
DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE
The information required by this item will be set forth under the headings “Election of Directors,” “Information Regarding the Board of Directors and Corporate Governance,” “Executive Officers” and “Section 16(a) Beneficial Ownership Reporting Compliance” in the definitive Proxy Statement for our 2013 Annual Meeting of Stockholders (the “Proxy Statement”) and is incorporated into this report by reference.
Item 11.
EXECUTIVE COMPENSATION
The information required by this item will be set forth under the heading “Executive Compensation” in the Proxy Statement and is incorporated into this report by reference.
Item 12.
SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS
The information required by this item will be set forth under the headings “Security Ownership of Certain Beneficial Owners and Management” and “Executive Compensation — Employee Benefit Plans” in the Proxy Statement and is incorporated into this report by reference.
Item 13.
CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS, AND DIRECTOR INDEPENDENCE
The information required by this item will be set forth under the headings “Transactions with Related Persons” and “Information Regarding the Board of Directors and Corporate Governance — Independence of the Board of Directors” in the Proxy Statement and is incorporated into this report by reference.
Item 14.
PRINCIPAL ACCOUNTANT FEES AND SERVICES
The information required by this item will be set forth under the heading “Ratification of Selection of Independent Registered Public Accounting Firm” in the Proxy Statement and is incorporated into this report by reference.

PART IV

Item 15.
EXHIBITS AND FINANCIAL STATEMENT SCHEDULES
(a)
(1) Financial Statements.
The list of consolidated financial statements and schedules set forth in the accompanying Index to Consolidated Financial Statements at page F-1 of this annual report is incorporated herein by reference. Such consolidated financial statements and schedules are filed as part of this annual report.
(2) Financial Statement Schedules
The schedule required by this item is included in Note 16 to the Consolidated Financial Statements. All other financial statement schedules are not required or are inapplicable and therefore have been omitted.

46




(3) Exhibits.
The exhibits listed on the accompanying Exhibit Index are filed or incorporated by reference as part of this annual report and such Exhibit Index is incorporated herein by reference. Exhibits 10.1-10.21 listed on the accompanying Exhibit Index identify management contracts or compensatory plans or arrangements required to be filed as exhibits to this annual report, and such listing is incorporated herein by reference.


47





SIGNATURES
Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized, on February 28, 2013.
 
 
 
 
SOURCEFIRE, INC.
 
 
 
By:
/s/ Martin F. Roesch
 
 
Martin F. Roesch
Interim Chief Executive Officer and Chief Technology Officer
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant and in the capacities and on the dates indicated. Each person whose signature appears below constitutes and appoints Todd P. Headley and Douglas W. McNitt, and each of them, as attorneys-in-fact, each with the power of substitution, for him in any and all capacities, to sign any amendment to this Annual Report on Form 10-K and to file the same, with exhibits thereto and other documents in connection therewith, with the Commission, granting to said attorneys-in-fact, full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection therewith, as fully to all intents and purposes as he might or could do in person, hereby ratifying and confirming all that the said attorney-in-fact, or his substitute or substitutes, may lawfully do or cause to be done by virtue hereof.
 
 
 
 
 
 
Signature
 
Title
 
Date
 
 
 
/s/ Martin F. Roesch
 
Interim Chief Executive Officer, Chief Technology Officer and Director
 
February 28, 2013
Martin F. Roesch
 
(principal executive officer)
 
 
 
 
 
/s/ Todd P. Headley
 
Chief Financial Officer and Treasurer
 
February 28, 2013
Todd P. Headley
 
(principal financial and accounting officer)
 
 
 
 
 
/s/ John C. Becker
 
Director
 
February 28, 2013
John C. Becker
 
 
 
 
 
 
 
/s/ Michael Cristinziano
 
Director
 
February 28, 2013
Michael Cristinziano
 
 
 
 
 
 
 
/s/ Tim A. Guleri
 
Director
 
February 28, 2013
Tim A. Guleri
 
 
 
 
 
 
 
/s/ Charles E. Peters, Jr.
 
Director
 
February 28, 2013
Charles E. Peters, Jr.
 
 
 
 
 
 
 
/s/ Steven R. Polk
 
Director
 
February 28, 2013
Steven R. Polk
 
 
 
 
 
 
 
/s/ Arnold L. Punaro
 
Director
 
February 28, 2013
Arnold L. Punaro
 
 
 
 


S-1




INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
 
 
 
 
 
 
Page
Report of Independent Registered Public Accounting Firm
 
F-2
Consolidated Balance Sheets at December 31, 2012 and 2011
 
F-3
Consolidated Statements of Operations for the years ended December 31, 2012, 2011 and 2010
 
F-4
Consolidated Statements of Comprehensive Income for the years ended December 31, 2012, 2011 and 2010
 
F-5
Consolidated Statements of Stockholders’ Equity for the years ended December 31, 2012, 2011 and 2010
 
F-6
Consolidated Statements of Cash Flows for the years ended December 31, 2012, 2011 and 2010
 
F-7
Notes to Consolidated Financial Statements
 
F-8


F-1





REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
The Board of Directors and Stockholders of Sourcefire, Inc.:
We have audited the accompanying consolidated balance sheets of Sourcefire, Inc. as of December 31, 2012 and 2011, and the related consolidated statements of operations, comprehensive income, stockholders’ equity, and cash flows for each of the three years in the period ended December 31, 2012. These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on these financial statements based on our audits.
We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.
In our opinion, the financial statements referred to above present fairly, in all material respects, the consolidated financial position of Sourcefire, Inc. at December 31, 2012 and 2011, and the consolidated results of its operations and its cash flows for each of the three years in the period ended December 31, 2012, in conformity with U.S. generally accepted accounting principles.
We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), Sourcefire, Inc.’s internal control over financial reporting as of December 31, 2012, based on criteria established in Internal Control-Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission and our report dated February 28, 2013 expressed an unqualified opinion thereon.
As discussed in Note 2 to the consolidated financial statements, the Company changed its method of accounting for revenue recognition as a result of the adoption of the amendments to the FASB Accounting Standards Codification resulting from Accounting Standards Update (“ASU”) No. 2009-13, Multiple Deliverable Revenue Arrangements and ASU No. 2009-14, Certain Revenue Arrangements, That Include Software Elements, effective January 1, 2011.
/s/ Ernst & Young LLP
Baltimore, Maryland
February 28, 2013


F-2






SOURCEFIRE, INC.
CONSOLIDATED BALANCE SHEETS
(in thousands, except par value and share amounts)
 
 
December 31, 2012
 
December 31, 2011
Assets
 
 
 
 
Current assets:
 
 
 
 
Cash and cash equivalents
 
$
96,178

 
$
59,407

Short-term investments
 
87,962

 
68,858

Accounts receivable, net of allowances of $1,710 as of December 31, 2012 and $1,062 as of December 31, 2011
 
77,426

 
54,914

Inventory
 
6,880

 
4,285

Deferred tax assets
 
1,374

 
1,719

Prepaid expenses and other current assets
 
9,043

 
7,718

Total current assets
 
278,863

 
196,901

Property and equipment, net
 
15,438

 
12,233

Goodwill
 
15,000

 
15,000

Intangible assets, net
 
4,456

 
5,822

Investments
 
19,815

 
29,549

Deferred tax assets
 
11,649

 
9,620

Other assets
 
19,453

 
14,802

Total assets
 
$
364,674

 
$
283,927

Liabilities and Stockholders’ Equity
 
 
 
 
Current liabilities:
 
 
 
 
Accounts payable
 
$
8,545

 
$
5,407

Accrued compensation and related expenses
 
10,369

 
10,618

Other accrued expenses
 
8,869

 
7,212

Current portion of deferred revenue
 
65,763

 
50,606

Other current liabilities
 
799

 
572

Total current liabilities
 
94,345

 
74,415

Deferred revenue, less current portion
 
24,478

 
10,964

Other long-term liabilities
 
725

 
691

Total liabilities
 
119,548

 
86,070

Commitments and contingencies
 
 
 
 
Stockholders’ equity:
 
 
 
 
Preferred stock, $0.001 par value; 19,700,000 shares authorized; no shares issued or outstanding
 

 

Series A junior participating preferred stock, $0.001 par value; 300,000 shares authorized; no shares issued or outstanding
 

 

Common stock, $0.001 par value; 240,000,000 shares authorized; 30,346,395 and 29,041,530 shares issued and outstanding as of December 31, 2012 and December 31, 2011, respectively
 
30

 
28

Additional paid-in capital
 
255,610

 
213,402

Accumulated deficit
 
(10,522
)
 
(15,549
)
Accumulated other comprehensive income (loss)
 
8

 
(24
)
Total stockholders’ equity
 
245,126

 
197,857

Total liabilities and stockholders’ equity
 
$
364,674

 
$
283,927

See accompanying notes to consolidated financial statements.

F-3




SOURCEFIRE, INC.
CONSOLIDATED STATEMENTS OF OPERATIONS
(in thousands, except share and per share amounts)
 
 
 
Year Ended December 31,
 
 
2012
 
2011
 
2010
Revenue:
 
 
 
 
 
 
Products
 
$
135,490

 
$
98,166

 
$
78,436

Technical support and professional services
 
87,600

 
67,480

 
52,136

Total revenue
 
223,090

 
165,646

 
130,572

Cost of revenue:
 
 
 
 
 
 
Products
 
40,695

 
28,368

 
20,000

Technical support and professional services
 
11,321

 
8,841

 
6,828

Total cost of revenue
 
52,016

 
37,209

 
26,828

Gross profit
 
171,074

 
128,437

 
103,744

Operating expenses:
 
 
 
 
 
 
Research and development
 
41,570

 
33,145