SECURITIES
AND EXCHANGE COMMISSION
Washington,
D.C. 20549
FORM
S-3
REGISTRATION
STATEMENT UNDER THE SECURITIES ACT OF 1933
CITADEL
SECURITY SOFTWARE INC.
(Exact
name of registrant as specified in charter)
|
|
DELAWARE
|
|
75-2873882
|
|
|
(State
or other Jurisdiction of
|
|
(I.R.S.
Employer
|
|
|
Incorporation
or Organization)
|
|
Identification
No.)
|
TWO
LINCOLN CENTRE, SUITE 1600, 5420 LBJ FREEWAY
DALLAS,
TEXAS 75240
(214)
520-9292
(Address,
including zip code, and telephone number, including area code, of registrant's
principal executive offices)
Steven B.
Solomon, Chief Executive Officer
Citadel
Security Software Inc.
Two
Lincoln Centre, Suite 1600, 5420 LBJ Freeway
Dallas,
Texas 75240
(214)
520-9292
(Name,
address, including zip code, and telephone number, including area code, of agent
for service)
Copies
to:
David A.
Wood, Esq.
Wood
& Sartain, LLP
12655
North Central Expressway, Suite 325
Dallas,
Texas 75243
(972)
458-0300
(972)
701-0302 (FAX)
Approximate
date of commencement of proposed sale to the public: As soon as practicable
after this Registration Statement becomes effective.
If the
only securities being registered on this Form are being offered pursuant to
dividend or interest reinvestment plans, please check the following box.
o
If any of
the securities being registered on this Form are to be offered on a delayed or
continuous basis pursuant to Rule 415 under the Securities Act of 1933, other
than securities offered only in connection with dividend or interest
reinvestment plans, check the following box: x
If this
Form is filed to register additional securities for an offering pursuant to Rule
462(b) under the Securities Act, please check the following box and list the
Securities Act registration statement number of the earlier effective
registration statement for the same offering. o
If this
Form is a post-effective amendment filed pursuant to Rule 462(c) under the
Securities Act, check the following box and list the Securities Act registration
statement number of the earlier effective registration statement for the same
offering. o
If
delivery of the prospectus is expected to be made pursuant to Rule 434, please
check the following box. o
CALCULATION
OF REGISTRATION FEE
|
|
Title
of Each Class of Securities to be Registered
|
|
Amount
to be Registered(1)
|
|
Aggregate
Price per Unit
|
|
Proposed
Maximum Aggregate Offering Price
|
|
Proposed
Maximum Amount of Registration Fee
|
|
|
|
Common
Stock, par value $0.01 per share
|
|
|
110,000
|
|
|
|$
|
0.79
|
|
(4)
|
|$
|
86,900
|
|$
|
10.23
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Common
Stock, par value $0.01 per share, issuable upon conversion of Series B
Convertible Preferred Stock
|
|
|
4,516,129
|
|
(2)
|
|
$
|
1.55
|
|
(5)
|
|
$
|
7,000,000
|
|
$
|
823.90
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Common
Stock, par value $0.01 per Share, issuable upon exercise of
warrants
|
|
|
2,834,383
|
|
(3)
|
|
$
|
1.76
|
|
(6)
|
|
$
|
4,993,598
|
|
$
|
587.75
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Total
|
|
|
7,460,512
|
|
(5)
|
|
$
|
|
|
|
|
$
|
12,080,498
|
|
$
|
1421.88
|
|
|
(1) In
the event of a stock split, stock dividend, or similar transaction involving the
Registrant’s common stock, in order to prevent dilution, the number of shares
registered shall automatically be increased to cover the additional shares in
accordance with Rule 416(a) under the Securities Act.
(2)
Includes 4,516,129 shares of common stock issuable upon conversion of
outstanding shares of Series B Convertible Preferred Stock.
(3)
Includes 27,931 shares of common stock issuable on exercise of warrants held by
Comerica Incorporated, 1,806,452 shares of common stock issuable upon exercise
of warrants issued to the holders of our Series B Convertible Preferred Stock
and 1,000,000 shares of common stock issuable upon exercise of warrants issued
to the holder of our Series A Convertible Preferred Stock on May 9, 2005 in
exchange for warrants issued on February 10, 2004.
(4)
Estimated in accordance with Rule 457(c) solely for the purpose of calculating
the registration fee. The price shown is the average of the high and low price
of the Common Stock on June 7, 2005, as reported by The Nasdsq SmallCap Market.
(5)
Estimated based on the conversion price of the Series B Convertible Preferred
Shares in accordance with Rule 457(g) under the Securities Act of 1933, as
amended.
(6)
Estimated based on the exercise price of (i) 9,881 warrants at $5.06 per share
(ii) 18,050 warrants at $1.79 per share, (iii) 1,806,452 warrants at $1.75 per
share and (iv) 1,000,000 warrants at $1.75 per share, in accordance with Rule
457(g) under the Securities Act of 1933, as amended.
THE
REGISTRANT HEREBY AMENDS THIS REGISTRATION STATEMENT ON SUCH DATE OR DATES AS
MAY BE NECESSARY TO DELAY ITS EFFECTIVE DATE UNTIL THE REGISTRANT SHALL FILE A
FURTHER AMENDMENT WHICH SPECIFICALLY STATES THAT THIS REGISTRATION STATEMENT
SHALL THEREAFTER BECOME EFFECTIVE IN ACCORDANCE WITH SECTION 8(A) OF THE
SECURITIES ACT OF 1933 OR UNTIL THE REGISTRATION STATEMENT SHALL BECOME
EFFECTIVE ON SUCH DATE AS THE COMMISSION, ACTING PURSUANT TO SAID SECTION 8(A),
MAY DETERMINE.
THE
INFORMATION IN THIS PROSPECTUS IS NOT COMPLETE AND MAY BE CHANGED. THE SELLING
STOCKHOLDERS MAY NOT SELL THESE SECURITIES UNTIL THE REGISTRATION STATEMENT
FILED WITH THE SECURITIES AND EXCHANGE COMMISSION IS EFFECTIVE. THIS PROSPECTUS
IS NOT AN OFFER TO SELL THESE SECURITIES AND IT IS NOT SOLICITING AN OFFER TO
BUY THESE SECURITIES IN ANY STATE WHERE THE OFFER OR SALE IS NOT PERMITTED.
SUBJECT
TO COMPLETION, DATED June 8, 2005
PROSPECTUS
7,460,512
SHARES
Citadel
Security Software Inc.
COMMON
STOCK
This
prospectus relates to the resale of 7,460,512 shares of common stock, par value
$.01 per share of Citadel Security Software Inc. We are registering these shares
on behalf of selling stockholders named in this prospectus to be offered and
sold by them from time to time. The selling stockholders will receive all of the
proceeds from any sales of common stock. Assuming that all of the warrants held
by selling stockholders are exercised, we will realize proceeds of approximately
$4,993,598.
Our
common stock is traded on Nasdaq SmallCap Market under the symbol “CDSS”. On
June 7, 2005, the closing price of the common stock was $ 0.79.
We have
filed another registration statement relating to the resale by the selling
stockholders named in that registration statement of an additional 4,200,000
shares of our common stock issuable upon conversion of shares of preferred stock
and exercise of warrants (SEC File No. 333-113922).
AN
INVESTMENT IN OUR SECURITIES INVOLVES A HIGH DEGREE OF RISK. SEE “RISK FACTORS”
BEGINNING ON PAGE 5 FOR A DISCUSSION OF RISKS APPLICABLE TO US AND AN INVESTMENT
IN OUR COMMON STOCK.
NEITHER
THE SECURITIES AND EXCHANGE COMMISSION NOR ANY STATE SECURITIES COMMISSION HAS
APPROVED OR DISAPPROVED OF THESE SECURITIES OR DETERMINED IF THIS PROSPECTUS IS
TRUTHFUL OR COMPLETE. ANY REPRESENTATION TO THE CONTRARY IS A CRIMINAL OFFENSE.
The date
of this prospectus is __________ __, 2005
You
should read this summary together with the entire Prospectus, including the more
detailed information in our financial statements and accompanying notes
incorporated by reference in this Prospectus.
We
provide enterprise vulnerability management and policy compliance and
enforcement solutions that enable organizations to reduce the risk associated
with vulnerabilities in computer and network systems. With our solutions, public
and private enterprises are able to realize cost and process efficiencies,
proactively manage the latest threats and vulnerabilities and demonstrate
compliance with corporate mandates or government legislation. Vulnerabilities
are one of the fastest growing threats to enterprise network security, and since
our inception in 1996, we have been developing software products and services to
mitigate the risk of security vulnerabilities. Today, Citadel is a leader in
enterprise vulnerability management solutions, helping enterprises effectively
neutralize security vulnerabilities through automated vulnerability remediation
(AVR) technology.
Citadel
recognizes the importance of providing a platform built for the purpose of
enterprise vulnerability management. Our solutions provide capabilities to
secure the enterprise and focus on the needs of both security and information
technology (“IT”) operations professionals. Our team of security professionals
provides up-to-date vulnerability intelligence and has created the world’s
largest library of vulnerability remedies, exceeding 20,000 as of March 2005.
Citadel provides advanced software solutions that address the growing security
concerns of enterprises. Our products include Hercules AVR, ConnectGuard,
AssetGuard, SecurePC and NetOFF.
With
Citadel’s advanced AVR technology, enterprises now have a powerful, secure and
automated patch management and vulnerability remediation solution. Citadel’s
suite of vulnerability management solutions enables organizations to proactively
protect against vulnerabilities, saving valuable time and money, while
mitigating risk and complying with corporate and government mandates.
Our
vision is to change the future of securing computing devices in enterprise
environments. Our mission is to be a global leader in enterprise vulnerability
management software and to continually develop innovative solutions to secure IT
networks. It is our goal to ensure the continuity of business and the
availability of technology by eliminating the impact of security threats.
We are
driven to provide the highest level of customer satisfaction. By executing all
aspects of our business, including development, quality assurance, support,
marketing, professional services and sales with passion and dedication, we will
continue to earn the trust and confidence of our customers and the business and
government communities at large.
Citadel's
security software business was formed in 1996 as the result of the acquisition
of several technology businesses operated by a business incubator from 1996
through May 17, 2002 at which time Citadel was spun out from its former parent
as a stand alone company. Citadel is listed on the NASDAQ SmallCap Market and
trades under the symbol CDSS.
We are a
Delaware corporation. Our principal offices are located at Two Lincoln Centre,
Suite 1600, 5420 LBJ Freeway, Dallas, Texas 75240, and our telephone number is
(214) 520-9292. Our website is www.citadel.com. The contents of our website are
not incorporated into, or otherwise to be regarded as a part of, this
Prospectus.
This
prospectus relates to the resale of 7,460,512 shares of our common stock, par
value $.01 per share. We are registering these shares on behalf of selling
stockholders named in this prospectus to be offered and sold by them from time
to time. The selling stockholders will receive all of the proceeds from any
sales of common stock. Assuming that all of the warrants held by selling
stockholders are exercised, we will realize proceeds of approximately
$4,993,598. These funds would be used for general corporate
purposes.
Statements
in this prospectus or in the documents incorporated by reference herein that are
not descriptions of historical facts are forward-looking statements within the
meaning of the “safe harbor” provisions of the Private Securities Litigation
Reform Act of 1995. Reference is made in particular to the description of our
plans and objectives for future operations, assumptions underlying such plans
and objectives and other forward-looking terminology such as “may,” “expects,”
“believes,” “anticipates,” “intends,” “expects,” “projects,” or similar terms,
variations of such terms or the negative of such terms. Forward-looking
statements are based on management's current expectations. Actual results could
differ materially from those currently anticipated due to a number of factors,
including those set forth under “Risk Factors.”
In
addition, from time to time, Citadel or its representatives may make
forward-looking statements orally or in writing. Furthermore, forward-looking
statements may be included in Citadel's filings with the Securities and Exchange
Commission or press releases or oral statements made by or with the approval of
one of their executive officers. For each of these forward-looking statements,
Citadel claims the protection of the safe harbor for forward-looking statements
contained in the Private Securities Litigation Reform Act of 1995. These
forward-looking statements relate to future events or Citadel's future
performance, including but not limited to:
|
l
|
possible
or assumed future results of operations;
|
|
|
l
|
future
revenue and earnings; and
|
|
|
l
|
business
and growth strategies.
Forward-looking
statements are those that are not historical in nature, particularly those that
use terminology such as may, could, will, should, likely, expects, anticipates,
contemplates, estimates, believes, plans, projected, predicts, potential or
continue or the negative of these or similar terms. The statements contained in
this Prospectus that are not purely historical are forward-looking statements
within the meaning of Section 27A of the Securities Act of 1933, as amended, and
Section 21E of the Securities Exchange Act of 1934, as amended, including
statements regarding the Company’s expectations, beliefs, intentions or
strategies regarding the future. Forward-looking statements are subject to
certain known and unknown risks and uncertainties that could cause actual
results to differ materially from those expressed in any forward-looking
statements. These risks and uncertainties include, but are not limited to, the
following important factors with respect to Citadel: (1) the uncertainty of
general business and economic conditions, including the potential for a slowdown
in business and governmental expenditures on information technology and
software; (2) the impact of competition, both expected and unexpected; (3)
adverse developments, outcomes and expenses in legal proceedings; (4) the risk
that underlying assumptions or expectations related to the spin-off from our
former parent company prove to be inaccurate or unrealized; (5) the company's
inability to realize the anticipated benefits of strategic and operational
initiatives related to increased productivity, new product development,
technological advances, and the achievement of sales growth across the business
segments; and (6) those described under Risk Factors.
Forward-looking
statements are only predictions and speak only as of the date they are made.
Readers are cautioned not to place undue reliance on forward-looking statements.
The forward-looking events discussed in or incorporated by reference in this
prospectus and other statements made from time to time by Citadel or its
representatives may not occur, and actual events and results may differ
materially and are subject to risks, uncertainties and assumptions about
Citadel. Except for our ongoing obligations to disclose material information as
required by the federal securities laws, Citadel is not obligated to publicly
update or revise any forward-looking statement, whether as a result of new
information, future events or otherwise. In light of these risks, uncertainties
and assumptions, the forward-looking events discussed in or incorporated by
reference in this prospectus and in other statements made from time to time by
Citadel or its representatives might not occur.
“Citadel,”
the “Company,” “we,” “us,” and “our” refer to Citadel Security Software
Inc. Hercules®,
AssetGuard™, ConnectGuard™, Secure PC™ and NetOFF™ are trademarks or registered
trademarks of Citadel Security Software Inc. Other trademarks that may be
mentioned in this Prospectus are intellectual property of their respective
owners.
Investing
in our securities has a high degree of risk. Before you invest in our
securities, you should carefully consider the risks and uncertainties described
below and the other information included or incorporated by reference in this
Prospectus. If any of the following risks actually occur, our business,
operating results and financial condition could be harmed and the value of our
stock could go down. This means you could lose all or a part of your investment.
You
should carefully consider each of the following risk factors and all of the
other information in this Prospectus, our Annual Report on Form 10-KSB for the
years ended December 31, 2004 and 2003, our quarterly reports on Form 10-QSB and
10-Q and our Proxy Statements. The risks and uncertainties described below are
not the only ones Citadel will face. Additional risks and uncertainties not
presently known to Citadel or that it currently believes to be immaterial may
also adversely affect Citadel's business.
If any of
the following risks and uncertainties develops into actual events, the business,
financial condition or results of operations of Citadel could be materially
adversely affected. If that happens, the trading prices of our shares of common
stock could decline significantly.
The risk
factors below contain forward-looking statements. Actual results could differ
materially from those set forth in the forward-looking statements. See
Cautionary Statement Regarding Forward-Looking Statements above.
We
have a history of net losses and may need or decide to seek additional financing
to fund operations.
At March
31, 2005, we had cash and cash equivalents of $4,530,418 and stockholders equity
of $5,632,159. On May 9, 2005, we entered into agreements with Satellite Asset
Management (“Satellite”) related to a private placement for up to $11 million,
consisting of up to 11,000 shares of Series B Convertible Preferred Stock (the
“Series B Shares”), convertible into approximately 7.1 million shares of our
common stock at the initial conversion price of $1.55, and Warrants (“Warrants”)
to purchase approximately 2.8 million shares of our common stock at an initial
exercise price of $1.75 per share, in a private placement to accredited
investors under Regulation D of the Securities Act of 1933, as amended. In
addition, we and Satellite entered into an Exchange Agreement where we agreed to
exchange warrants to purchase 1.2 million shares of our common stock issued to
Satellite in connection with the sale of Series A Convertible Preferred Stock
with an exercise price of $5.15 per shares for new warrants (the “Exchange
Warrants”) to purchase up to 1.2 million shares of our common stock at an
initial exercise price of $1.75 per share.
On May 9,
2005, we closed the first tranche of the private placement for $7 million of
Series B Shares (convertible into approximately 4.5 million shares of our common
stock at the initial conversion price) and Warrants to purchase approximately
1.8 million shares of our common stock. In addition, 1 million shares of the
Exchange Warrants were issued and are immediately exercisable.
We have a
put option to sell up to an additional $4 million of Series B Shares
(convertible into approximately 2.6 million common shares) and warrants to
purchase approximately 1 million shares of common stock at an exercise price of
$1.75 per share, upon satisfaction of certain milestones, including shareholder
approval, which we intend to seek at our annual meeting anticipated to be held
in July 2005. If shareholder approval is obtained, the remaining 200,000 shares
under the Exchange Warrants will become exercisable. In the event Citadel
determines not to, or is unable to exercise the put option, Citadel will issue
the 1 million warrants to the investor. The proceeds from the preferred
stock financing are expected to be used for working capital and general
corporate purposes. We believe that cash provided from the Series B financing,
available cash balances and cash provided by operations is sufficient to fund
our business for the next twelve months.
We
believe that cash generated from the May 2005 preferred stock financing, our
existing cash balances and cash equivalents along with the cash balances
expected to be generated from the execution of our 2005 operating plan will be
sufficient to meet our cash requirements for the next twelve months. We have had
a history of annual operating losses and have reported a net loss to common
shareholders in the three months ended March 31, 2005 of approximately $5
million. If the operating losses continue, we may be required, or could elect,
to seek additional funding prior to that time. Our future capital requirements
will depend on many factors, including our rate of revenue growth, the timing
and extent of spending to support product development initiatives and expansion
of sales and marketing, the timing of introductions of new products,
enhancements to existing products, and the general market acceptance of our
products. We cannot assure you that additional equity or debt financing will be
available to us at the time we require the financing or available on acceptable
terms. The terms of our preferred stock and bank loans may also make it more
difficult for us to raise additional funds if needed. In the event we are
required to seek additional capital, our shareholders may be diluted and any
additional financing may have a material adverse effect on our results of
operations and share price. Our sources of liquidity beyond twelve months, in
our opinion, will be our then current cash balances, funds from operations, debt
or equity financings and any credit facilities we may arrange.
Our
operating results may be adversely affected by the uncertain geopolitical
environment, and unfavorable economic and market conditions.
Adverse
factors affecting economic conditions worldwide have contributed to a general
slowdown in information and technology and software spending and may continue to
adversely impact our business, resulting in:
|
|
·
|
Reduced
demand for our products as a result of a decrease in technology spending
by our customers and potential customers;
|
|
·
|
Increased
price competition for our products; and
|
|
·
|
Higher
overhead costs as a percentage of revenues.
Terrorist
and military actions may continue to put pressure on economic conditions. If the
economic and market conditions in the United States do not improve, or
deteriorate further, we may continue to experience material adverse impacts on
our business, operating results, and financial condition as a consequence of the
above factors or otherwise.
Citadel
stockholders may experience significant dilution if future equity offerings are
used to fund operations or acquire complementary businesses or as a result of
option exercises.
If future
operations or acquisitions are financed through the issuance of equity
securities, Citadel stockholders could experience significant dilution. In
addition, securities issued in connection with future financing activities or
potential acquisitions may have rights and preferences senior to the rights and
preferences of our common stock. The shares of Series B preferred stock and
warrants issued, and which maybe issued, may also result in dilution to our
stockholders.
We have
granted options to purchase shares of our common stock to our directors,
employees and consultants and we will grant additional options in the future.
Options to purchase 8,940,665 shares of common stock and warrants to issue
1,452,931 shares of common stock were outstanding as of March 31, 2005. The
issuance of shares of our common stock upon the exercise of these options may
result in dilution to our stockholders.
Our
convertible preferred stock and debt facilities may adversely impact us and our
common stockholders or have a material adverse effect on us.
We have
issued shares of Series A Convertible Preferred Stock (the “Series A
Preferred”), the terms of which may have a material adverse effect on Citadel
and its financial condition and results of operations. The Series A Preferred
has a liquidation preference in the amount of $15 million plus accrued and
unpaid dividends, which must be paid before common stockholders would receive
funds in the event of a liquidation of Citadel, including some changes of
control. In addition, Citadel is required to redeem the shares of Series A
Preferred in certain circumstances, including Citadel’s failure to deliver
shares of common stock to the holder of the Series A Preferred in connection
with the conversion of the shares of Series A Preferred or a change in control
of Citadel. Citadel has also agreed not to issue securities senior to or on a
par with the Series A Preferred (other than the Comerica Bank credit facilities)
while the Series A Preferred is outstanding, which could materially and
adversely affect the ability of Citadel to raise funds necessary to continue its
business.
We have
issued shares of Series B Convertible Preferred Stock (the “Series B
Preferred”), the terms of which may have a material adverse effect on Citadel
and its financial condition and results of operations. The Series B Preferred
has an initial liquidation preference in the amount of $7 million, and, if the
Company sells an additional $4 million worth of Series B Preferred, the
liquidation preference will be $11 million. Citadel is required to redeem the
shares of Series B Preferred for 101% of the liquidation preference in certain
circumstances, including if there is a material breach by Citadel of any of its
representations, warranties, covenants or agreements in the Series B transaction
documents or if there is a liquidation of the Company. If there is a change of
control, of Citadel, we may be required to redeem the Series B Preferred at 120%
of the liquidation preference for such shares. The Series B Preferred shares
will mature on May 9, 2008, at which time Citadel will be obligated to pay to
the holders of such shares the aggregate liquidation preference. The Series B
shares have a “full ratchet” anti-dilution provision if we issue shares below
the conversion price of the Series B Preferred, initially $1.55 per share, which
could materially and adversely affect the ability of Citadel to raise funds
necessary to continue its business or cause significant dilution to the holders
of common stock, causing our share price to decline. Citadel has also agreed not
to issue securities senior to or on a par with the Series B Preferred while the
Series B Preferred is outstanding and Citadel has agreed not to issue securities
at less than the floor price of $1.30 until stockholder approval is obtained,
which could materially and adversely affect the ability of Citadel to raise
funds necessary to continue its business.
The loans
from Comerica Bank required us to grant a security interest in all of our
assets, including intellectual property, to Comerica Bank, and in the event of a
default by Citadel under the Comerica loan documents, Comerica could foreclose
on the loans and acquire all of our assets. The loan also provides that the
indebtedness has priority on any liquidation over the shares of our common
stock, and limits our ability to pay dividends on our common stock. These terms
and conditions could have a material adverse effect on Citadel and its financial
condition and results of operations.
If
Citadel is required to raise additional funds to continue its business, there is
no guarantee that Citadel will be able to raise additional funds on favorable
terms or at all.
We
have a limited operating history as an independent public company and we have
been and may continue to be unable to operate profitably as a standalone
company.
Citadel
has a limited operating history as an independent public company since May 2002.
Prior to May 2002, since the businesses that comprise each of Citadel and its
former parent company were combined under one holding company, they were able to
rely, to some degree, on the earnings, assets, and cash flow of each other for
capital requirements. Following May 2002, Citadel has relied solely on its
security software business for such requirements. The security software business
has operated at a loss in the past for Citadel's former parent company and for
Citadel following May 2002, and there can be no assurance that such losses will
not continue or increase.
Our
earnings and stock price are subject to significant fluctuations.
Our
earnings and stock price have been and may continue to be subject to significant
volatility, particularly on a quarterly basis. We have stated previously and
continue to state that quarterly revenue is difficult to forecast. We have
previously experienced shortfalls in revenue and earnings from levels expected
by investors and analysts, which have had an immediate and significant adverse
effect on the trading price of our common stock and has resulted in shareholder
litigation. This may occur again in the future.
If
we lose the services of any of our key personnel, including our chief executive
officer or our directors, our business may suffer.
We are
dependent on our key officers, including Steven B. Solomon, our Chairman and
Chief Executive Officer, our directors, and our key employees in our finance,
technology, sales and marketing operations. Our business could be negatively
impacted if we were to lose the services of one or more of these persons.
Members
of our board of directors and management may have intercompany conflicts of
interest after our spin-off.
Members
of the board of directors and management of Citadel own shares of both Citadel
and CT Holdings common stock after our spin-off from our former parent company
because of their prior relationship and, in some cases, continuing relationships
as directors or executive officers with CT Holdings. In addition, following the
spin-off, two of the four directors of Citadel are also directors of CT
Holdings, and the Chief Executive Officer and Chief Financial Officer of Citadel
also continue to serve as Chief Executive Officer and Chief Financial Officer of
CT Holdings. These relationships could create, or appear to create, potential
conflicts of interest when Citadel's directors and management are faced with
decisions that could have different implications for Citadel and CT Holdings.
Examples of these types of decisions might include the resolution of disputes
arising out of the agreements governing the relationship between CT Holdings and
Citadel following the spin-off. Also, the appearance of conflicts, even if such
conflicts do not materialize, might adversely affect the public's perception of
Citadel following the spin-off.
Our
industry is characterized by rapid technological change and we will need to
adapt our development to these changes.
We
participate in a highly dynamic industry characterized by rapid change and
uncertainty relating to new and emerging technologies and markets. Future
technology or market changes may cause some of our products to become obsolete
more quickly than expected.
Introduction
of new operating systems may cause significant fluctuations in our financial
results and stock price.
If we are
unable to successfully and timely develop products that operate under existing
or new operating systems, or if pending or actual releases of the new operating
systems delay the purchase of our products, our future net revenues and
operating results could be materially adversely affected. Additionally, as
hardware vendors incorporate additional server-based network management and
security tools into network operating systems, the demand may decrease for some
of our products, including those currently under development.
The
trend toward consolidation in our industry may impede our ability to compete
effectively.
As
consolidation in the software industry continues, fewer companies dominate
particular markets, changing the nature of the market and potentially providing
consumers with fewer choices. Also, many of these companies offer a broader
range of products than us, ranging from desktop to enterprise solutions. We may
not be able to compete effectively against these competitors. Furthermore, we
may use strategic acquisitions, as necessary, to acquire technology, people and
products for our overall product strategy. The trend toward consolidation in our
industry may result in increased competition in acquiring these technologies,
people or products, resulting in increased acquisition costs or the inability to
acquire the desired technologies, people or products. Any of these changes may
have a significant adverse effect on our future revenues and operating results.
We
face intense price-based competition for licensing of our products.
Price
competition is often intense in the software market, especially for security
software products. Many of our competitors have significantly reduced the price
of their products. Price competition may continue to increase and become even
more significant in the future, resulting in reduced revenue and/or profit
margins.
We
must effectively adapt to changes in the dynamic technological environment of
the Internet in a timely manner.
Critical
issues concerning the commercial use of the Internet, including security,
reliability, cost, ease of use, accessibility, quality of service or potential
tax or other government regulation, remain unresolved and may affect the use of
the Internet as a medium to distribute or support our software products and the
functionality of some of our products. If we are unsuccessful in timely
assimilating changes in the Internet environment into our business operations
and product development efforts, our future net revenues and operating results
could be adversely affected.
Product
returns may negatively affect our revenue.
A
customer may return a product under very limited circumstances during the first
thirty to ninety days from shipment for a replacement if the media is damaged or
for a full refund if the software does not perform in accordance with written
specifications. Accordingly, the Company records a provision for returns against
license revenue in the same period the revenue is recognized. The provision is
estimated based on historical product returns and other known data as well as
market and economic conditions. An allowance for returns, allowances and bad
debts of $209,000 has been recorded at March 31, 2005. In the future, this
estimate may fluctuate from period to period due to factors including but not
limited to the value of actual returns, the average dollar value of licenses
granted in the period and the relative product revenue volume for the period. In
addition, future returns could exceed the reserves we have established, which
could have a material adverse effect on our operating results.
Current
reseller agreements generally do not provide for a contractual right of return,
future price concessions, or minimum purchase commitments. Payment is not
contingent upon the reseller’s future licensing of products. Revenue generated
from products licensed through various marketing channels where the right of
return might expressly or implicitly exist is reduced by reserves for estimated
product returns. Such reserves are estimates developed by management based on
returns history and current economic and market trends. Management determined
that no reserve for returns from resellers was required at March 31, 2005.
However, future returns could exceed the reserves we have established, which
could have a material adverse effect on our operating results.
Our
increased use of site licenses may increase fluctuations in our financial
results and could affect our business.
We are
increasingly emphasizing licenses to corporations and small businesses through
volume licensing agreements. These licensing arrangements tend to involve a
longer sales cycle than other distribution channels, require greater investment
of resources in establishing the enterprise relationship and can sometimes
result in lower operating margins. The timing of the execution of volume
licenses, or their non-renewal or renegotiation by large customers, could cause
our results of operations to vary significantly from quarter to quarter and
could have a material adverse impact on our results of operations. In addition,
if the corporate marketplace grows and becomes a larger component of the overall
marketplace, we may not be successful in expanding our corporate segment to take
advantage of this growth.
Changes
made to our sales organization and sales strategy could adversely affect our
future revenues.
Prior to
January 2004 our sales organization was centrally managed from our Dallas
headquarters. Since January 2004, we have created three geographic sales regions
focused on the commercial market and a public sector sales organization focused
on the government agencies. We have employed experienced and enterprise skilled
sales managers to manage these sales regions and public sector sales
organization. Each of these managers has employed experienced sales account
executives and assigned sales territories, responsibilities and quotas to these
sales account executives. We expect that these sales account executives will
seek sales opportunities in large enterprises consisting of Fortune 2000
companies and large government agencies with large geographically disbursed
networks.
Prior to
January 2004 this sales organization and strategy had not been executed by us.
Sales cycles are expected to be longer than previously experienced, less
predictable and we may not be successful in closing sales quickly or in a
regular or consistent manner from quarter-to-quarter or year-to-year. Our
dependence upon large enterprise sales may cause fluctuations in revenue from
quarter-to-quarter or year-to-year.
In
addition, our revenue has been highly dependent upon revenue derived from the
federal government and more specifically the Department of Veteran Affairs and
the Department of Defense. We expect that our revenue mix for the foreseeable
future to be weighted toward the federal government customers where we have been
engaged in the sales cycle for many months. We anticipate that the percentage of
our revenue derived from commercial enterprises will increase gradually over
time as our commercial sales executives reach the end of the long sales cycles
in accounts in the commercial sector. However there can be no assurance that our
sales executives will be successful in the near term or in the quarters or years
in which we expect to realize the sales.
Therefore
any one customer, or groups of customers, in the same industry segment could
become a material component of revenue in any future quarter or year. There can
be no assurance that the historical distribution of revenue by industry segment
or customer is representative of future revenue projections and we expect that
our revenue by industry segment and customer will vary dynamically from period
to period. In addition, the concentration of revenue in one industry or customer
is largely dependent upon factors outside of our control including, but not
limited to, the customer's information technology budgets and spending
availability, the general economic and political environment, or the complexity
of the customer's purchasing process, such as in the federal government. Due to
the concentration of our sales, delays in licensing of our products by one or
more large customers or potential customers would have a material adverse effect
on our results of operations and financial condition.
Our
financial forecasts may not be achieved, including due to the unpredictability
of end-of-period buying patterns, which could make our stock price more
volatile.
We do not
maintain significant levels of backlog. License fee revenue in any quarter is
dependent, in significant part, on contracts entered into or orders booked and
shipped in that quarter. The risk of quarterly fluctuations is increased by the
fact that a significant portion of our quarterly net revenue has historically
been generated during the last month of each fiscal quarter. Many enterprise
customers negotiate site licenses near the end of each quarter. Due to these
end-of-period buying patterns, forecasts may not be achieved, either because
expected sales do not occur or because they occur at lower prices or on terms
that are less favorable to us.
In
addition, fluctuations may be caused by a number of other factors, including:
|
·
|
the
timing and volume of customer orders and customer cancellations;
|
·
|
a
change in our revenue mix of products and services and a resulting change
in the gross margins;
|
·
|
the
timing and amount of our expenses;
|
·
|
the
introduction of competitive products by existing or new competitors;
|
·
|
reduced
demand for any given product;
|
·
|
quarterly
seasonality of customer buying patterns due to holidays and vacation
patterns; and
|
·
|
the
market’s transition between operating systems.
Due to
these factors, forecasts may not be achieved, either because expected revenues
do not occur or because they occur at lower prices, at later times, or on terms
that are less favorable to us. In addition, these factors increase the chances
that our results could diverge from the expectations of investors and analysts.
If so, the market price of our stock would likely decrease and may result in
shareholder lawsuits.
We
face risks associated with governmental contracting.
Our
customers include agencies of the U.S. government and other U.S., state and
local governments or agencies. Government agencies present us with processes
that are unique to these organizations including procurement, budgetary
constraints and cycles, contract modifications and cancellations, government
audits and security clearances.
Contracting
with public sector customers is highly competitive and can be expensive and
time-consuming, often requiring that we incur significant upfront time and
expense without any assurance that we will win a contract. Public sector
customers may also change the way they procure new contracts and may adopt new
rules or regulations governing contract procurement, including required
competitive bidding or use of “open source” products, where available. Demand
and payment for our products and services are impacted by public sector
budgetary cycles and funding availability, with funding reductions or delays
adversely impacting public sector demand for our products and services.
Public
sector customers often have contractual or other legal rights to terminate
current contracts for convenience or due to a default. If a contract is
cancelled for convenience, which can occur if the customer’s product needs
change, we may only be able to collect for products and services delivered prior
to termination. If a contract is cancelled because of default, we may only be
able to collect for products and services delivered, and we may be forced to pay
any costs incurred by the customer for procuring alternative products and
services. The U.S. government may also terminate contracts with us if we come
under foreign government control or influence, require that we disclose our
pricing data during the course of negotiations, ban us from doing business with
any government entity and require us to prevent access to classified data.
U.S.
government and other state and local agencies routinely investigate and audit
government contractors’ administrative processes. They may audit our performance
and pricing and review our compliance with applicable rules and regulations. If
they find that we have improperly allocated costs, they may require us to refund
those costs or may refuse to pay us for outstanding balances related to the
improper allocation. An unfavorable audit could result in a reduction of
revenue, and may result in civil or criminal liability if the audit uncovers
improper or illegal activities.
Some
agencies within the U.S. government require some or all of our personnel to
obtain proper security clearance. If our key personnel are unable to obtain or
retain this clearance, we may be unable to bid for or retain some government
contracts.
We
are highly dependent on revenue from our flagship product, Hercules.
We have
historically derived the majority of our revenue from our flagship product
Hercules. This product is expected to continue to account for a significant
portion of our total revenue. Because of this revenue concentration, our
business could be harmed by a decline in demand for, or in the price of, this
product as a result of, among other factors, any change in our pricing model,
maturation in the markets for this product or other risks described in this
document.
The
results of our research and development efforts are
uncertain.
We
believe that we will need to make significant research and development
expenditures to remain competitive. While we perform extensive usability and
beta testing of new products, the products we are currently developing or may
develop in the future may not be technologically successful. If they are not
technologically successful, our resulting products may not achieve market
acceptance and our products may not compete effectively with products of our
competitors currently in the market or introduced in the future
The
length of the product development and sales cycles are difficult to predict,
which makes it difficult to predict future revenues and which may cause us to
miss analysts’ estimates and result in our stock price declining.
The
length of our product development and sales cycles has been and may continue to
be greater than originally expected. We may experience delays in future product
development or sales. These delays could have a material adverse effect on the
amount and timing of future revenues. Because our licensing cycle is a lengthy
process, the accurate prediction of future revenues from new licenses is
difficult. In addition, engineering services are dependent upon the varying
level of assistance desired by licensees and, therefore, revenue from these
services is also difficult to predict. We employ two methods of contract revenue
accounting based upon the state of the technology licensed, the dollar magnitude
of the program, and the ability to estimate work required over the contract
period. We use ratable revenue recognition for mature technologies that require
support after delivery of the technology. This method results in expenses
associated with a particular contract to be recognized as incurred over the
contract period, whereas contract fees associated with the contract are
recognized ratably over the period during which the post-contract customer
support is expected to be provided. We also use percentage-of-completion
accounting for contracts that may require significant development and support
over the contract term. There can be no assurance that we can accurately
estimate the amount of resources required to complete projects, or that we will
have, or be able to expend, sufficient resources required to complete a project.
Furthermore, there can be no assurance that the product development schedule for
these projects will not be changed or delayed. All of these factors make it
difficult to predict future licensing revenue that may result in us missing
analysts’ estimates and causing our stock price to decline.
Our
efforts to develop and introduce Hercules as part of an appliance to the market
is unproven and may not be successful and our future revenue and operating
results could be adversely affected.
We have
announced the introduction of the Hercules Security-On-Demand appliance which is
expected to be released for general availability in the second quarter of 2005.
Because of our limited experience with the manufacturing of appliances, our
efforts to develop and sell appliances may not be as successful as we
anticipate. In addition, we expect that the gross margins generated from the
revenue from our appliance will be lower than the gross margins generated from
our software products. Our appliance solution may not achieve market acceptance
and may not be able to compete with solutions either currently in the market or
introduced in the future. In addition, we will sell the appliance under a new
usage based pricing model which is largely untested in the software industry and
may not be accepted by customers. We may also sell the appliance solution
through channels in which we have only limited experience. If we are unable to
achieve market acceptance of the appliance and new pricing and sales models or
compete effectively with solutions of our competitors, our future net revenues
and operating results could be adversely affected.
We will
rely on a third party to manufacture our appliance hardware product. Reliance on
third-party manufacturers, involves a number of risks, including the lack of
control over the manufacturing process and the potential absence or
unavailability of adequate capacity. If our third party manufacturer cannot or
will not manufacture our appliance in required volumes on a cost-effective
basis, in a timely manner, or at all, we will have to secure additional
manufacturing capacity. Even if this additional capacity is available at
commercially acceptable terms, the qualification process could be lengthy and
could cause interruptions in appliance shipments. The unexpected loss of this
third party manufacturer would be disruptive to our business.
If
the carrying value of our long-lived assets is not recoverable, an impairment
loss must be recognized which would adversely affect our financial results.
We
evaluate our long-lived assets, including property and equipment and capitalized
software development costs whenever events or circumstances occur, which
indicate that these assets might be impaired. Capitalized software development
costs are evaluated annually for impairment in the fourth quarter of each fiscal
year, regardless of events and circumstances. We will continue to evaluate the
recoverability of the carrying amount of our long-lived assets, and we may incur
substantial impairment charges, which could adversely affect our financial
results.
We
must manage and restructure our operations effectively.
We
continually evaluate our product and corporate strategy. We have in the past
undertaken and will in the future undertake organizational changes and/or
product and marketing strategy modifications. These organizational changes
increase the risk that objectives will not be met due to the allocation of
valuable limited resources to implement changes. Further, due to the uncertain
nature of any of these undertakings, these efforts may not be successful and we
may not realize any benefit from these efforts.
We
must attract and retain personnel while competition for personnel in our
industry is intense.
We
believe that our future success will depend in part on our ability to recruit
and retain highly skilled management, sales and marketing and technical
personnel. Competition in recruiting personnel in the software industry is
intense. To accomplish our objectives, we believe that we must provide personnel
with a competitive compensation package, including stock options which may
require ongoing stockholder approval.
Our
software may be subject to defects and product liability.
Software
products frequently contain errors or defects, especially when first introduced
or when new versions or enhancements are released. We have not experienced any
material adverse effects resulting from any of these defects or errors to date
and we test our products prior to release. Nonetheless, defects and errors could
be found in current versions of our products, future upgrades to current
products or newly developed and released products. Software defects could result
in delays in market acceptance or unexpected reprogramming costs, which could
materially adversely affect our operating results. Most of our license
agreements with customers contain provisions designed to limit our exposure to
potential product liability claims. It is possible, however, that these
provisions limiting our liability may not be valid as a result of federal,
state, local or foreign laws or ordinances or unfavorable judicial decisions. A
successful product liability claim could have a material adverse effect on our
business, operating results and financial condition.
Our
software products and web site may be subject to intentional disruption.
While we
have not been the target of software viruses or other attacks specifically
designed to impede the performance of our products or disrupt our website, such
viruses or other attacks could be created and deployed against our products or
website in the future. Similarly, experienced computer programmers, or hackers,
may attempt to penetrate our network security or the security of our website
from time to time. A hacker who penetrates our network or website could
misappropriate proprietary information or cause interruptions of our services.
We might be required to expend significant capital and resources to protect
against, or to alleviate, problems caused by virus creators and hackers.
Increased
customer demands on our technical support services may adversely affect our
financial results.
We may be
unable to respond quickly enough to short-term increases in customer demand for
support services. We also may be unable to modify the format of our support
services to compete with changes in support services provided by competitors.
Further customer demand for these services, without corresponding revenue could
increase costs and adversely affect our operating results.
We
rely on third party technologies.
Our
software products are designed to run on multiple operating systems and
integrate with security products from other vendors. Although we believe that
the target operating systems and products are and will be widely utilized by
businesses in the corporate market, no assurances can be given that these
businesses will actually adopt such technologies as anticipated or will not in
the future migrate to other computing technologies that we do not support.
Moreover, if our products and technology are not compatible with new
developments from these companies, as to which there can be no assurances, our
business, results of operations and financial condition could be materially and
adversely affected. Further, the determination by any of the companies which
offer scanners not to permit us to support their scanners, could have a material
adverse effect on our financial condition or results of operations.
In
addition, some of our products incorporate licensed software. We must be able to
obtain reasonably priced licenses and successfully integrate this software with
our technologies. In addition, some of our products may include “open source”
software. Our ability to commercialize products or technologies incorporating
open source software may be restricted because, among other reasons, open source
license terms may be ambiguous and may result in unanticipated obligations
regarding our products.
We
rely on outside research organizations and scanning vendors.
With
respect to security vulnerability research, we monitor various security
intelligence websites, Internet Relay Chat, or IRC channels and alerts from our
scanning partners for the identification of new vulnerabilities and exploits and
we have contracted with iDefense to provide updated vulnerability research data
in addition to our own research efforts. Our own research team uses publicly
available research to find information on vulnerabilities and their attributes.
There can be no assurance that iDefense or the publicly available sites will
continue to operate as a going concern and that the data they provide will be
delivered without interruption. We have established business relationships with
scanning vendors. Hercules is interoperable with their scanning tools and
although not required for Hercules to remediate vulnerabilities, Hercules
imports the scan data results from those scanning tools to perform remediation.
The termination of one or more of the scanning vendor relationships with us
could have a material adverse effect on our results of operations.
We
face aggressive competition in many areas of our business, and our business will
be harmed if we fail to compete effectively.
We
encounter aggressive competition from numerous competitors in many areas of our
business. Many of our current and potential competitors have longer operating
histories, greater name recognition and substantially greater financial,
technical and marketing resources than we have. We may not be able to compete
effectively with these competitors. To remain competitive, we must develop new
products and periodically enhance our existing products in a timely manner. We
anticipate that we may have to adjust the prices of many of our products to stay
competitive. In addition, new competitors may emerge, and entire product lines
may be threatened by new technologies or market trends that reduce the value of
these product lines. The market in which we compete is influenced by the
strategic direction of major computer hardware manufacturers and operating
system software providers. Our competitiveness depends on our ability to enhance
existing products and to offer successful new products on a timely basis. We
have limited resources and must restrict product development efforts to a
relatively small number of projects.
Our
management team is new and its working relationships are untested.
We have
only recently assembled our management team. Some members of our management team
have worked with each other in the past, although we cannot assess at this time
the effectiveness of their working relationships and may be required to make
changes in the management team to achieve our objectives.
We
rely on intellectual property and proprietary rights.
We regard
our software as proprietary and underlying technology as proprietary. We seek to
protect our proprietary rights through a combination of confidentiality
agreements and copyright, patent, trademark and trade secret laws. However, we
do not employ technology to prevent copying of our products. Third parties may
copy aspects of our products or otherwise obtain and use our proprietary
information without authorization or develop similar technology independently.
We do not
have any patents or currently registered copyrights on any of our proprietary
technology that we believe to be material to our future success. Although we
have filed five currently pending utility patent application in the United
States and one related currently pending Patent Cooperation Treaty patent
application which has been the basis for eleven currently pending foreign
applications with respect to some of our business applications and intellectual
property rights related to our Hercules software, we have been issued no patents
and we cannot assure you that any will be issued. Our future patents, if any,
may be successfully challenged and may not provide us with any competitive
advantages. We may not develop proprietary products or technologies that are
patentable and other parties may have prior claims.
In
selling our products, we have in the past relied primarily on shrink wrap
licenses that are not signed by licensees, and, therefore, such licenses may be
unenforceable under the laws of some jurisdictions. In addition, existing
copyright laws afford limited practical protection. Furthermore, the laws of
some foreign countries do not offer the same level of protection of our
proprietary rights as the laws of the United States.
Patent,
trademark and trade secret protection is important to us because developing and
marketing new technologies and products is time-consuming and expensive. We do
not own any U.S. or foreign patents or registered intellectual property except
our registered copyright in the code for our Hercules Software and our United
States registered trademark for the mark Hercules in Class 9. We may not obtain
issued patents or other protection from any future patent applications owned by
or licensed to us.
Our
competitive position is also dependent upon unpatented trade secrets. Trade
secrets are difficult to protect. Our competitors may independently develop
proprietary information and techniques that are substantially equivalent to ours
or otherwise gain access to our trade secrets, such as through unauthorized or
inadvertent disclosure of our trade secrets.
There can
be no assurance that our means of protecting our proprietary rights will be
adequate or that our competitors will not independently develop similar
technology substantially equivalent or superseding proprietary technology.
Furthermore, there can be no assurance that any confidentiality agreements
between us and our employees will provide meaningful protection of our
proprietary information, in the event of any unauthorized use or disclosure
thereof. Any legal action that we may bring to protect proprietary information
could be expensive and may distract management from day-to-day operations.
We
are involved in litigation, and may become involved in future litigation, which
may result in substantial expense and may divert our attention from the
implementation of our business strategy.
We
believe that the success of our business depends, in part, on obtaining
intellectual property protection for our products, defending our intellectual
property once obtained and preserving our trade secrets. Litigation may be
necessary to enforce our intellectual property rights, to protect our trade
secrets and to determine the validity and scope of our proprietary rights. Any
litigation could result in substantial expense and diversion of our attention
from our business, and may not adequately protect our intellectual property
rights.
In
addition, we may be sued by third parties who claim that our products infringe
the intellectual property rights of others. This risk is exacerbated by the fact
that the validity and breadth of claims covered in technology patents involve
complex legal and factual questions for which important legal principles are
unresolved. While we are not aware of any basis for such claims and are not
currently party to any material lawsuits, any litigation or claims against us,
whether or not valid, could result in substantial costs, place a significant
strain on our financial resources, divert management resources and harm our
reputation. Such claims could result in awards of substantial damages, which
could have a significant adverse impact on our results of operations. In
addition, intellectual property litigation or claims could force us to:
|
|
·
|
cease
licensing, incorporating or using any of our products that incorporate the
challenged intellectual property, which would adversely affect our
revenue;
|
|
·
|
obtain
a license from the holder of the infringed intellectual property right,
which license may not be available on reasonable terms, if at all; and
|
|
·
|
redesign
our products, which would be costly and time-consuming.
In
January, February and March 2005, seven virtually identical lawsuits were filed
against Citadel, Steven B. Solomon, our Chief Executive Officer and a Director,
and Richard Connelly, our Chief Financial Officer. These suits have been
consolidated in one action styled Ruth R. Lentz v. Citadel Security Software,
Inc., et al., Civil Action No. 3:05-CV-0100-D, in the United States District
Court for the Northern District of Texas. Each case was filed on behalf of a
putative class of persons and/or entities who purchased our securities between
February 12, 2004 and December 16, 2004, inclusive. The suits seek recovery of
unspecified damages under Sections 10(b) and 20(a) of the Securities Exchange
Act of 1934, as amended, and Rule 10b-5 promulgated thereunder. The suits were
filed after our announcement on December 17, 2004 that our projection of revenue
and earnings for the full year 2004 would be less than previously
projected. On May 25, 2005, the court appointed a lead plaintiff and
approved plaintiff's selection of lead counsel. We believe these suits are
without merit and intend to vigorously defend them. Discovery has not yet
commenced, and no trial date has been set. These lawsuits could be
time-consuming and costly and could divert the attention of our management
personnel.
On April
1, 2005, a shareholder derivative suit styled Harry
Brantley, derivatively on behalf of Citadel Security Software Inc. v. Steven B.
Solomon, Richard Connelly, Chris A. Economou, John Leide and Joe M.
Allbaugh, Cause
No. 05-03117-L, was filed in the 193rd State
District Court in Dallas County, Texas on behalf of Citadel against certain of
the Company’s officers and directors: Steven B. Solomon, the Chief Executive
Officer and a Director of the Company; Richard Connelly, the Company’s Chief
Financial Officer; and Chris A. Economou, John Leide and Joe M. Allbaugh,
Directors of the Company. The suit also names the Company as a nominal
defendant. Based on allegations substantially similar to the federal securities
action, the suit asserts claims for the defendants’ alleged violations of state
law, including breaches of fiduciary duties, abuse of control, gross
mismanagement, waste of corporate assets, and unjust enrichment that allegedly
occurred during the same period of time at issue in the federal securities
action. The suit seeks the recovery of damages, fees, costs, equitable and/or
injunctive remedies, and disgorgement of all profits, benefits and other
compensation. The ultimate outcome is not currently predictable.
On April
28, 2005, a shareholder derivative suit styled Hans
J. Baier, derivatively on behalf of Nominal Defendant, Citadel Security Software
Inc., v. Steven B. Solomon, Richard Connelly and Chris
Economou, Civil
Action No. 3-05CV-0846-D, was filed in United States District Court for the
Northern District of Texas, Dallas Division, against certain of the Company’s
officers and directors: Steven B. Solomon, the Chief Executive Officer and a
Director of the Company, Richard Connelly, the Company’s Chief Financial Officer
and Chris Economou, a Director of the Company. The suit also names the Company
as a nominal defendant. On May 5, 2005, the court consolidated this suit
with the federal securities action. Based on allegations substantially similar
to the federal securities action, the suit asserts claims for the defendants’
alleged violations of state law, including breaches of fiduciary duties, abuse
of control, gross mismanagement, waste of corporate assets and unjust enrichment
for the same period of time at issue in the federal securities action. The suit
also purports to assert a claim against Steven B. Solomon and Richard Connelly
pursuant to a federal statute for reimbursement of bonuses, profits and
compensation. The suit seeks the recovery of damages, fees, costs, equitable
and/or injunctive remedies, and disgorgement of all profits, benefits and other
compensation. The ultimate outcome is not currently predictable.
On April
8, 2005, Meyers Associates, L.P. f/k/a Roan/Meyers Associates, L.P. and f/k/a
Janssen-Meyers Associates, L.P. (“Meyers”) filed a lawsuit in the Court of
Chancery of the State of Delaware, in New Castle County, against the Company, CT
Holdings, Inc. f/k/a Citadel Technology, Inc. and f/k/a Citadel Computer
Systems, Inc. (“CT Holdings”) and certain current and former officers and
directors of the Company and/or CT Holdings, including Steven B. Solomon, the
Chief Executive and a Director of the Company, Chris A. Economou, a Director of
the Company, Lawrence Lacerte, a former Director of the Company, and Phillip J.
Romano, a former Director of the Company (the “Individual Defendants”). The suit
alleges that in connection with an action filed in the Supreme Court of New
York, New York County, to enforce a Settlement Term Sheet executed on July 7,
2000 by Meyers and CT Holdings, Meyers was awarded a judgment against CT
Holdings in the amount of $3 million plus interest on the judgment at the rate
of 9% from October 31, 2000 until the date of entry of that judgment and
thereafter at the statutory rate (the “Judgment”). CT Holdings has appealed the
Judgment and that appeal is pending. The suit alleges that CT Holdings’ May 2002
spin-off of its interests in Citadel to CT Holdings’ shareholders rendered CT
Holdings insolvent and constituted a fraudulent conveyance to defraud CT
Holdings’ creditors, including Meyers. The suit asserts fraudulent conveyance
claims against Citadel and CT Holdings pursuant to Delaware statutory and common
law. The suit also asserts a claim against Citadel for successor liability as
the alleged successor in interest or alter ego of CT Holdings. The suit
alleges that the Individual Defendants who were officers and/or directors of CT
Holdings at the time of the spin-off breached fiduciary duties allegedly owed to
creditors of CT Holdings, including Meyers, by approving and allowing the
spin-off transaction. The suit seeks to void the spin-off transaction or
alternatively, to hold Citadel liable for the Judgment including interest, to
recover damages against the Individual Defendants in an amount not less than the
Judgment including interest, plus an unspecified amount of punitive,
consequential and incidental damages, as well as attorneys’ fees and costs. The
Company believes that this suit is without merit and intends to vigorously
defend this action. The ultimate outcome is not currently
predictable.
From time
to time, we may be subject to additional legal claims incidental to our
business. We may suffer an unfavorable outcome as a result of one or more
claims. We do not expect the final resolution of these claims to have a material
adverse effect on our financial position, individually or in the aggregate.
However, depending on the amount and timing of unfavorable resolutions of claims
against us, or the costs of settlement or litigation, our future results of
operations or cash flows could be materially adversely affected.
Our
former parent company, CT Holdings, is a party to some legal proceedings, to
which Citadel is not a party. If a court in a lawsuit by an unpaid creditor or
representative of creditors, such as a trustee in bankruptcy, were to find that
at the time CT Holdings effected the spin-off of Citadel, CT Holdings or Citadel
(1) was insolvent; (2) was rendered insolvent by reason of the spin-off
distribution; (3) was engaged in a business or transaction for which their
respective remaining assets constituted unreasonably small capital; or (4)
intended to incur, or believed it would incur, debts beyond its ability to pay
as such debts matured, such court may be asked to void the spin-off distribution
(in whole or in part) as a fraudulent conveyance and require that the
stockholders return the Citadel Shares (in whole or in part) to CT Holdings or
require Citadel to fund certain liabilities for the benefit of creditors.
Citadel believes that at the time of the spin-off distribution, the spin-off
would not have given rise to any such claims.
Some
provisions of our Certificate of Incorporation and Bylaws may discourage
takeovers.
Our
certificate of incorporation and bylaws contain some anti-takeover provisions
that may make more difficult or expensive or that may discourage a tender offer,
change in control or takeover attempt that is opposed by our board of directors.
In particular, our certificate of incorporation and bylaws:
|
|
·
|
classify
Citadel’s board of directors into three groups, so that stockholders elect
only one-third of the board each year;
|
|
·
|
permit
stockholders to remove directors only for cause and only by the
affirmative vote of at least 80% of Citadel’s voting shares;
|
|
·
|
permit
a special stockholders’ meeting to be called only by a majority of the
board of directors;
|
|
·
|
do
not permit stockholders to take action except at an annual or special
meeting of stockholders;
|
|
·
|
require
stockholders to give Citadel advance notice to nominate candidates for
election to Citadel’s board of directors or to make stockholder proposals
at a stockholders’ meeting;
|
|
·
|
permit
Citadel’s board of directors to issue, without stockholder approval,
preferred stock with such terms as the board may determine;
|
|
·
|
require
the vote of the holders of at least 80% of Citadel’s voting shares for
stockholder amendments to Citadel’s bylaws; and
|
|
·
|
require
Citadel to redeem its outstanding shares of preferred stock at a premium
to its issuance price;
|
|
·
|
require,
for the approval of a business combination with stockholders owning 5% or
more of Citadel’s voting shares, the vote of at least 50% of Citadel’s
voting shares not owned by such stockholder, unless certain fair price
requirements are met or the business combination is approved by the
continuing directors of Citadel.
These
provisions of our certificate of incorporation and bylaws, Delaware law and
other measures we may adopt could discourage potential acquisition proposals and
could delay or prevent a change in control of Citadel, even though holders of a
majority of Citadel’s shares may consider such proposals, if effected,
desirable. These provisions could also make it more difficult for third parties
to remove and replace the members of Citadel’s board of directors. Moreover,
these provisions could diminish the opportunities for stockholders to
participate in some tender offers, including tender offers at prices above the
then-current market value of the our shares of common stock, and may also
inhibit increases in the trading price of the our shares that could result from
takeover attempts or speculation.
In
connection with the spin-off distribution, Citadel agreed to indemnify CT
Holdings for all taxes and liabilities incurred as a result of Citadel’s or an
affiliate’s post-distribution action or omission contributing to an Internal
Revenue Service determination that the spin-off distribution was not tax-free.
Unless CT Holdings effectively rebuts the presumption that a change in control
transaction involving Citadel or disposition of Citadel occurring within the
four-year period beginning two years prior to the distribution date is pursuant
to the same plan or series of related transactions as the distribution, the
Internal Revenue Service might determine that the distribution was not tax-free,
giving rise to Citadel’s indemnification obligation. These provisions of the tax
disaffiliation agreement may have the effect of discouraging or preventing an
acquisition of Citadel or a disposition of Citadel’s businesses, which may in
turn depress the market price for our shares.
Failure
to qualify as a tax-free transaction could result in substantial liability.
In May
2002 Citadel was spun out of CT Holdings in a pro rata tax free distribution to
shareholders. CT Holdings and Citadel intend for the distribution to be tax-free
for U.S. federal income tax purposes. Neither CT Holdings nor Citadel requested
an advance ruling from the Internal Revenue Service, or any opinion of their tax
advisors, as to the tax consequences of the distribution. No assurance can be
given that the Internal Revenue Service or the courts will agree that the
distribution was tax-free.
If the
distribution does not qualify for tax-free treatment, a substantial corporate
tax would be payable by the consolidated group of which CT Holdings is the
common parent measured by the difference between (1) the aggregate fair market
value of the Citadel shares distributed on the distribution date and (2) CT
Holdings' adjusted tax basis in the distributed Citadel shares on the
distribution date. The corporate level tax would be payable by CT Holdings.
However, Citadel has agreed under certain circumstances to indemnify CT Holdings
for all or a portion of this tax liability. This indemnification obligation, if
triggered, could have a material adverse effect on the results of operations and
financial position of Citadel. In addition, under the applicable treasury
regulations, each member of CT Holdings' consolidated group (including Citadel)
is severally liable for such tax liability. Furthermore, if the distribution
does not qualify as tax-free, each CT Holdings stockholder who received Citadel
shares in the distribution would be taxed as if he had received a cash dividend
equal to the fair market value of his Citadel shares on the distribution date.
The
results of our product development efforts are uncertain.
We
believe that we will need to make significant development expenditures to remain
competitive. While we perform extensive usability and beta testing of new
products, the products we are currently developing or may develop in the future
may not be technologically successful. If they are not technologically
successful, our resulting products may not achieve market acceptance and our
products may not compete effectively with products of our competitors currently
in the market or introduced in the future.
Our
quarterly financial results are subject to significant fluctuations, which could
cause our stock price to decrease.
We have
been subject to substantial fluctuations in quarterly revenue and operating
results, and these fluctuations may occur in the future. Fluctuations may be
caused by a number of factors, including:
|
l
|
the
timing and volume of customer orders, customer cancellations, and
reductions in orders by our partners;
|
|
|
l
|
the
timing and amount of our expenses;
|
|
|
l
|
the
introduction of competitive products by existing or new
competitors;
|
|
|
l
|
reduced
demand for any given product;
|
|
|
l
|
seasonality
in the end-of-period buying patterns of foreign and domestic software
markets; and
|
|
|
l
|
the
market's transition between operating
systems.
Due to
these factors, forecasts may not be achieved, either because expected revenue
does not occur or because it occurs at lower prices, at later times, or on terms
that are less favorable to us. In addition, these factors increase the chances
that our results of operations could diverge from the expectations of investors
and analysts. If so, the market price of our stock would likely
decrease.
Citadel
provides enterprise vulnerability management and policy compliance and
enforcement solutions that enable organizations to reduce the risk associated
with vulnerabilities in computer and network systems. With our solutions, public
and private enterprises are able to realize cost and process efficiencies,
proactively manage the latest threats and vulnerabilities and demonstrate
compliance with corporate mandates or government legislation. Vulnerabilities
are one of the fastest growing threats to enterprise network security, and since
its inception in 1996, Citadel has been developing software products and
services to mitigate the risk of security vulnerabilities. Today, Citadel is a
leader in enterprise vulnerability management solutions, helping enterprises
effectively neutralize security vulnerabilities through automated vulnerability
remediation (AVR) technology.
Citadel
recognizes the importance of providing a platform built for the purpose of
enterprise vulnerability management. Our solutions provide capabilities to
secure the enterprise and focus on the needs of both security and information
technology (“IT”) operations professionals. Our team of security professionals
provides up-to-date vulnerability intelligence and has created the world’s
largest library of vulnerability remedies, exceeding 20,000 as of the filing
date of this Prospectus. Citadel provides advanced software solutions that
address the growing security concerns of enterprises. Our products include
Hercules AVR, ConnectGuard, AssetGuard, SecurePC and NetOFF.
With
Citadel’s advanced AVR technology, enterprises now have a powerful, secure and
automated patch management and vulnerability remediation solution. Citadel’s
suite of vulnerability management solutions enables organizations to proactively
protect against vulnerabilities, saving valuable time and money, while
mitigating risk and complying with corporate and government mandates.
Our
vision is to change the future of securing computing devices in enterprise
environments. Our mission is to be a global leader in enterprise vulnerability
management software and to continually develop innovative solutions to secure IT
networks. It is our goal to ensure the continuity of business and the
availability of technology by eliminating the impact of security threats.
We are
driven to provide the highest level of customer satisfaction. By executing all
aspects of our business, including development, quality assurance, support,
marketing, professional services and sales with passion and dedication, we will
continue to earn the trust and confidence of our customers and the business and
government communities at large.
Citadel's
security software business was formed in 1996 as the result of the acquisition
of several technology businesses operated by a business incubator from 1996
through May 17, 2002 at which time Citadel was spun out from its former parent
as a stand alone company. Citadel is listed on the NASDAQ SmallCap Market and
trades under the symbol CDSS. Citadel is a Delaware corporation with its
headquarters in Dallas, Texas, a regional office in Washington, D.C. to support
public sector operations, and local sales offices in New Jersey, Illinois,
California and Michigan. Our website is located at www.citadel.com. We make
available, free of charge, our annual reports on Form 10-KSB, quarterly reports
on Form 10-QSB and Form 10-Q and current reports on Form 8-K, and any amendments
to those reports filed pursuant to Section 13(a) or 15(d) of the Securities
Exchange Act of 1934 through our Investor Relations website, as soon as
reasonably practicable after they are electronically filed with or furnished to
the SEC. The contents of our website are not incorporated into, or otherwise to
be regarded as a part of, this Prospectus.
SECURITY
SOFTWARE MARKET
The
market for software and hardware security technology has many players and many
products that secure networks systems from attack, accident or failure from
outside and inside influences. We are actively engaged in the vulnerability
management market and more specifically, in the “policy administration,
compliance and enforcement” and “automated vulnerability remediation” segments.
Our NetOFF and Secure PC products participate in the policy administration
category. Hercules, ConnectGuard and AssetGuard are positioned in the heart of
the vulnerability management market, specifically automated vulnerability
remediation but also cross over into policy compliance and
enforcement.
We
believe that the market drivers that are beginning to develop are in part
derived from mandates, liability concerns and security breaches. Examples of
each are as follows:
|
|
·
|
The
audit community is addressing the implementation of the Sarbanes-Oxley Act
and related regulations and the related liability issues. We believe that
both the internal and external audit community will begin to take the
position that a key part of certifying the integrity of financial
statements is the examination of the IT infrastructure and accompanying
security practices that are the basis of the protection of the data and
systems that produce the financial
statements.
|
|
·
|
The
issue of liability attached to successful compromises that may produce an
adverse impact on information or data, such as theft, corruption,
manipulation, or similar actions, that could result in a financial loss to
investors or shareholders. We believe that some insurance companies are
beginning to examine vulnerability assessment and remediation practices of
their insured base during the renewal application process for various
forms of liability and Internet risk insurance.
|
|
·
|
A
renewed focus on privacy issues gaining higher public profile by the more
frequent announcements of data loss or systems compromise to unauthorized
access. California bill SB1386 requires that a person or business that
conducts business in California, that owns or licenses computerized data
that includes personal information to publicly disclose any breach of the
security of the data to any resident of California whose unencrypted
personal information was, or is reasonably believed to have been, acquired
by an unauthorized person. Other states are proposing similar
laws.
We see
the security market being driven by the following prime factors:
|
|
·
|
Existing
and potential legislation and mandates are requiring enhanced IT security
in government and industry. These mandates are expected to drive
organizations to look at the potential liability and potential loss
created by insecure networks.
|
|
·
|
Vulnerabilities
are growing in number, scope and breadth of device coverage; exploits of
vulnerabilities by worms, viruses, backdoors and other malware are
becoming more malicious in nature resulting in potentially more severe and
widespread damage; and the time between the identification of a
vulnerability and its exploit is shrinking from months to weeks or
days.
|
|
·
|
Innovative
automated solutions are necessary to replace manual processes and point
solutions.
Our
strategy is to address these market drivers with the suite of Hercules products,
new product development and strategic marketing to the customers that have an
identified need for vulnerability remediation.
LEGISLATION
AND MANDATES
Government
mandates and new legislation are driving public and private sector enterprises
to improve the security of their networks. Mandates and laws affecting systems
security include:
Each of
these directives places an emphasis on securing systems, personal data and
financial information from intentional or unintentional unauthorized access.
VULNERABILITIES
A
vulnerability is any weakness in systems configuration, systems services or
software code that may be exploited thereby allowing the running of a malicious
code or the unauthorized access by an individual to obtain information or do
damage to an organization’s computing environment. We classify vulnerabilities
into five classes: unnecessary services, mis-configurations, backdoors, unsecure
accounts and software defects. Vulnerabilities are proliferating rapidly in
number, sophistication and scope of coverage. CERT/CC® at Carnegie Mellon
University’s Software Engineering Institute (http://www.cert.org) has
identified over 16,000 unique vulnerabilities since 1995 that negatively affect
computer systems. Vulnerabilities are the targets of such well publicized
malicious code as MyDoom, SQL Slammer, Blaster, Nimda, Code Red and Sasser.
These worms look for vulnerabilities to exploit in networked systems in order to
do damage.
In
addition, the scope or breadth of coverage of vulnerabilities is also growing as
the number of internet connected devices continues to rise. A January 2005
Internet Domain Survey published by the Internet Software Consortium
(http://www.isc.org) reports
that the number of named internet protocol (“IP”) addresses exceeds 317,000,000.
This is up nearly 85 million IP addresses from a year earlier survey, opening up
more pathways to systems that have unremediated vulnerabilities. Companies and
government agencies are susceptible to more avenues of attack by more
sophisticated worms and viruses and in greater numbers of attacks. According to
a recent report on the CERT/CC® website, the 2004 E-Crime Watch survey conducted
among security and law enforcement executives by CSO magazine in cooperation
with the United States Secret Service and the Carnegie Mellon University
Software Engineering Institute’s CERT® Coordination Center, shows a significant
number of organizations reporting an increase in electronic crimes (e-crimes)
and network, system or data intrusions. More than 40% of respondents reported an
increase in e-crimes and intrusions compared to the previous year and
approximately 70% reported at least one e-crime or intrusion was committed
against their organization. Respondents indicated that e-crimes cost their
organizations approximately $666 million in 2003. “Complete findings from the
2004 E-Crime Watch survey can be found at http://www.csoonline.com/releases/052004129
release.html.
Implement
Best Practices
We
believe that the risk of exploitation and the associated cost of a potential
attack, can be mitigated through the implementation of best practices including
proactive vulnerability management including hardening systems, implementation
of security policies, frequent assessment of the security posture, automated
remediation of identified vulnerabilities, and routine and frequent monitoring
of compliance with the organization's predefined security policies. The best
practice of proactive vulnerability management is the process of independent
assessment, compliance validation, reporting of non-compliance and then an
independent remediation of vulnerabilities found in computer systems and
networks. We believe that these steps are the cornerstone requirements of
vulnerability management capabilities. The strength of sound vulnerability
management best practices is the timely remediation of the vulnerabilities and
then the ongoing monitoring of compliance with established security policies.
Identifying, reporting and then managing vulnerabilities in any system without
proactive remediation and compliance monitoring processes leaves that system as
vulnerable to attack, accident or failure, just as if no risk assessment had
been performed. Also, independent assessment and independent remediation
functions provide information assurance due to the separation of the two
duties.
In order
to ensure the highest level of security (as it relates to vulnerability
remediation) with the least amount of interruption, we recommend adherence to
best practices policy outlined below:
|
|
1.
|
Identify
Devices - Administrators should use an assessment tool or network mapping
software that can scan all networks (and sub-networks) to determine used
TCP/IP addresses and the associated devices connected to them.
Administrators should also determine which systems are most critical to
prioritize and protect.
|
|
2.
|
Assess
Vulnerabilities - This is typically performed using an independent
vulnerability assessment tool. Hercules is interoperable with one, or can
aggregate output data from multiple independent scanners including:
FoundStone® FoundScan Engine™, Harris STAT® Scanner, ISS Internet
Scanner®, ISS System Scanner®, ISS Site Protector, Microsoft® MBSA,
nCircle IP360™, Nessus Scanner, netVigilance SecureScout NX, Qualys
QualysGuard™ Scanner, Retina® Digital Security Scanner, Saint Corp. SAINT®
Scanning Engine and Tenable NeWT.
|
|
3.
|
Review
Vulnerabilities - Once the vulnerability assessment data has been imported
into Hercules, the administrator should review the vulnerabilities and the
remediation steps that Hercules will take to resolve the vulnerability
prior to approving the remediation.
|
|
4.
|
Remediate
Vulnerabilities - Once the vulnerabilities have been reviewed, each
device, or group of devices, can be selected and scheduled for
remediation.
|
|
5.
|
Proactively
Manage New Vulnerabilities - Since new vulnerabilities are identified
daily, and users can also re-introduce vulnerabilities into their
environments, it is important to regularly assess and remediate network
devices.
We
encourage our customers to adopt a proactive approach to vulnerability
management through the adoption of Citadel's best practices policy outlined
above.
INNOVATIVE
SOLUTIONS REPLACE INEFFICIENT PROCESSES
A recent
report, the 2004 E-Crime Watch survey also noted that the most common
technologies deployed to combat e-crimes are firewalls (used by 98% of
respondents), followed by physical security systems (94%) and manual patch
management (91%). Ranking the effectiveness of various technologies, firewalls
were considered most effective (71%), followed by encryption of critical data in
transit (63%) and encryption of critical data in storage (56%). Manual patch
management, the third most common technology in use, was rated as the single
least effective technology (23%). Among policies and procedures, conducting
regular security audits was listed as the most effective method (51%), and
recording or reviewing employee phone conversations is listed as one of the
least effective (26%). Complete findings from the 2004 E-Crime Watch
survey can be found at http://www.csoonline.com/releases/052004129
release.html.
The
manual patch management process was reported by the survey respondents as “the
least effective technology.” Citadel’s solutions were designed and developed to
go far beyond the automation of the manual patch management process and in
addition to patching, address the remediation of vulnerabilities that are
directly related to an organization’s security policies, often associated with
the other four classes of vulnerabilities: unnecessary services,
mis-configurations, backdoors, unsecure accounts, as well as patch management.
Our solutions address the maintenance of an organization’s security
configuration posture to proactively protect its information technology
infrastructure through the implementation of best security practices.
POLICY
ADMINISTRATION/COMPLIANCE
The
policy administration and compliance market is a mature market with many
companies including Symantec, Microsoft, RSA and Computer Associates, to name a
few. This market has grown around the need for organizations to control access
to desktop and system settings, thereby reducing costs associated with downtime
and reconfiguration of systems, and the need to control unauthorized access,
whether internal or external to the company, of confidential information thereby
meeting organizational or mandated security and privacy requirements.
Healthcare, Financial Services, Education and eCommerce are just a few of the
industries that require tools to protect private information and to restrict
user access to system settings that can cause down time and require extensive
cost and time to repair.
Our
strategy is to position NetOFF and Secure PC as critical components to the
overall security and privacy posture of organizations in the Healthcare,
Financial, Educational, applicable corporate industries and government agencies.
We will continue to market and license these products into the industries in
which we have gained a foothold. We will furthermore seek to expand the new
customer relationships developed through sales of Hercules to include SecurePC
and NetOFF.
OUR
PRODUCTS
Hercules
Hercules
is an enterprise vulnerability management platform with integrated processes to
effectively neutralize security vulnerabilities. Our award-winning Hercules®
suite of solutions includes vulnerability remediation, AssetGuard™ for asset
discovery and inventory and ConnectGuard™ for endpoint security. Hercules
reduces vulnerability remediation time from months to minutes, using the world’s
largest library of over 20,000 proven remedies. Hercules supports remediation on
multiple operating systems, including Microsoft Windows, UNIX, Linux and Mac OS
X; is certified on Windows 2000 and 2003; and we believe that it is the only AVR
solution that has achieved Common Criteria Certification, Evaluation Assurance
Level 3(“EAL 3”). In addition, Hercules is Open Vulnerability Assessment
Language (OVAL)
and Common Vulnerabilities and Exposures (CVE) compliant.
Full
Control and Automated Flexibility
Hercules
allows users full control over the remediation process, enabling efficient
aggregation, prioritization and resolution of vulnerabilities that are detected
by industry leading vulnerability assessment tools. Administrators maintain
complete control over scheduling remediation, selecting when and which
vulnerabilities to be resolved or if desired, remediate on demand. We believe
that the ever growing number of vulnerabilities, the increase in the
maliciousness of the attacking code and the potential liability from an attack,
now requires a twenty-four hour commitment to security management in order to
mitigate the risk of data and financial loss. Hercules replaces the time
consuming process of patch and security configuration often performed manually,
one device at a time. In some cases, customers have used point solutions for
patch management or software distribution tools to deploy scripts. However,
neither of these tools were designed to be a comprehensive vulnerability
management solution that address all five classes of vulnerabilities with access
to a library of more than 20,000 tested remedies.
Interoperability
Hercules
is interoperable with industry leading vulnerability assessment tools
(“Scanners”) including FoundStone® FoundScan Engine™, Harris STAT® Scanner, ISS
Internet Scanner®, ISS System Scanner®, ISS SiteProtector®, Microsoft® MBSA,
Nessus Scanner, NextaniS SecureScout SP™, Qualys QualysGuard™ Scanner, eEye
Retina® Digital Security Scanner, Saint Corp. SAINT® Scanning Engine, Tenable
NeWT and nCircle IP360™. The independency of the Scanner and Hercules
remediation provides a level of information assurance that is typically attained
from a separation of duties. We believe that interoperability with multiple
Scanners gives Hercules distinct advantages over other solutions, including:
|
|
1.
|
Hercules
allows customers to leverage their existing investment in the
vulnerability assessment tools already in use.
|
|
2.
|
Customers
have the option to add Scanners for redundancy or to meet specific needs
of internal controls and corporate or government
mandates.
|
|
3.
|
Interoperability
with multiple Scanners provides for the separation of duties - independent
assessment followed by independent remediation.
|
|
4.
|
Scan
data from multiple Scanners can be aggregated and correlated to specific
devices or groups of devices. Remediation can then be scheduled based on
the customer’s priority.
Hercules
goes beyond rudimentary patch management utilities and systems configuration
management solutions. Patch management solutions generally address only software
defects. Some patch management solutions have a built-in Scanner that finds only
those vulnerabilities which the patch management solution can patch, thereby
covering only a small percentage of security breaches on the network and leaving
the system susceptible to other vulnerabilities and out of compliance with
mandates. Some solutions apply patches indiscriminately without regard to having
previously applied the patch. In addition, solutions with built-in Scanners do
not meet information assurance requirements for separation of duties,
independent assessment and remediation.
Systems
configuration management and software distribution solutions were not designed
as security solutions and therefore do not address vulnerabilities without a
programmer writing scripts for each remediation. This takes time and personnel
resources away from network operations. Alternatively, a customer using Hercules
does not need to write the remedies to remove a vulnerability. Hercules has a
repository of over 20,000 remediation actions that have been thoroughly tested
and are available to Hercules customers under the support services agreement.
In
addition to the tactical application of remediation actions, Hercules also
provides an intuitive framework for managing the remediation process by allowing
customers to prioritize and aggregate vulnerability information based upon
groups, devices or severity and provides centralized command and control of the
entire remediation effort. Hercules utilizes a server for the presentation of
the Hercules console and the residence of the remediation action database. The
Hercules console is the central point of control for the systems administrator
(“SA”) functionality.
Three
approaches to Vulnerability Management with Hercules
The first
step is for the assessment to take place. Hercules supports three approaches to
assessment; top-down (policy enforcement), targeted (action packs), and
bottom-up (import scan and remediate, the traditional approach).
Top-down
Vulnerability Management
This is a
more strategic form of risk reduction provided by the Hercules EVM suite
commonly referred to as Policy Management. This approach entails establishing
asset and security configuration baselines, then managing deviations from those
baselines where vulnerabilities may result. In this approach, vulnerabilities
are managed as exceptions from a policy-driven desired state. This requires the
Hercules AssetGuard component to capture and manage asset baseline information,
and to provide a workflow that spans across the information technology security
and operations teams, effectively linking and aligning enterprise security to
operational objectives. Further extending the top-down approach is the Hercules
ConnectGuard component which provides end point security allowing an
organization to control the processing of IT security policy when a device
connects to the corporate network.
Targeted
Vulnerability Management
This type
of risk reduction is new to the Hercules EVM suite with the release of Hercules
3.5. This approach enables IT Security to immediately identify and remediate
vulnerabilities on key assets. The Hercules EVM solution leverages detailed IT
asset information to rapidly pinpoint devices that are at risk and that require
vulnerability remediation or IT policy enforcement. This improves productivity
and links remediation to operational objectives by allowing organizations to
target only those devices that need remediation to meet their specific IT
security policies.
Bottom-up
Vulnerability Management
This is
essentially the traditional form of risk reduction provided by Hercules,
commonly referred to as Scan and Remediate. Using this approach IT Security
personnel scans the environment using Vulnerability Assessment tools (Scanners)
or services, then remediates the vulnerabilities reported. This approach is
driven by security policy requirements to manage the vulnerability state of the
environment as a whole, and each component host within that environment, by
discovery and remediation. The Hercules EVM solution extends this capability by
enabling this process to occur within one centralized solution. Vulnerabilities
and remedies are both managed across the IT Security and IT Operations
departments while maintaining appropriate separation of duties. By importing
vulnerability assessment data from industry-leading scanners, the Hercules EVM
solution enables IT Security to normalize, aggregate and prioritize
vulnerabilities across the enterprise. Once prioritized, they can be remediated
on demand or on a scheduled basis by IT Operations personnel. A
vulnerability-centric view pervades this process, removing disconnects among
departments regarding scheduling and prioritizing remediation, and providing
awareness of critical security problems.
Architecture
and Ease of Use
Hercules
utilizes a 3-tier architecture to manage and control the remediation process. To
illustrate we will use the traditional bottoms up approach discussed above. The
first step is for the assessment to take place utilizing any of the supported
scanners. Scan data from the vulnerability assessment tools is then imported
into the Hercules Server. Second, the systems administrator, or SA will execute
a V-Flash update to access, via the Internet, the latest remedies retained in
the secured V-Flash server that are continually updated by a team of Citadel
security engineers. The secured V-Flash server contains the remedies that are
then matched to the vulnerabilities identified by the scanners. During the
V-Flash update, the customer also downloads new vendor patches from the vendor
sites for storage on the customer’s server. Each patch is downloaded only once
and stored for remedial action on the Hercules server thereby reducing the time
for deploying a patch. Using the Hercules console, the SA will follow best
practices and select the vulnerabilities to be remediated. The SA may remediate
all or only selected vulnerabilities. Vulnerability management best practices
recommend that vulnerabilities be selected in groups and scheduled for
remediation. This best practice allows the SA to manage the process to suit time
requirements, system availability and to prioritize the remedy of the
vulnerabilities that are of high priority as may be determined by the SA.
Third,
once remediation actions have been applied and completed, the SA has the option
to run a differential scan to confirm the application of the remediation actions
and to set a baseline for the next assessment and remediation process. In
addition, detailed reports of the entire process can be run to highlight the
number and severity of remediation actions taken, the severity of the
vulnerabilities and the vulnerabilities that can only be remediated manually. An
example of a remediation action that must be performed manually is a
vulnerability that can only be remediated through the acquisition of another
license from the vendor or one that requires a user intervention.
Hercules
is an enterprise class product that under appropriate licensing may be deployed
with vulnerability assessment tools and Hercules consoles anywhere in a network,
including across geographies. Access to V-Flash updates is available over the
Internet or through offline updates for an additional fee. All communication
between the various Hercules endpoints is performed using the industry standard
Hypertext Transfer Protocol (“HTTP”) and Simple Object Access Protocol (“SOAP”)
protocols.
Vulnerability
Intelligence Gathering and the Remedies
A
vulnerability is any weakness in system configuration, systems services or
software code that may be exploited thereby allowing the running of a malicious
code or the unauthorized access by an individual to obtain information or do
damage to an organization’s computing environment. An exploit is an identified
action in the form of a worm, virus, malware or other software code that has
been written by a hacker to attack a specific vulnerability.
Our
Remediation Security Group monitors the sources of potential attack information
(such as Internet Relay Chat (“IRC”) channels and alerts from our scanning
partners) and collects and compiles vulnerability data, creates new remedies and
makes them available to our customer base on a routine basis during the term of
the customer support agreement. Less than 20 to 30% of vulnerabilities are
related to software defects which are repaired by installing a software patch.
The remaining 70 to 80% of vulnerabilities are related to unsecured accounts,
backdoors, unnecessary services and mis-configurations which collectively with
software defects define the five classes of vulnerabilities. These last four
classes of vulnerabilities require configuration changes and settings to be
revised.
When new
vulnerabilities are identified, our team of security engineers known as the
Remediation Security Group, researches the possible solutions and writes a
remedy for the identified vulnerability. The remedy is then tested before it is
made available to our customers. Using V-Flash, our automated delivery
mechanism, the customer can download the new remedies through the Hercules
server to provide their networks access to the latest source of remedies
available. In addition to delivering new remedies, our Remediation Security
Group also continually monitors and updates research information and URL links
for patches and related content to ensure that all links and research material
are timely and relevant.
In
addition to V-Flash delivered remedies, Hercules provides the functionality for
customers to write their own remedies or customize existing remedies using a
graphical interface. This interface provides all the power and flexibility in
writing remedies that is available to Citadel’s in-house security team. Using
this feature, our customers can develop and deliver remedies for custom
applications. Our Remediation Security Group has used this capability to create
baseline configurations such as the organization known as SANS (an acronym for
SysAdmin, Audit, Network, Security) and National Security Agency (“NSA”) Guides
or other configuration guideline standards. These configuration templates ship
with the Hercules product.
Hercules
Certifications
The
Common Criteria (“CC”) certification project was developed by the United States,
Canada and Europe to establish a set of international standards for information
security products that became ISO International Standard 15408 in 1999. The
United States is represented within the CC Project by the National Information
Assurance Partnership (“NIAP”), a joint National Institute of Standards and
Technology (“NIST”) and NSA project. The CC provides a comprehensive, rigorous
method for specifying security functionality and assurance requirements for IT
security products (or classes of products).
On
January 1, 2001, the federal government issued a policy stating that preference
was to be given to the acquisition of Commercial Off-The-Shelf (“COTS”)
Information Assurance (“IA”) IT products (to be used on systems entering,
processing, storing, displaying, or transmitting national security information)
which had been evaluated and validated, as appropriate, in accordance with:
|
|
·
|
The
International Common Criteria for Information Security Technology
Evaluation Mutual Recognition Arrangement;
|
|
·
|
The
National Security Agency (NSA) /National Institute of Standards and
Technology (NIST) National Information Assurance Partnership (NIAP)
Evaluation and Validation Program; or
|
|
·
|
The
NIST Federal Information Processing Standard (FIPS) validation program.
Effective
July 1, 2002, the federal government issued a policy stating that the
acquisition of all COTS IA and IA-enabled IT products to be used on the systems
specified above would be limited only to those which have been evaluated and
validated in accordance with the criteria, schemes, or programs specified by CC,
NIAP or FIPS.
Recognizing
that CC certification was required for defense department agencies to purchase
IT security products, Hercules was registered for Common Criteria evaluation in
March 2003. Products undergoing Common Criteria testing are required to have an
independent lab certify the product. The testing is done according to strict
criteria and designated an evaluation assurance level (“EAL”). The Hercules
product achieved EAL 3 certification through Electronic Warfare Associates -
Canada, Ltd (“EWA”) on March 1, 2004. Citadel has a continuous maintenance
program with EWA to ensure future updates and revisions are reviewed and
re-evaluated as needed. At December 31, 2004, we were not aware of any customer
or market requirements to achieve CC certifications above our present
certification of EAL 3, therefore we do not expect to seek a higher level of CC
compliance; however, as major versions of the product are planned in the future
we will consider the need to increase the level of compliance which is
appropriate to the then current installed customer base or a potential group of
new customers.
Hercules
has undergone testing at the US Army’s Information Systems Engineering Command,
Technology Integration Center (“TICLabs”) at Ft. Huachuca, Arizona. TICLabs
performs independent product evaluations and evaluated the functionality,
manageability and security of Hercules that would be applicable and valuable to
the Department of Defense. Hercules was put through a rigorous set of test
requirements, passing each of the requirements tested. TICLabs concluded that
Hercules performed as expected and automates the remediation process as
represented in the technical specifications.
Hercules
achieved certification for installation on Windows Server 2000 and 2003 Standard
Editions to support remediation of those environments. This certification
demonstrates to customers that Hercules provides the highest levels of
reliability running on Windows and automating the mitigation of vulnerabilities
identified on the Windows family of products. In addition, Citadel attained
Microsoft Gold Certification Partnership status demonstrating Citadel’s
competence on the latest Microsoft technologies and a commitment to delivering
high quality solutions for the Windows platform. The Microsoft Gold Certified
Partner Program was established to identify Microsoft Certified Partners who
have proven their commitment and expertise in building or delivering solutions
based on Microsoft technologies. By becoming a Gold Certified Partner, we have
once again demonstrated our expertise in the remediation of Windows platforms
and will now be able to leverage Microsoft’s referral program to customers
looking for a complete vulnerability remediation solution.
Hercules
Reporting and Other Features
As with
any security product, we believe that reporting and visibility of progress is a
key component. Hercules provides full reporting at various levels, including
management and technical reports, as well as compliance reports. Hercules
provides various trend analysis reports to provide a visual indicator of the
progress of remediation based upon pre- and post- remediation scan data. All
reports can be reviewed at strategic field levels or accessed via a master
console for full view and querying of remediation status and overall risk
exposure. Reports are generated through a reporting engine and pull information
directly from the Hercules Repository. With the appropriate training, users can
create and customize their own reports to fulfill mission critical requirements.
All reports can be exported to various formats including PDF, Word, Excel and
HTML. In addition to user customizable reports, Citadel offers a range of
customization services to provide report capabilities tailored to specific
customer requirements. Hierarchical rollup reporting is currently available to
customers with a pre-qualified MS SQL environment via a professional services
engagement. Hierarchical reporting is expected to be available as a separate
component of the Hercules 4.0 release anticipated in the second quarter of 2005.
Remediation
compliance is managed by the Hercules agent to prevent vulnerabilities from
being re-introduced into the network through common mistakes such as installing
software without eliminating its vulnerabilities or changing the configuration
of a device. Based upon user defined polling intervals, the Hercules client will
revalidate previously resolved vulnerabilities to enable proper compliance of
the device. This compliance function allows system administrators the ability to
create and maintain custom hardening guides based upon industry standards such
as SANS and NSA Guide for Securing Windows 2000, CIS Gold Standard and Microsoft
Hardening guides. These hardening templates can be customized to suit the
particular work task and security requirements of the device and will be
enforced based upon the rules and scheduling set by the administrator. Any
changes to the device configuration will be brought back into compliance and
have audit reporting associated to indicate what vulnerabilities re-occur over
time and on which devices.
Hercules
supports role based remediation and policies to selectively enforce which
administrators have the right to approve remediation, change or create new
remedies and templates and set the enforceability of specific vulnerabilities.
These policies leverage the significant security knowledge in a top down
management approach allowing policies to be created and maintained by the
subject matter experts and distributed and acted upon by the operations
personnel.
Hercules
is offered to our customers under a perpetual license or under a two year
subscription license. As part of the perpetual licensing process for Hercules,
we require our customers to enter into a customer support contract whereby the
customer receives vulnerability remediation updates through V-Flash. These
services are also included under the subscription based license model.
Security-On-Demand
Appliance
A new
appliance product, Security-On-Demand, powered by Hercules was released for
shipment on June 6, 2005. Security-On-Demand is expected to provide a complete
vulnerability management solution to the small and mid-sized businesses that
have not been addressed by our enterprise vulnerability management solution
(“EVM”), Hercules. The solution is in addition to our existing product offerings
for enterprise customers. We believe that the Security-On-Demand offering will
change the way smaller organizations acquire vulnerability management software
thereby enabling them to proactively protect their networks from cyber security
threats and vulnerabilities and helping them achieve compliance with internal
security policies and external mandates.
The
Security-On-Demand model, comprised of asset inventory, security risk analysis,
policy compliance, vulnerability remediation, endpoint security and end-to-end
reporting, leverages the power of software as a service, allowing customers to
implement the entire Hercules EVM solution on an appliance and pay for the use
of the product as they implement the remedies across their networks. This usage
based pricing model allows customers to have access to the V-Flash library of
over 20,000 vulnerability remedies and to pay for the remediation of their
networks as the remedies are applied. Security-On-Demand is expected to be a
plug-and-play appliance that meets the needs of the market by providing an
easy-to-deploy solution for rapid implementation across all sized networks from
small and medium businesses to large enterprises.
New
features expected to be released with the Hercules Security-On-Demand appliance
include:
-- Visual
Dashboard - A customizable view that allows users to determine the security
status of their environment relative to policy compliance, vulnerable state,
exposure to threats, and overall coverage.
--
Automated Risk Analysis - Device risk analysis that evaluates and ranks all
vulnerabilities for each device based on the factors of risk and business value
enabling users to prioritize vulnerability resolution.
-- Policy
Compliance - A new policy compliance capability allowing users to monitor and
report on policy compliance.
--
Security Intelligence Portal - Access to Citadel's expert security team and the
latest security intelligence through the portal enables IT managers to have the
most up-to-date information available and a resource to answer their
vulnerability management questions.
--
End-to-End Management Reporting - A complete analysis of security state from
critical inputs, including risk analysis, policy compliance and vulnerability
coverage.
Hercules
Security-On-Demand appliance customers are expected to benefit from Hercules'
endpoint security protection component, ConnectGuard, which stops all traffic
from remote and local machines reconnecting to the network, checks for security
policy compliance, and performs remediations on out-of-compliance machines
before they are allowed to connect to the network. Additionally, the Hercules
Security-On-Demand appliance is expected to include AssetGuard, our IT asset
inventory feature that allows administrators to rapidly target devices in need
of critical patches and configuration updates in light of the increasing number
of near-day exploits.
ConnectGuard
Laptops
and desktop machines that have become disconnected from the network represent a
security threat when they attempt to reconnect. ConnectGuard, a separate
component of Hercules, provides endpoint security by quarantining remote and
local machines before allowing them to reconnect to the network, checking for
security policy compliance, and applying remedies to out of compliance machines
before releasing the quarantine and allowing network access. By preventing
infected devices from gaining access to the network, ConnectGuard provides the
ability to defend against recurring cyber threats, and provide a more secure
environment as devices disconnect and reconnect to the network.
One of
the key benefits of ConnectGuard is its flexible administration and control
capabilities. ConnectGuard can be enabled for individual devices, groups of
devices, or servers. Administrators may set network access policy for any
protected device connecting either to the Hercules network or a foreign network.
Foreign networks are typically those accessed in hotels, airports, or Internet
cafes, through wireless networks or home via an Internet service provider.
Administrators may also allow users to override ConnectGuard, giving them the
option to connect to the corporate network or a foreign network without
quarantine or remediation.
AssetGuard
Networks
are comprised of various types of devices and knowing exactly what is installed
on these devices helps the security administrator to react quickly to the
emergence of new vulnerabilities. AssetGuard is a comprehensive, easy-to-use
solution to discover, inventory and protect the workstation and server devices
on a network.
A
component of Hercules, AssetGuard provides the ability to collect detailed
workstation and server device information and store that information in the
Hercules database repository. By providing complete inventory data on network
connected workstations and servers, AssetGuard enables the administrator to
perform detailed queries to rapidly identify devices that need vulnerability
remediation or configuration policy enforcement. The detailed data collected
allows the administrator to target devices for vulnerability remediation or
configuration policy enforcement based on specific attributes, such as a common
operating system, patch level or configuration.
By
comparing inventory data from a baseline to a current or historical snapshot,
AssetGuard enables security administrators to identify changes to hardware,
software or services running on network connected devices that might impact the
security of the network. AssetGuard leverages comprehensive device information
to provide a strategic advantage when responding to critical IT security
vulnerabilities. AssetGuard mitigates the immediate threat of a newly emerging
vulnerability by targeting only those devices that need remediation or security
configuration changes to meet security configuration policies.
Secure
PC
Secure PC
provides advanced features that allow security administrators to create, manage
and deploy security policies for Windows computing environments. Secure PC
establishes user and group profiles to enforce workstation and server security
policies from a single point of control. These security policies can be
configured to prevent changes to system settings and installation of
unauthorized software. Secure PC “hardens” system files as a first line of
defense against viruses, malicious code and unauthorized access or theft of
confidential information. Hardening of files is crucial to defending against
intentional and unintentional security breaches.
Secure PC
offers support for computers running Microsoft Windows versions 95, 98, ME, NT,
2000 and XP. Its advanced set of features allows administrators to apply
security policies to users or groups of users within an organization. We sell
this product in two configurations, Secure PC Workstation and Secure PC Network.
Secure PC Workstation is designed for home, educational or commercial
non-networked computers. Secure PC Network is designed for environments with
multiple computers connected to a Windows or Novell network. The network version
of Secure PC has been designed to scale dynamically within network environments
ranging from departmental local area networks (LANs) to global wide area network
(WAN) capacity and includes tools that provide remote installation and
configuration of the Secure PC client software. Additional benefits include File
and Folder Access Control, Prevent Un-Authorized Software Installation and
Application Control. Secure PC is offered to our customers under a perpetual
license.
NetOFF
NetOFF
allows administrators to secure unattended workstations from unauthorized
access. A PC that stays connected to a network while users attend meetings - or
leave the office for the night - is a wide-open door to the network. Customer
files, patient records, classified information and proprietary documents are
open to disclosure and theft through unattended PCs. With NetOFF, unattended PCs
are a reduced security risk.
NetOFF is
designed to protect a network by shutting down unattended client PCs
automatically after a specified period of inactivity. Through NetOFF,
administrators can define policies that trigger a graceful logoff of unattended
or inactive workstations. Through a graceful logoff, all user data is saved,
applications are closed and workstations are logged off the network. Network
administrators may also use NetOFF to shut down PCs to enhance backup operations
or assist with the distribution of new software and anti-viral updates. NetOFF
is available for Windows operating environments including Windows 2000, Windows
2003 and Windows XP desktop PCs. NetOFF is offered to our customers under a
perpetual license.
The
selling stockholders will receive all of the net proceeds from sales of common
stock sold pursuant to this prospectus. We will not receive any proceeds from
the sale of the shares by the selling stockholders. However, we would receive
approximately $4,993,598 if all of the warrants are exercised. These funds would
be used for general corporate purposes.
The
following table sets forth information regarding the current beneficial
ownership of our common stock by the selling stockholders and the as adjusted
beneficial ownership by the selling stockholders, giving effect to the sale of
the shares offered hereby. The shares beneficially owned have been determined in
accordance with rules issued by the SEC, and the information is not necessarily
indicative of beneficial ownership for any other purpose. The information in the
table below is current as of June 7, 2005 and the percentage of ownership shown
in the table is based on 29,845,730 shares of common stock issued and
outstanding as of June 7, 2005. All information contained in the table below is
based on information provided to us by the selling stockholders and we have not
independently verified this information. The selling stockholders are not making
any representation that the shares covered by this prospectus will be offered
for sale. The selling stockholders may from time to time offer and sell pursuant
to this prospectus any or all of the common stock being registered. No selling
stockholder has held any position nor had any material relationship with us or
our affiliates during the past three years, except as indicated under the
caption “Material Relationships with Selling Stockholders” following the table.
|
|
|
SHARES
BENEFICIALLY OWNED PRIOR TO OFFERING
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
NUMBER
OF SHARES COMMON
|
|
NUMBER
OF SHARES ON CONVERSION OF PREFERRED AND
|
|
TOTAL
SHARES, WARRANTS AND PREFERRED AS % OF
|
|
SHARES
BEING
|
|
SHARES
BENEFICIALLY OWNED AFTER THE OFFERING (2)
|
|
NAME
OF BENEFICIAL OWNER
|
| STOCK
|
|WARRANTS
|
| CLASS
|
|OFFERED(1)
|
|
NUMBER
|
|
%
OF CLASS
|
|
Satellite
Strategic Finance Associates, LLC (3) (4)
|
|
|
1,848,000
|
|
|
6,104,516
|
|
|
22.12
|
%
|
|
7,322,580
|
|
|
4,848,000
|
|
|
14.8
|
%
|
Satellite
Strategic Finance Partners, Ltd. (5)
|
|
|0
|
|
|4,218,065
|
|
|12.38
|%
|
|4,218,065
|
|
|0
|
|
|0
|%
|
Comerica
Incorporated (6)
|
|
|
0
|
|
|
27,931
|
|
|
*
|
%
|
|
27,931
|
|
|
0
|
|
|
0
|
|
CEOCast
|
|
|
110,000
|
|
|
0
|
|
|
*
|
%
|
|
110,000
|
|
|
0
|
|
|
0
|
|
|
|
|
1,739,196
|
|
|
10,350,511
|
|
|
29.75
|
%
|
|
7,460,511
|
|
|
4,629,196
|
|
|
14.1
|
%
* less
than 1%
(1) The
actual number of shares of common stock offered in this prospectus, and included
in the registration statement of which this prospectus is a part, includes such
additional number of shares of common stock as may be issued or issuable upon
conversion or, or dividends upon, the Series B Convertible Preferred Stock and
upon exercise of the warrants by reason of any stock split, stock dividend or
similar transaction involving the common stock, in accordance with Rule 416
under the Securities Act of 1933.
(2) We do
not know when or in what amounts the selling stockholders may offer for sale the
shares of common stock pursuant to this offering. Because the selling
stockholders may choose not to sell any of the shares offered by this
prospectus, and because there are currently no agreements, arrangements or
undertakings with respect to the sale of any of the shares of common stock, we
cannot estimate the number of shares of common stock that the selling
stockholders will hold after completion of the offering. For purposes of this
table, we have assumed that the selling stockholders will have sold all of the
shares covered by this prospectus upon the completion of the offering.
(3)
Shares held by Satellite Strategic Finance Associates LLC include (i) 1,848,000
shares of common stock, (ii) 3,000,000 shares of common stock issuable upon
conversion of 15,000 shares of Series A Convertible Preferred Stock issued
February 10, 2004, (iii) 1,000,000 shares of common stock underlying warrants
issued on May 9, 2005. The number of shares on conversion of preferred and
warrants excludes 200,000 shares that are not yet exercisable on the warrant
issued May 9, 2005 in exchange for the warrant issued February 10, 2004. (iv)
1,503,226 shares of common stock issuable upon conversion of 2,330 shares of
Series B Convertible Preferred Stock issued May 9, 2005, and (v) 601,290 shares
of common stock underlying warrants issued on May 9, 2005. The number of shares
on conversion of preferred and warrants excludes 200,000 shares that are not yet
exercisable on the warrant issued May 9, 2005 in exchange for the warrant issued
February 10, 2004. The discretionary investment manager of Satellite Strategic
Finance Associates, LLC is Satellite Asset Management, L.P. ("SAM"), and the
controlling entity of SAM is Satellite Fund Management, LLC ("SFM"). Lief
Rosenblatt, Mark Sonnino and Gabe Nechamkin are the managing members of
SFM and have sole voting and investment power over these shares. Messrs
Rosenblatt, Sonnino and Nechamkin disclaim beneficial ownership of these
shares.
(4)
Shares being offered include (i) 1,503,226 shares of common stock issuable upon
conversion of 2,330 shares of Series B Convertible Preferred Stock issued May 9,
2005, (ii) 601,290 shares of common stock underlying warrants issued on
May 9, 2005, and (iii) 1,000,000 shares of common stock underlying warrants
issued on May 9, 2005 in exchange for warrants issued on February 10,
2004.
(5)
Shares held and being offered by Satellite Strategic Finance Partners, Ltd.
Include (i) 3,012,903 shares of common stock issuable upon conversion of 4,670
shares of Series B Convertible Preferred Stock issued may 9, 2005 and (ii)
1,205,162 shares of common stock underlying warrants issued on May 9, 2005. The
discretionary investment manager of Satellite Strategic Finance Partners,
Ltd. is Satellite Fund Management, L.P. ("SAM"), and the controlling entity od
SAM is Satellite Fund Management, LLC ("SFM"). Lief Rosenblatt, Mark Sonnino and
Gabe Nechamkin are the managing members of SFM and have sole voting and
investment power these shares. Messrs Rosenblatt, Sonnino and Nechamkin disclaim
beneficial ownership of these shares.
(6) Shares being offered include 27,931 shares
underlying warrants issued in connection with the Loan and Security Agreement
between Citadel and Comerica Bank, as amended. This selling stockholder is an
affiliate of registered broker-dealer. At the time this selling stockholder
acquired these securities, it (i) was an affiliate of a broker-dealer, (i) had
no direct or indirect agreement or understanding with any person to distribute
the securities to be resold, and (iii) acquired the securities to be resold in
the ordinary course of business.
MATERIAL
RELATIONSHIPS WITH SELLING STOCKHOLDERS
1.
Series A 5% Convertible Preferred Stock Private Placement in February 2004
On
February 10, 2004, we closed a private placement (the “Series A Private
Placement”) for $15 million consisting of 15,000 shares of our Series A 5%
Convertible Preferred Stock (the “Series A Shares”) convertible into 3 million
shares of our common stock, and Warrants to purchase 1.2 million shares of our
common stock, in a private placement to Satellite Strategic Finance Associates,
LLC, an accredited investor, under Rule 506 under Regulation D of the Securities
Act of 1933, as amended.
The
material terms of the Series A 5% Convertible Preferred Stock follow:
Maturity
Date/Liquidation Preference/Dividend Payment Dates/Dividend Rate
The
Series A Shares mature on February 10, 2008. The Series A Shares have a
liquidation preference in an amount equal to their stated value of $1,000 per
share plus accrued and unpaid dividends. Dividends in the amount of 5% per year
are payable quarterly in arrears on April 1, July 1, October 1 and January 1,
beginning on April 1, 2004. Dividends are payable in cash, or, if certain
conditions are met, in shares of Citadel's common stock at a rate of 6% per
year.
In
connection with the sale and issuance of the Company’s Series B Convertible
Preferred Stock (the “Series B Private Placement”), the holder of Series A
Shares has agreed to waive the dividend preference until stockholder approval of
the Series B Private Placement is obtained, and, if stockholder approval is
obtained and the second closing of the Series B Private Placement takes place,
the 5% dividend preference will be removed from the Series A Shares. We intend
to seek stockholder approval to remove the 5% dividend preference of the Series
A Shares at our annual meeting to be held on or about July 20,
2005.
Conversion
The
Series A Shares are convertible at the option of the holder at any time prior to
maturity into shares of common stock of the Company, initially at a conversion
price of $5.00 per share, subject to adjustment upon certain events, including
as a result of the sale of equity securities by the Company at a price below the
conversion price, on weighted average basis. The holder of the Series A Shares
agreed to waive the conversion price adjustment to the Series A Shares that
would otherwise be occasioned by the Series B Private Placement; however, as a
condition to the second closing of the Series B Private Placement, the Company
must adjust the conversion price of the Series A Shares from $5.00 to $3.00 (but
with no further adjustment for the Series B Private Placement). We intend to
seek stockholder approval to lower the conversion price of the Series A
Shares from $5.00 to $3.00 at our annual meeting to be held on or about July 20,
2005
Citadel
may require that a specified amount of the Series A Shares be converted if (i)
the registration statement covering the underlying shares of common stock has
been declared effective and is available to the holder, and shall cover the
number of registrable securities required by the Registration Rights Agreement;
(ii) the common stock shall be listed on the Nasdaq National Market, the Nasdaq
SmallCap Market or the New York Stock Exchange and trading in the common stock
on such market or exchange shall not have been suspended; (iii) no mandatory
redemption event referred to below has occurred; and (iv) the Closing Bid Price
shall be equal to at least 175% of the Conversion Price then in effect (subject
to adjustment for stock splits, stock dividends and similar events). The maximum
aggregate amount of the Series A Shares that Citadel may require to be converted
at any one time is an amount that is less than 4.99% of Citadel's outstanding
common stock.
Mandatory
Redemption at Holder's Option Upon Certain Events
A holder
may require Citadel to repurchase such holder's Series A Shares in cash at 101%
of the stated value of the Series A Shares, plus accrued but unpaid dividends,
if any, if a Mandatory Redemption Event occurs, including the following: (a) the
Company fails to issue shares of common stock to the Holder and deliver
certificates representing such shares to the Holder as and when required upon
conversion of any Series A Shares, or as and when required by the terms of a
Warrant upon exercise of such Warrant, and such failure continues for ten
business days; (b) the Company fails to file the registration statement covering
the shares issuable upon conversion of the Series A Shares or upon exercise of
the Warrants on or before 30 days after closing, or (c) certain change of
control events occur.
The
Warrant to purchase 1.2 million shares of our common stock at an initial
exercise price of $5.15 issued in the Series A Private Placement was exchanged
for a warrant to purchase 1.2 million shares of our common stock at an initial
exercise price of $1.75 on May 9, 2005 (the “Exchange Warrant”) as part of the
initial closing of the Series B Private Placement. The Exchange Warrant contains
the following material terms:
Exercise
The
Exchange Warrant entitles the holder initially to purchase 1,000,000 shares of
common stock at an initial exercise price of $1.75, subject to adjustment upon
certain events, including as a result of the sale of equity securities by the
Company at a price below the exercise price of the warrant. The Exchange Warrant
will become exercisable for an additional 200,000 shares of our common stock
upon obtaining stockholder approval for the Series B Private Placement.
Term
The
warrant has a 10-year term and is exercisable (in whole or in part) at any time
on or before May 9, 2015.
2.
Series B Convertible Preferred Stock Private Placement in May
2005
On May 9,
2005, we entered into agreements with Satellite Strategic Finance
Associates, LLC, the beneficial owner of more than 5% of our outstanding shares
of common stock, and Satellite Strategic Finance Partners, Ltd. related to a
private placement for up to $11 million, consisting of up to 11,000 shares of
Series B Convertible Preferred Stock (the “Series B Shares”), convertible into
approximately 7.1 million shares of common stock at the initial conversion price
of $1.55, and Warrants (“Warrants”) to purchase approximately 2.8 million shares
of common stock of Citadel at an initial exercise price of $1.75 per share, in a
private placement (the “Series B Private Placement”) to accredited investors
under Regulation D of the Securities Act of 1933, as amended. In addition,
Citadel and Satellite Strategic Finance Associates, LLC, the beneficial owner of
more than 5% of our outstanding shares of common stock, and Satellite Strategic
Finance Partners, Ltd. entered into an Exchange Agreement where Citadel agreed
to exchange a warrant to purchase 1.2 million shares of common stock issued to
Satellite Strategic Finance Associates, LLC, the beneficial owner of more than
5% of our outstanding shares of common stock, and Satellite Strategic Finance
Partners, Ltd. in connection with the sale of Series A Convertible
Preferred Stock for a new warrant (the “Exchange Warrant”) to purchase up
to 1.2 million shares of common stock at an initial exercise price of $1.75 per
share. On May 9, 2005, Citadel completed the sale to the investors of $7 million
of the Series B Shares (convertible into approximately 4.5 million shares of
common stock at the initial conversion price) and Warrants to purchase
approximately 1.8 million shares of common stock. 1 million shares of the
Exchange Warrant are immediately exercisable.
Citadel
has a put option to sell to the investors up to an additional $4 million of
Series B Shares (convertible into approximately 2.6 million common shares) and
warrants to purchase approximately 1 million shares of common stock at an
exercise price of $1.75 per share, upon satisfaction of certain milestones,
including shareholder approval, which Citadel intends to seek at its annual
meeting anticipated to be held in July 2005. If shareholder approval is
obtained, the remaining 200,000 shares under the Exchange Warrant will become
exercisable.
The
agreements also require that Citadel use its best efforts to obtain stockholder
approval for the possible issuance of Common Stock in excess of 19.99% of the
number of shares of Common Stock outstanding on the closing date (as a result of
possible adjustment to the conversion price), as required under the applicable
listing requirements of the Nasdaq SmallCap Market, to increase its authorized
number of shares common stock to 100,000,000, and to amend the Certificate of
Designations of its Series A Preferred Stock to reduce the conversion price from
$5.00 to $3.00. The holder of the Series A Preferred Stock has agreed to waive
the dividend requirements of the Series A Preferred Stock.
The
material terms of the Series B Convertible Preferred Stock follow:
Liquidation
Preference
The
Series B Shares have a liquidation preference in an amount equal to their stated
value of $1,000 per share and are pari passu securities with the Series A
Shares. The Series B Shares do not accrue dividends (unless Citadel declares
dividends on its common stock).
Maturity
The
Series B Shares mature on May 9, 2008. Upon maturity, the company will pay the
holders of Series B Shares cash equal to the aggregate liquidation preference of
the Series B Shares, or, if certain conditions are met, the Company may pay the
holders in shares of Common Stock.
Conversion
The
Series B Shares are convertible at the option of the holder at any time prior to
maturity into shares of common stock of the Company, initially at a conversion
price of $1.55 per share, subject to adjustment upon certain events, including
as a result of the sale of equity securities by the Company at a price below the
conversion price, on a full ratchet basis. The Company has agreed not to issue
any of its equity securities at a price below the market price on May 9, 2005
until shareholder approval of the transactions is obtained.
Citadel
may require that a specified amount of the Series B Shares be converted if (i)
the registration statement covering the underlying shares of common stock has
been declared effective and is available to the holder, and shall cover the
number of registrable securities required by the Registration Rights Agreement;
(ii) the common stock shall be listed on the Nasdaq National Market, the Nasdaq
SmallCap Market or the New York Stock Exchange and trading in the common stock
on such market or exchange shall not have been suspended; (iii) no mandatory
redemption event referred to below has occurred; and (iv) the Closing Bid Price
shall be equal to at least 200% of the Conversion Price then in effect (subject
to adjustment for stock splits, stock dividends and similar events). The maximum
aggregate amount of the Series A Shares that Citadel may require to be converted
at any one time is an amount that is less than 4.99% of Citadel's outstanding
common stock.
Mandatory
Redemption at Holders’ Option Upon Certain Events
A holder
may require Citadel to repurchase such holder's Series B Shares in cash at 101%
of the liquidation preference of the Series B Shares if a Fundamental Change
occurs, including the following: (a) any representation or warranty of the
Company made in the transaction documents fails to be true and correct in all
material respects, (b) the Company fails to perform in all material respects
its
covenants and agreements in the transaction documents, or (c) a liquidation
event occurs. If a change of control occurs, a holder may require Citadel to
repurchase such holder's Series B Shares in cash at 120% of the liquidation
preference.
Voting
Rights
The
Series B Shares are generally non-voting securities, except for certain
protective provisions where the holders of Series B Shares are entitled to vote
as a separate class.
The
Warrants contain the following material terms:
Exercise
The
Warrants issued in connection with the Initial Closing entitle the holders to
purchase up to 1,806,452 shares of Common Stock at an initial exercise price of
$1.75, subject to adjustment upon certain events, including as a result of the
sale of equity securities by the Company at a price below the exercise price of
the Warrants.
The
Exchange Warrant issued in connection with the Initial Closing entitles the
holders to purchase up to 1 million shares of Common Stock at an initial
exercise price of $1.75, subject to adjustment upon certain events, including as
a result of the sale of equity securities by the Company at a price below the
exercise price of the Exchange Warrant. If shareholder approval is
obtained, the Exchange Warrant will become exercisable for 1.2 million shares of
Common Stock.
In
connection with the put option, Citadel has agreed to issue to the investors
warrants to purchase approximately 1 million additional shares of common stock
at an exercise price of $1.75 per share (subject to shareholder approval to
increase the number of authorized shares of common stock at the annual
meeting).
Term
The
Warrants issued on May 9 are exercisable (in whole or in part) at any time on or
before May 9, 2015. Any additional Warrants issued if the Company exercises its
put option will have a similar 10-year term.
Registration
Rights
Under a
Registration Rights Agreement, the Company has agreed to (1) file with the
Securities and Exchange Commission a shelf registration statement covering the
resale of the shares of Company common stock issuable upon conversion of the
Initial Series B Shares and exercise of the Initial Warrants within 30 days of
the Initial Closing and (2) use its reasonable best efforts to cause the shelf
registration
statement to become effective within 120 days of the closing. The Company will
be required to make certain payments to the holders of the Series B Shares and
the Warrants if these deadlines are not met or the shelf registration statement
is otherwise unavailable for the resale of the securities. Citadel has made
similar commitments with respect to the additional Series B Shares and
Warrants
to be issued in connection with the Put Option. The Company has agreed that it
will not issue any additional equity securities, subject to certain exceptions
including shares issued under the Company's 2002 Stock Incentive Plan, as
amended, until the later of (a) 30 days after the registration statement(s)
covering the shares of common stock issuable upon conversion of the Series B
Shares and exercise of the Warrants is effective, or (b) 90 days after the last
closing under the Securities Purchase Agreement occurs.
3.
Loan and Security Agreement with Comerica Bank
On April
15, 2004 the Company completed a Loan and Security Agreement (the “Original
Agreement”) with Comerica Bank (“Comerica”), securing credit lines aggregating
$3,500,000. Of this amount, $750,000 was a revolving line of credit which if
used would be secured by accounts receivable defined in the Original Agreement.
The remaining $2,750,000 credit line was available in two tranches to fund
capital equipment expenditures through December 31, 2004. These loans are
secured by the capital equipment acquired with the proceeds of the borrowings as
well as a pledge of substantially all of the Company's assets, including its
intellectual property. Citadel used the full amount of the $2,750,000 credit
line to fund capital expenditures during 2004.
Under the
terms of the Original Agreement Comerica received warrants to purchase 9,881
shares of common stock at an exercise price of $5.06 per share.
Citadel
and Comerica entered into a First Amendment to Loan and Security Agreement (the
“First Amendment”), pursuant to which Comerica and Citadel agreed to amend the
Original Agreement to convert $750,000 of available indebtedness under the
Original Agreement from revolving indebtedness to equipment financing. Comerica
advanced this $750,000 to Citadel on December 31, 2004.
In March
2005, Citadel entered into a Second Amendment to the Loan and Security Agreement
(the “Second Amendment “) with Comerica. Comerica and Citadel agreed to revise
the loan agreement's covenants to bring them more in line with Citadel's
operations. Under the Second Amendment, Citadel and Comerica agreed to modify
the original loan agreement's financial covenants, including a liquidity ratio
test, EBITDA requirement and a minimum cash balance. The Company is required to
maintain its cash balances at Comerica and to meet certain financial,
non-financial and other affirmative and restrictive covenants, including
liquidity ratio, EBITDA requirement and minimum cash balance. The other material
terms of the credit facilities, including interest rate, security, and final
maturity, remained the same as under the original loan agreement.
Under the
terms of the Second Amendment Comerica received additional warrants for 18,050
shares of common stock at an exercise price of $1.79 per share. Comerica has
transferred its warrants to Comerica Incorporated.
4.
CEOCast
Citadel
issued CEOCast 110,000 shares of common stock in connection with investor
relations services performed, pursuant to Consultant Agreement dated October 24,
2003 and June 6, 2005, between Citadel and CEOCast.
The
selling stockholders and any of their respective pledgees, donees, assignees and
other successors-in-interest may, from time to time, sell any or all of their
shares of common stock on any stock exchange, market or trading facility on
which the shares are traded or in private transactions. These sales may be at
fixed or negotiated prices. The selling stockholders may use any one or more of
the following methods when selling shares:
|
l
|
ordinary
brokerage transactions and transactions in which the broker-dealer
solicits the purchaser;
|
|
|
l
|
block
trades in which the broker-dealer will attempt to sell the shares as agent
but may position and resell a portion of the block as principal to
facilitate the transaction;
|
|
|
l
|
purchases
by a broker-dealer as principal and resale by the broker-dealer for its
account;
|
|
|
l
|
an
exchange distribution in accordance with the rules of the applicable
exchange;
|
|
|
l
|
privately-negotiated
transactions;
|
|
|
l
|
short
sales;
|
|
|
l
|
broker-dealers
may agree with the selling stockholders to sell a specified number of such
shares at a stipulated price per share;
|
|
|
l
|
through
the writing of options on the shares;
|
|
|
l
|
a
combination of any such methods of sale; and
|
|
|
l
|
any
other method permitted pursuant to applicable law.
|
|
The
selling stockholders may also sell shares under Rule 144 under the Securities
Act, if available, rather than under this Prospectus. The selling stockholders
shall have the sole and absolute discretion not to accept any purchase offer or
make any sale of shares if they deem the purchase price to be unsatisfactory at
any particular time.
The
selling stockholders may pledge their shares to their brokers under the margin
provisions of customer agreements. If a selling stockholders defaults on a
margin loan, the broker may, from time to time, offer and sell the pledged
shares.
The
selling stockholders may also engage in short sales against the box, puts and
calls and other transactions in our securities or derivatives of our securities
and may sell or deliver shares in connection with these trades.
The
selling stockholders or their respective pledgees, donees, transferees or other
successors in interest, may also sell the shares directly to market makers
acting as principals and/or broker-dealers acting as agents for themselves or
their customers. Such broker-dealers may receive compensation in the form of
discounts, concessions or commissions from the selling stockholders and/or the
purchasers of shares for whom such broker-dealers may act as agents or to whom
they sell as principal or both, which compensation as to a particular
broker-dealer might be in excess of customary commissions. Market makers and
block purchasers purchasing the shares will do so for their own account and at
their own risk. It is possible that a selling stockholder will attempt to sell
shares of common stock in block transactions to market makers or other
purchasers at a price per share which may be below the then market price. The
selling stockholders cannot assure that all or any of the shares offered in this
Prospectus will be issued to, or sold by, the selling stockholders. The selling
stockholders and any brokers, dealers or agents, upon effecting the sale of any
of the shares offered in this Prospectus, may be deemed to be “underwriters” as
that term is defined under the Securities Act of 1933, as amended, or the
Securities Exchange Act of 1934, as amended, or the rules and regulations under
such acts. In such event, any commissions received by such broker-dealers or
agents and any profit on the resale of the shares purchased by them may be
deemed to be underwriting commissions or discounts under the Securities Act.
We are
required to pay all fees and expenses incident to the registration of the
shares, including fees and disbursements of counsel to the selling stockholders,
but excluding brokerage commissions or underwriter discounts.
The
selling stockholders, alternatively, may sell all or any part of the shares
offered in this Prospectus through an underwriter. No selling stockholder has
entered into any agreement with a prospective underwriter and there is no
assurance that any such agreement will be entered into.
The
selling stockholders and any other persons participating in the sale or
distribution of the shares will be subject to applicable provisions of the
Securities Exchange Act of 1934, as amended, and the rules and regulations under
such act, including, without limitation, Regulation M. These provisions may
restrict certain activities of, and limit the timing of purchases and sales of
any of the shares by, the selling stockholders or any other such person.
Furthermore, under Regulation M, persons engaged in a distribution of securities
are prohibited from simultaneously engaging in market making and certain other
activities with respect to such securities for a specified period of time prior
to the commencement of such distributions, subject to specified exceptions or
exemptions. All of these limitations may affect the marketability of the shares.
We have
agreed to indemnify the selling stockholders, or their transferees or assignees,
against certain liabilities, including liabilities under the Securities Act of
1933, as amended, or to contribute to payments the selling stockholders or their
respective pledgees, donees, transferees or other successors in interest, may be
required to make in respect of such liabilities.
If the
selling stockholders notify us that they have a material arrangement with a
broker-dealer for the resale of the common stock, then we would be required to
amend the registration statement of which this Prospectus is a part, and file a
Prospectus supplement to describe the agreements between the selling
stockholders and the broker-dealer.
We may
suspend the use of this prospectus on a limited basis if we learn of any event
that causes this prospectus to include an untrue statement of material fact or
omit to state a material fact required to be stated in the prospectus or
necessary to make the statements in the prospectus not misleading in light of
the circumstances then existing. If this type of event occurs, a prospectus
supplement or post-effective amendment, if required, will be distributed to each
selling stockholder.
PROSPECTUS
DELIVERY.
Since
each of selling stockholders may be deemed to be underwriters within the meaning
of Section 2(11) of the Securities Act, they will be subject to the prospectus
delivery requirements of the Securities Act. At any time a particular offer of
the securities is made, a revised prospectus or prospectus supplement, if
required, will be distributed which will set forth:
|
l
|
the
name of the selling stockholder and of any participating underwriters,
broker-dealers or agents;
|
|
|
l
|
the
aggregate amount and type of securities being offered;
|
|
|
l
|
the
price at which the securities were sold and other material terms of the
offering;
|
|
|
l
|
any
discounts, commissions, concessions and other items constituting
compensation from the selling stockholders and any discounts, commissions
or concessions allowed or re-allowed or paid to dealers; and
|
|
|
l
|
that
the participating broker-dealers did not conduct any investigation to
verify the information in this prospectus or incorporated in this
prospectus by reference.
A
prospectus supplement or a post-effective amendment may be filed with the SEC to
disclose additional information with respect to the distribution of the shares.
In particular, if we receive notice from a selling stockholder that a donee,
pledgee, transferee or other successor intends to sell more than 500 shares of
our common stock, or that a selling stockholder has entered into a material
arrangement with an underwriter or broker-dealer for the sale of shares covered
by this prospectus, then to the extent required we will file a supplement to
this prospectus.
The
validity of the securities offered hereby has been passed upon for us by Wood
& Sartain, LLP, Dallas, Texas.
The
financial statements as of and for the years ended December 31, 2004 and 2003,
incorporated in this prospectus by reference from Citadel's Annual Report on
Form 10-KSB for the year ended December 31, 2004, have been audited by KBA Group
LLP, independent registered accounting firm, as stated in their report, which is
incorporated herein by reference, and have been so incorporated in reliance upon
the report of such firm given upon their authority as experts in accounting and
auditing.
The
Securities and Exchange Commission (SEC) allows us to “incorporate by reference”
the information we file with it, which means that we can disclose important
information to you by referring to those documents. The documents we incorporate
by reference are considered to be part of this prospectus, and later information
that we file with the SEC will automatically update and supersede this
incorporated information.
The
following documents which we have filed with the Commission (File No. 000-33491)
pursuant to the Exchange Act of 1934 are incorporated herein by reference:
1. Our
Annual Report on Form 10-KSB for the fiscal year ended December 31, 2004,
including any documents or portions thereof incorporated by reference therein;
2. Our
Quarterly Report on Form 10-Q for the fiscal quarter ended March 31, 2005,
including any documents or portions thereof incorporated by reference therein;
3. The
description of our common stock under the caption “Description of Capital Stock
“ included in the Company's Registration Statement on Form 10-SB/A, filed on
April 22, 2002 with the Securities and Exchange Commission under Section 12 of
the Exchange Act, as amended, including any amendment or report filed for the
purpose of updating such description.
All other
documents filed by us pursuant to Sections 13(a), 13(c), 14 or 15(d) of the
Exchange Act subsequent to the date of this prospectus and prior to the
termination of this offering.
Any
statement contained in any document incorporated or deemed to be incorporated by
reference herein shall be deemed to be modified or superseded for purposes of
this prospectus to the extent that a statement contained herein or in any
subsequently filed document which also is or is deemed to be incorporated by
reference herein modifies or supersedes such statement. Any such statement so
modified or superseded shall not be deemed, except as modified or superseded, to
constitute a part of this prospectus.
We also
disclose information about us through current reports on Form 8-K that are
furnished to the SEC to comply with Regulation FD. This information disclosed in
these reports is not considered to be “filed” for purposes of Section 18 of the
Securities Exchange Act of 1934, is not subject to the liabilities of that
section and is not incorporated by reference herein.
We will
provide without charge to each person, including any beneficial owner, to whom
this prospectus is delivered, upon written or oral request of any such person, a
copy of any or all of the documents incorporated in this prospectus by reference
(except for exhibits, unless the exhibits are specifically incorporated by
reference into the filing). Requests for documents should be directed to Steven
B. Solomon, our CEO, at Two Lincoln Centre, Suite 1600, 5420 LBJ Freeway,
Dallas, Texas 75240, (214) 520-9292.
We have
filed with the Commission a Registration Statement on Form S-3 under the
Securities Act of 1933 covering the shares offered by this prospectus. This
prospectus does not contain all of the information set forth in the Registration
Statement and the exhibits thereto. Statements contained in this prospectus as
to the contents of any contract or other document referred to are not
necessarily complete and in each instance such statement is qualified by
reference to each such contract or document.
The
Company is subject to the informational requirements of the Exchange Act, and in
accordance therewith files reports and other information with the Commission.
Copies of such material can be obtained from the Public Reference Section of the
Commission at 450 Fifth Street, N.W., Washington, D.C. 20549. The Company is an
electronic filer, and the Commission maintains a web site that contains reports,
proxy and information statements, and other information regarding the Company at
www.sec.gov./edgar.html.
We make
available, free of charge, through our investor relations web site our reports
on Forms 10-KSB, 10-QSB, 10-Q and 8-K, and amendments to those reports, as soon
as reasonably practicable after they are filed with the SEC. Also available
through our investor relations web site are reports filed by our directors and
executive officers on Forms 3, 4 and 5, and amendments to those reports. The URL
for our investor relations web site is www.citadel.com/investor.asp.
Available
on our web site at www.citadel.com are: (i) our charters for the Audit and
Compensation Committees of our board of directors; (ii) our Code of Business
Conduct; and (iii) the company’s Code of Ethics for Chief Executive Officer and
Senior Financial Officers. Stockholders may request copies of these documents by
writing to Two Lincoln Centre, Suite 1600, 5420 LBJ Freeway, Dallas, Texas
75240, Attention: Investor Relations.
INDEMNIFICATION
Our
Certificate of Incorporation and bylaws and Section 145 of the Delaware General
Corporation Law, allow, and in some cases require, the indemnification of
directors and officers under some circumstances, grant our directors and
officers a right to indemnification to the fullest extent permitted by law for
all expenses relating to civil, criminal, administrative or investigative
procedures to which they are a party (i) by reason of the fact that they are or
were directors or officers of Citadel or (ii) by reason of the fact that, while
they are or were directors or officers of Citadel, they are or were serving at
the request of Citadel as a director, officer or employee of another enterprise.
Citadel's bylaws further provide that an advancement for any such expenses shall
only be made upon delivery to Citadel by the indemnitee of an undertaking to
repay all amounts so advanced if it is ultimately determined that such
indemnitee is not entitled to be indemnified by Citadel.
INDEMNIFICATION
AGREEMENTS
We have
also entered into indemnification agreements with some of our directors and
officers. These agreements require us to indemnify these directors and officers
with respect to their activities as directors or officers of Citadel or when
serving at our request as a director, officer or trustee of another corporation,
trust or other enterprise against expenses (including attorneys' fees,
judgments, fines and amounts paid in settlement) actually and reasonably
incurred by them in any threatened, pending or completed suit or proceeding
(civil, criminal administrative or investigative) to which they are, or are
threatened to be made, parties as a result of their service to Citadel. We have
agreed to indemnify each indemnitee for any one or a combination of the
following, whichever is most advantageous to the indemnitee, as determined by
the indemnitee (i) the benefits provided by our certificate of incorporation and
bylaws in effect on the date of the indemnification agreement; (ii) the benefits
provided by our certificate of incorporation and bylaws at the time expenses are
incurred by the indemnitee; (iii) the benefits allowable under Delaware law in
effect on the date of the indemnification agreement; (iv) the benefits allowable
under the law of the jurisdiction under which Citadel exists at the time
expenses are incurred by the indemnitee; (v) the benefits available under
liability insurance obtained by Citadel; and (vi) such other benefits as may be
otherwise available to indemnitee under our existing practices. Under the
indemnification agreements, each indemnitee will continue to be indemnified even
after ceasing to occupy a position as an officer, director, employee or agent of
Citadel with respect to suits or proceedings arising out of acts or omissions
during his service to Citadel. Each indemnitee will agree to notify Citadel
promptly of any proceeding brought or threatened and not to make any admission
or settlement without Citadel's consent, unless the indemnitee determines to
undertake his own defense and waives the benefits of the indemnification
agreement.
Insofar
as indemnification for liabilities arising under the Securities Act of 1933 (the
“Act” or “Securities Act”) may be permitted to directors, officers or persons
controlling us pursuant to the foregoing provisions, or otherwise, we have been
advised that in the opinion of the Securities and Exchange Commission, such
indemnification is against public policy as expressed in the Act and is,
therefore, unenforceable.
LIABILITY
AND INDEMNIFICATION OF DIRECTORS AND OFFICERS LIMITATION ON LIABILITY OF
DIRECTORS
Pursuant
to authority conferred by Section 102 of the Delaware General Corporation Law,
Article X of Citadel's certificate of incorporation (Article X) eliminates the
personal liability of Citadel's directors to Citadel or its stockholders for
monetary damages for breach of fiduciary duty as a director, except to the
extent that such exemption from liability or limitation thereof is not permitted
under the Delaware General Corporation Law as currently in effect or as it may
hereafter be amended. Under the Delaware General Corporation Law as in effect on
the date hereof, Citadel's directors remain liable for (i) any breach of the
duty of loyalty to Citadel or its stockholders, (ii) any act or omission not in
good faith or which involves intentional misconduct or a knowing violation of
law, (iii) any violation of Section 174 of the Delaware General Corporation Law,
which proscribes the payment of dividends and stock purchases or redemptions
under certain circumstances and (iv) any transaction from which directors derive
an improper personal benefit. Article X provides that any future repeal or
amendment of its terms (including any amendment or repeal of Article X made by
virtue of any change in the Delaware General Corporation Law) will not adversely
affect any rights of directors existing thereunder with respect to acts or
omissions occurring prior to such repeal or amendment.
|
NO
DEALER, SALESMAN OR OTHER PERSON HAS BEEN AUTHORIZED TO GIVE ANY
INFORMATION OR TO MAKE ANY REPRESENTATIONS, OTHER THAN THOSE CONTAINED IN
THIS PROSPECTUS, AND, IF GIVEN OR MADE, SUCH INFORMATION OR
REPRESENTATIONS MUST NOT BE RELIED UPON AS HAVING BEEN AUTHORIZED BY THE
COMPANY. THIS PROSPECTUS DOES NOT CONSTITUTE AN OFFER TO SELL, OR A
SOLICITATION OF AN OFFER TO BUY, ANY SECURITIES OFFERED HEREBY BY ANYONE
IN ANY JURISDICTION IN WHICH SUCH OFFER OR SOLICITATION IS NOT AUTHORIZED
OR IN WHICH THE PERSON MAKING SUCH OFFER OR SOLICITATION IS NOT QUALIFIED
TO DO SO OR TO ANYONE TO WHOM IT IS UNLAWFUL TO MAKE SUCH OFFER, OR
SOLICITATION. NEITHER THE DELIVERY OF THIS PROSPECTUS NOR ANY SALE MADE
HEREUNDER SHALL, UNDER ANY CIRCUMSTANCES, CREATE ANY IMPLICATION THAT THE
INFORMATION HEREIN CONTAINED IS CORRECT AS OF ANY TIME SUBSEQUENT TO THE
DATE OF THIS PROSPECTUS.
|
|
PROSPECTUS
_____ __,
2005
PART
II
Information
Not Required in Prospectus
ITEM
14. OTHER EXPENSES OF ISSUANCE AND DISTRIBUTION
The
estimated expenses payable by the Registrant in connection with the issuance and
distribution of the securities being registered are as follows:
|
|
SEC
Registration Fee
|
|
$
|
147.88
|
|
|
Printing
and Engraving Expenses
|
|
$
|
0.00
|
|
|
Legal
Fees and Expenses
|
|
$
|
60,000.00
|
|
|
Accounting
Fees and Expenses
|
|
$
|
3,000.00
|
|
|
|
|
|
|
|
|
Total
|
|
$
|
64,421.88
|
|
|
|
|
|
ITEM
15. INDEMNIFICATION OF DIRECTORS AND OFFICERS
The
Certificate of Incorporation and By-Laws of the Registrant provide that the
Registrant shall indemnify any person to the full extent permitted by the
Delaware General Corporation Law (the “DGCL”). Section 145 of the DGCL, relating
to indemnification, is hereby incorporated herein by reference.
We have
also entered into indemnification agreements with some of our directors and
officers. These agreements require us to indemnify these directors and officers
with respect to their activities as directors or officers of Citadel or when
serving at our request as a director, officer or trustee of another corporation,
trust or other enterprise against expenses (including attorneys' fees,
judgments, fines and amounts paid in settlement) actually and reasonably
incurred by them in any threatened, pending or completed suit or proceeding
(civil, criminal administrative or investigative) to which they are, or are
threatened to be made, parties as a result of their service to Citadel. We have
agreed to indemnify each indemnitee for any one or a combination of the
following, whichever is most advantageous to the indemnitee, as determined by
the indemnitee (i) the benefits provided by our certificate of incorporation and
bylaws in effect on the date of the indemnification agreement; (ii) the benefits
provided by our certificate of incorporation and bylaws at the time expenses are
incurred by the indemnitee; (iii) the benefits allowable under Delaware law in
effect on the date of the indemnification agreement; (iv) the benefits allowable
under the law of the jurisdiction under which Citadel exists at the time
expenses are incurred by the indemnitee; (v) the benefits available under
liability insurance obtained by Citadel; and (vi) such other benefits as may be
otherwise available to indemnitee under our existing practices. Under the
indemnification agreements, each indemnitee will continue to be indemnified even
after ceasing to occupy a position as an officer, director, employee or agent of
Citadel with respect to suits or proceedings arising out of acts or omissions
during his service to Citadel. Each indemnitee will agree to notify Citadel
promptly of any proceeding brought or threatened and not to make any admission
or settlement without Citadel's consent, unless the indemnitee determines to
undertake his own defense and waives the benefits of the indemnification
agreement.
Insofar
as indemnification for liabilities arising under the Securities Act of 1933 may
be permitted to directors, officers and controlling persons of the registrant
pursuant to the foregoing provisions, or otherwise, the registrant has been
advised that in the opinion of the Securities and Exchange Commission such
indemnification is against public policy as expressed in the Securities Act and
is, therefore, unenforceable. In the event that a claim for indemnification
against such liabilities (other than the payment by the registrant of expenses
incurred or paid by a director, officer or controlling person of the registrant
in the successful defense of any action, suit or proceeding) is asserted by such
director, officer or controlling person in connection with the securities being
registered, the registrant will, unless in the opinion of its counsel the matter
has been settled by controlling precedent, submit to a court of appropriate
jurisdiction the question whether such indemnification by it is against public
policy as expressed in the Securities Act and will be governed by the final
adjudication of such issue.
ITEM
16. EXHIBITS
|
EXHIBIT
NUMBER
|
|
DESCRIPTION
|
|
|
|
|
|
|
4.1
|
|
Warrant
to Purchase Common Stock issued to the purchasers (filed as Exhibit 4.1 to
the Form 8-K filed by the Company on May 10, 2005 and incorporated by
reference herein)
|
4.2
|
|
Exchange
Agreement dated as of May 9, 2005 between the Company and Satellite
Strategic Finance Associates, LLC (filed as Exhibit 4.3 to the Form 8-K
filed by the Company on May 10, 2005 and incorporated by reference
herein)
|
4.3
|
|
Series
C Warrant to Purchase Common Stock issued to Satellite Strategic Finance
Associates, LLC (filed as Exhibit 4.4 to the Form 8-K filed by the Company
on May 10, 2005 and incorporated by reference herein)
|
4.4
|
|
Certificate
of Designation, Rights and Preferences of Series B Convertible Preferred
Stock (filed as Exhibit 3.1 to the Form 8-K filed by the Company on May
10, 2005 and incorporated by reference herein)
|
4.5
|
|
Registration
Rights Agreement between the Company and the entities whose name appears
on the signature pages thereof (filed as Exhibit 4.2 to the Form 8-K filed
by the Company on May 10, 2005 and incorporated by reference
herein)
|
4.6
|
|
Loan
and Security Agreement between Citadel and Comerica Bank (filed as Exhibit
10.1 to the Form 10-QSB filed by the Company on May 13, 2004 and
incorporated by reference herein)
|
4.7
|
|
Intellectual
Property Security Agreement between Citadel and Comerica Bank (filed as
Exhibit 10.2 to the Form 10-QSB filed by the Company on May 13, 2004 and
incorporated by reference herein)
|
4.8
|
|
Form
of Warrant to Purchase Stock (filed as Exhibit 10.3 to the Form 10-QSB
filed by the Company on May 13, 2004 and incorporated by reference herein)
|
4.9
|
|
First
Amendment to Loan and Security Agreement between Citadel and Comerica Bank
dated as of December 30, 2004 (filed as Exhibit 99.1 to the Form 8-K filed
by the Company on December 30, 2004 and incorporated by reference herein)
|
4.10
|
|
Second
Amendment to Loan and Security Agreement between Citadel and Comerica Bank
dated as of March 30, 2005 (filed as Exhibit 4.9 to the Form 10-KSB file
by the Company on March 31, 2005 and incorporated by reference herein)
|
10.1
|
|
Securities
Purchase Agreement, dated as of May 9, 2005, among Citadel and the
purchasers identified therein (filed as Exhibit 10.1 to the Form 8-K filed
by the Company on May 10, 2005 and incorporated by reference
herein)
|
10.2
|
|
Consulting
Agreement, dated as of June 6, 2005, among Citadel and CEOCast Inc. (filed
herewith)
|
5.1
|
|
Opinion
of Wood & Sartain, LLP regarding legality of
securities
|
23.1
|
|
Consent of
KBA Group LLP
|
23.2
|
|
Consent
of Wood & Sartain, LLP (included in the opinion filed as Exhibit
5)
|
24.1
|
|
Power
of Attorney (included on signature page to Registration
Statement)
ITEM
17. UNDERTAKINGS
Undertaking
Required by Item 512 of Regulation S-K.
(a) The
undersigned registrant hereby undertakes:
(1) To
file, during any period in which it offers or sells securities, a post-effective
amendment to this Registration Statement to:
(i)
include any prospectus required by Section 10(a)(3) of the Securities Act;
(ii)
reflect in the prospectus any facts or events which, individually or together,
represent a fundamental change in the information in the Registration Statement.
Notwithstanding the foregoing, any increase or decrease in volume of securities
offered (if the total dollar value of securities offered would not exceed that
which was registered) and any deviation from the low or high end of the
estimated maximum offering range may be reflected in the form of prospectus
filed with the Commission pursuant to Rule 424(b) if, in the aggregate, the
changes in volume and price represent no more 20 percent change in the maximum
aggregate offering price set forth in the “Calculation of Registration Fee”
table in the effective Registration Statement;
(iii)
include any material information with respect to the plan of distribution not
previously disclosed in the Registration Statement or any material change to
such information in the registration statement;
PROVIDED,
HOWEVER, that paragraphs (a)(1)(I) and (a)(1)(ii) of this section do not apply
if the Registration Statement is on Form S-3, Form S-8 or Form F-3, and the
information required to be included in a post-effective amendment by those
paragraphs is contained in periodic reports filed with or furnished to the
Commission by the registrant pursuant to section 13 or section 15(d) of the
Securities Exchange Act of 1934 that are incorporated by reference in the
Registration Statement.
(2) That,
for the purpose of determining any liability under the Securities Act, each such
post-effective amendment shall be deemed to be a new registration statement
relating to the securities offered therein, and the offering of such securities
offered therein, and the offering of such securities at that time shall be
deemed to be the initial bona fide offering thereof.
(3) To
remove from registration by means of a post-effective amendment any of the
securities being registered which remain unsold at the termination of the
offering.
(b) The
undersigned registrant hereby undertakes that for purposes of determining any
liability under the Securities Act of 1933, each filing of the registrant's
annual report pursuant to Section 13(a) or Section 15(d) of the Securities
Exchange Act of 1934 (and, where applicable, each filing of an employee benefit
plan's annual report pursuant to section 15(d) of the Securities Exchange Act of
1934) that is incorporated by reference in the registration statement shall be
deemed to be a new registration statement relating to the securities offered
therein, and the offering of such securities at that time shall be deemed to be
the initial bona fide offering thereof.
(c)
Insofar as indemnification for liabilities arising under the Securities Act may
be permitted to directors, officers and controlling persons of the registrant
pursuant to the provisions described in Item 15 hereof or otherwise, the
registrant has been advised that in the opinion of the Securities and Exchange
Commission such indemnification is against public policy as expressed in the
Securities Act and is therefore, unenforceable. In the event that a claim for
indemnification against such liabilities (other than the payment by the
registrant of expenses incurred or paid by a director, officer, controlling
person of the registrant in the successful defense of any action, suit or
proceeding) is asserted by such director, officer or controlling person in
connection with the securities being registered, the registrant will, unless in
the opinion of counsel the matter has been settled by controlling precedent,
submit to a court of appropriate jurisdiction the question whether such
indemnification by it is against public policy as expressed in the Securities
Act and will be governed by the final adjudication of such issue.
SIGNATURES
In
accordance with the requirements of the Securities Act of 1933, the Registrant
certifies that it has reasonable grounds to believe that it meets all of the
requirements for filing on Form S-3 and has authorized this Registration
Statement or Amendment thereto to be signed on its behalf by the undersigned,
thereunto duly authorized, on the 8th day of June, 2005.
|
Citadel
Security Software Inc.
|
|
|
|
By:
|
|
/s/
Steven B. Solomon
|
|
|
Steven
B. Solomon, Chairman, President
and
Chief Executive Officer
POWER
OF ATTORNEY
KNOW ALL
MEN BY THESE PRESENTS, that each person whose signature appears below under the
heading “Signature” constitutes and appoints Steven B. Solomon or Richard
Connelly, or either of them, his true and lawful attorney-in-fact and agent with
full power of substitution and resubstitution, for him and in his name, place
and stead, in any and all capacities to sign any or all amendments to this
Registration Statement, and to file the same, with all exhibits thereto, and
other documents in connection therewith, with the Securities and Exchange
Commission, granting unto said attorneys-in-fact and agents, each acting alone,
full power and authority to do and perform each and every act and thing
requisite and necessary to be done in and about the premises, as fully for all
intents and purposes as he might or could do in person, hereby ratifying and
confirming all that said attorneys-in-fact and agents, each acting alone, or his
substitute or substitutes, may lawfully do or cause to be done by virtue hereof.
In
accordance with the requirements of the Securities Act of 1933, this
Registration Statement or Amendment thereto has been signed by the following
persons in the capacities and on the dates stated.
|
SIGNATURE
|
|
TITLE
|
|
DATE
|
|
|
|
|
|
|
|
|
|
|
/s/
STEVEN B. SOLOMON
|
|
President,
Chief Executive Officer and
|
|
June
8, 2004
|
Steven
B. Solomon
|
|
|
|
|
|
|
(Principal
Executive Officer)
|
|
|
|
|
|
|
|
/s/
RICHARD CONNELLY
|
|
Chief
Financial Officer
|
|
|
|
|
(Principal Financial
|
|
|
Richard
Connelly
|
|
and
Accounting Officer)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Director
|
|
|
Joe
M. Allbaugh
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/s/
CHRIS A. ECONOMOU
|
|
Director
|
|
|
Chris
A. Economou
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/s/
JOHN LEIDE
|
|
Director
|
|
|
Major
General (Ret.) John Leide
|
|
|
|
II-4