<PAGE>

                       SECURITIES AND EXCHANGE COMMISSION
                              WASHINGTON, DC 20549

                               -------------------

                                    FORM 8-K

                                 CURRENT REPORT
                     PURSUANT TO SECTION 13 OR 15(D) OF THE
                         SECURITIES EXCHANGE ACT OF 1934


Date of Report (Date of earliest event reported): October 15, 2001
                                                  ----------------


                                RSA Security Inc.
      ---------------------------------------------------------------------
               (Exact Name of Registrant as Specified in Charter)


          Delaware                     000-25120             04-2916506
------------------------------------------------------------------------------
(State or other Jurisdiction          (Commission           (IRS Employer
      of Incorporation)               File Number)         Identification No.)

36 Crosby Drive, Bedford, Massachusetts                              01730
------------------------------------------------------------------------------
(Address of Principal Executive Offices)                           (Zip Code)

Registrant's telephone number, including area code: (781) 301-5000
                                                    --------------

                                       N/A
     ----------------------------------------------------------------------
          (Former Name or Former Address, if Changed Since Last Report)


<PAGE>

Item 5. OTHER EVENTS.

     In connection with the filing of its Quarterly Report on Form 10-Q for the
quarter ended September 30, 2001, RSA Security Inc. (the "Company") is providing
below under the caption "Business" an updated description of the Company's
business.

                                    BUSINESS

COMPANY OVERVIEW

     We are a leading provider of electronic security, or e-security, solutions.
Our products are designed to help organizations ensure the authenticity of the
people, devices and transactions involved in e-business. Our core competencies
are in strong, two-factor user authentication solutions, authorization software,
public key infrastructure solutions and encryption software. We believe that
through the synergies offered by our RSA SecurID(R), RSA ClearTrust(R), RSA
Keon(R) and RSA BSAFE(R) product lines, we directly address the most critical
e-security requirements for e-business.

MARKET OPPORTUNITY

     Historically, e-security solutions have been deployed primarily to defend
corporate networks from malicious intrusion and to detect new forms or incidents
of attack. These proven, mature e-security solutions include firewalls,
anti-virus software, intrusion detection applications and vulnerability
assessment products and services.

     As more organizations conduct business online to reduce costs and compete
more aggressively and more efficiently, a new class of e-security applications
is being deployed to enable all forms of e-business, including commerce and
communications conducted through corporate intranets, extranets and other
Internet-based applications.

     Enabling secure e-business involves creating the same trust relationships
that currently exist on paper in the brick-and-mortar world, so organizations
can conduct e-business with the same confidence with which they conduct
traditional commerce. The four essential requirements for e-security are:

     -    identifying users;

     -    controlling what users can see and do;

     -    protecting the privacy and integrity of information; and

     -    creating transactional integrity.

     The enabling e-security technologies designed to solve these problems are
authentication, authorization, public key infrastructure, or PKI, and
encryption.


                                       2
<PAGE>

COMPANY HISTORY

     Since our inception in 1986, we have focused on the fundamental need for
user identification and authentication, with an emphasis on solutions for secure
remote access to enterprise networks. In July 1996, to further our strategy and
extend our product line, we acquired RSA Data Security, Inc., a leader in
cryptography solutions that address the need for data privacy and integrity.

     In July 1997, we acquired DynaSoft AB, a vendor of platform-independent
security solutions for distributed client/server networks. In January 1999, we
introduced the RSA Keon product line, a family of public key
infrastructure-based products, initially based on DynaSoft's BoKS technology and
designed to provide organizations with application security and flexible
electronic commerce solutions. In September 1999, we introduced the
next-generation, standards-based implementation of the RSA Keon solution. Also
in September 1999, we changed our name from Security Dynamics Technologies, Inc.
to RSA Security Inc.

     In February 2001, we acquired Xcert International, Inc., a company that
developed and delivered digital certificate-based products for securing
e-business transactions. We acquired Xcert to increase our PKI market share and
revenue, to enhance our ability to secure applications that serve the
business-to-business and Internet markets, and to add talent that will assist
with the acceleration of our PKI product calendar. As a result of the
acquisition, Xcert's Sentry CA line of products became part of our RSA Keon PKI
product family.

     In May 2001, we acquired 3-G International, Inc., a privately held company
that develops and delivers smart card and biometric authentication products. As
a result of this acquisition, we introduced a new smart card authentication
solution called RSA SecurID Passage, which is designed to offer greater security
than traditional passwords as a means to access workstations, networks and
applications. In the same month, we also acquired the assets of Transindigo
Inc., a company that developed real-time authorization software products.

     In September 2001, we acquired Securant Technologies, Inc., a privately
held company that developed and delivered the award-winning ClearTrust
authorization solution. We acquired Securant to enable RSA Security to provide
leadership in the growing authorization market segment that is being driven by
organizations that need to both expand the number and types of users who can
access their networks, applications and Web sites, and at the same time,
consolidate their numerous Web sites under a comprehensive portal management
system. As a result of the Securant acquisition, we established the RSA
ClearTrust authorization solution as our fourth product line.

THE RSA SOLUTION

     We deliver complementary, interoperable, best-of-breed solutions that
address the fundamental security problems of all e-business processes. Our
solutions are designed to solve the following four critical e-security problems.


                                       3
<PAGE>

  User Identification and Authentication

     First, a user's identity must be reliably authenticated. This ensures that
unauthorized users do not gain access to computer networks and applications and
that organizations are certain of the identities of those with whom they are
doing business. There are a number of popular methods of user identification,
including:

     -    something secret the user knows, such as a word, phrase, personal
          identification number, or PIN, code or fact;

     -    something physical the user possesses, such as a key, token, smart
          card, badge or other form of discrete "authenticator," which is
          resistant to counterfeiting; and

     -    something unique to the user, such as a fingerprint, signature,
          retinal pattern, voice print or other measurable personal
          characteristic or "biometric."

     Our RSA SecurID solutions provide centrally managed, strong, two-factor
user authentication services, which are designed to ensure that only authorized
users gain access to data, applications and communications, thereby protecting
network and data resources from accidental or malicious intrusion.

  Access Control and Privilege Management

     Once the user's identity has been established, an organization must verify
that the user is authorized to access the specific information he or she is
seeking. One of the key challenges facing organizations is the proliferation of
passwords required for users to access disparate operating systems,
applications, Web sites and databases. Products providing access control and
privilege management must protect and manage access to information and
applications and control user privileges at multiple levels, including network,
application, Web page and data levels. Our RSA ClearTrust authorization solution
centrally controls and manages user access privileges to Web-based resources
based on definable user attributes, business rules and security policies. It is
designed to work within intranets, extranets, portals and exchange
infrastructures - all while providing users with transparent, single sign-on
within or across multiple sites and domains. RSA ClearTrust has won a number of
industry awards, including Network Computing's Editor's Choice and
NetworkWorld's Blue Ribbon.

  Transactional Integrity

     Organizations need to be confident that the transactions they conduct
online have the same integrity and legal standing as those they conduct using
traditional, paper-based processes. Many countries around the world have enacted
laws that give "electronic" or "digital" signatures the same legal standing as
hand-written signatures for many types of transactions. Our RSA Keon PKI
solutions are designed to enable users to digitally "sign" forms and documents
to insure transactional integrity, and are among the fastest-growing products in
this market segment.


                                       4
<PAGE>

  Data Privacy, Integrity and Authentication

     In addition to authenticating the identity of users and ensuring that only
authorized users access, view or modify certain data, a comprehensive e-security
solution must ensure that the data transmitted over networks are not disclosed
to unauthorized persons (data privacy), have not been altered or compromised by
unauthorized manipulation (data integrity) and were actually transmitted by the
purported sender (data authentication). Our RSA BSAFE cryptographic security
developer tools and components are designed to enable software developers to
reliably incorporate e-security into a wide range of software applications and
hardware devices, and have been incorporated into more than a billion units of
products to protect the privacy and integrity of information and communications.

THE RSA STRATEGY

     Our objective is to maintain our position as a leading provider of
e-security solutions. To achieve this objective, we are pursuing the following
strategies:

  Leverage Product Synergies

     We believe that one of our competitive advantages is the synergies shared
by our RSA SecurID, RSA ClearTrust, RSA Keon and RSA BSAFE product lines. We
believe we are the only e-security vendor that can offer application-specific
solutions comprised of products from complementary authentication,
authorization, PKI and encryption product lines. The synergies shared by our
product lines gives us the opportunity, once we sell one product to a customer,
to sell additional complementary products from other product lines to the same
customer. As a result, our customers have increased choice and greater
flexibility when deciding how to deploy e-security solutions with their current
and future applications.

  Maintain Technological Leadership

     We plan to continue to add new capabilities and features to our e-security
products to meet our customers' evolving needs. We are a founding member of the
Liberty Alliance Project, a multi-industry consortium formed to create an open,
multi-entity solution for online identity. We expect to maintain a leading role
in basic cryptographic research, develop new technologies and maintain close
working relationships with leading academic centers and custom development
teams. We intend to support the proliferation of PKI as a key element of
e-business through the marketing of and participation in industry initiatives
such as the PKI Forum, an industry-led collaboration to accelerate the adoption
of PKI technology and PKI-based solutions as a trusted, secure foundation for
e-business applications.

  Expand Market Opportunities

     We intend to expand our market opportunities through investments and
partnerships, industry initiatives and marketing designed to heighten awareness
of e-security issues. Through our RSA Secured partner program, we have
established


                                       5
<PAGE>

strategic relationships with more than 500 industry-leading vendors. We also
seek to heighten awareness regarding e-security issues through marketing
programs such as our annual RSA Conference.

  Expand Indirect Sales and Support Channel

     We currently sell our products through a direct sales force and through
relationships with a significant number of original equipment manufacturers and
developers, value-added resellers and distributors. We believe that an expanded
indirect sales and support channel enables us to enter new markets and gain
access to a larger installed base of potential customers in a cost-effective
manner.

  Expand International Presence

     We believe that international markets present a large, relatively new
market for e-security products. Sales outside the Americas as a percentage of
our total revenue were approximately 34.6% in 1998, 30.3% in 1999, 33.2% in 2000
and 38.6% in the nine months ended September 30, 2001. We have offices
throughout the United States, Canada, Europe, Asia, Japan and Australia and plan
to continue to expand our international business by establishing new offices,
hiring additional sales personnel, establishing additional distribution
arrangements, primarily in Europe and Asia, and developing local presences in
new markets.

PRODUCTS

     We offer a range of products and technologies that are designed to help
organizations secure their e-business processes by ensuring the authenticity of
people, devices and transactions. Our core competencies are in four product
lines - RSA SecurID, RSA ClearTrust, RSA Keon and RSA BSAFE - which deliver
two-factor user authentication, authentication, public key infrastructure and
encryption solutions, respectively. We derive our operating revenue primarily
from two distinct product groups: Enterprise solutions, which includes RSA
SecurID authenticators, RSA ACE/Server software, RSA ClearTrust software, RSA
Keon software and related maintenance and professional services, and Developer
solutions, which includes RSA Keon components, RSA BSAFE cryptographic software
and protocol products, and related maintenance and professional services.

  RSA SecurID Authentication Solutions

     RSA SecurID solutions provide centrally managed, strong, two-factor user
authentication services for enterprise networks, operating systems, e-business
Web sites and other information technology infrastructures. These solutions are
designed to ensure that only authorized users gain access to data, applications
and communications. Supporting a range of authentication devices, including
hardware tokens, key fobs, smart cards, cellular telephones, personal digital
assistants and software tokens, RSA SecurID solutions are designed to create a
barrier against unauthorized access, protecting network and data resources from
potentially devastating accidental or malicious intrusion. RSA


                                       6
<PAGE>

SecurID installations are managed with RSA ACE/Server authentication management
software, which has the ability to scale deployments for hundreds of thousands
of users.

     RSA SecurID user identification and authentication products combine two
methods of user identification -- something secret the user knows (a personal
identification number) and something the user physically has (the RSA SecurID
authenticator). To gain access to a protected resource, a user enters his or her
PIN and the "authenticator code" that is automatically computed and displayed on
the user's RSA SecurID authenticator. The PIN and the authenticator code
together form the user's "pass code." With a valid pass code, the authorized
user is identified, authenticated and granted access to appropriate information
resources.

     Each RSA SecurID authenticator contains our proprietary technology and is
programmed with a secret, randomly generated seed number unique to the
individual user's authenticator. The seed number and Greenwich Mean Time are
used to generate code sequences at set intervals (typically every 60 seconds),
which are then matched to the RSA ACE/Server software using the same seed number
and Greenwich Mean Time to generate a server code corresponding to the user's
authenticator code.

     In 2001, we expanded our RSA SecurID authentication family of products to
include innovative smart card offerings. The RSA SecurID Passage smart card
solution logs users directly into their Microsoft Windows 2000 and Active
Directory environments, replacing static passwords with the added security of
certificate and smart card based authentication. The RSA SecurID Passage smart
card solution is designed to securely store two X.509 v 3 certificates and
private key pairs from virtually any certificate authority, so users can start
with a stand-alone certificate authentication solution and migrate to full PKI
as their needs dictate.

     RSA SecurID Card Studio is a smart card personalization system that allows
users to customize smart cards to fit their unique security and business
initiatives. This system is designed to enable customers to program the smart
card chip for PKI and graphically personalize the outside of the card to add
picture ID, magnetic stripes for physical access, corporate logos and employee
names.

  RSA ClearTrust Authorization Software

     RSA ClearTrust authorization software is designed to be a unified privilege
management solution that helps enable secure access to Web-based resources. It
is designed to work within intranets, extranets, portals and exchange
infrastructures - all while providing users with transparent, single sign-on
within or across multiple sites and domains. RSA ClearTrust authorization
software centrally controls and manages user access privileges to Web-based
resources based on definable user attributes, business rules and security
policies that directly reflect the objectives of e-business. The RSA ClearTrust
authorization solution was recently named the best product in the authorization
market segment, winning both Network Computing's Editor's Choice and
NetworkWorld's Blue Ribbon awards.


                                       7
<PAGE>

     The RSA ClearTrust solution is intended to enable organizations to delegate
administrative tasks, thereby supporting the scalability requirements associated
with deployment of large user populations. It is also designed to automate
authorization policy updates and provide out-of-the-box integration for diverse
customer environments.

     RSA ClearTrust technology offers ease and speed of deployment through
plug-and-play integration with existing directory services, authentication
services, PKI, Web servers and application servers. In addition, RSA ClearTrust
Smart Rules technology is designed to enable customers to efficiently map
business rules to authorization policies.

     The RSA ClearTrust system features an intuitive, graphical user interface
that is designed to mask the complexity of administering user access privileges.
Further, the system is designed to allow for multi-level delegation of
administrative functions across an organization and between partners, lowering
management costs, improving user privilege management and enabling extranet
scalability.

     The RSA ClearTrust solution is an open, interoperable, Java-based
architecture that is intended to provide a unified security management solution
for integrating into existing, heterogeneous, multi-vendor environments.

  RSA Keon PKI Software

     Our RSA Keon PKI solutions are a family of interoperable, standards-based
PKI software modules for managing digital certificates and creating an
environment for authenticated, private and legally binding electronic
communications and transactions. RSA Keon software is designed to be easy to use
and interoperable with other standards-based PKI solutions, and to feature
enhanced security through its synergy with the RSA SecurID authentication and
RSA BSAFE encryption product families.

     RSA Keon technology provides a common foundation for securing Internet and
e-business applications. The RSA Keon family contains software modules for both
enterprise customers that need turnkey solutions, and for enterprise customers
and developers that want to build their own standards-based, native PKI
applications or take advantage of PKI-aware applications. RSA Keon components
include:

     -    RSA Keon Certificate Authority (CA), a PKI product that became part of
          the RSA Keon family as a result of our acquisition of Xcert
          International. RSA Keon CA combines the best features of the RSA Keon
          Certificate Server and Xcert Sentry products to offer advanced
          certificate authority features, including hardware-based key recovery,
          scalability to 8 million seats, a distributed RA/CA architecture and
          flexible trust management options including cross-certificate support.
          The RSA Keon CA also includes RSA Keon One Step, a software module
          designed to simplify the registration and issuance of certificates.

     -    RSA Keon Advanced PKI, a set of software modules designed to be built
          on top of the RSA Keon Certificate Server, or any other
          standards-based certificate source, such as VeriSign Onsite, Netscape
          Certificate Management


                                       8
<PAGE>

          Software or Baltimore UniCERT. RSA Keon Advanced PKI provides a
          variety of services designed to overcome common barriers to PKI
          deployment by making digital certificates transparent across multiple
          applications, enforcing security policies for certificate and
          credential use and enabling the integration of multiple certificate
          and directory sources. RSA Keon Advanced PKI comprises the RSA Keon
          Security Server and RSA Keon Desktop components, as well as RSA Keon
          agents, RSA Keon Application Integration software developer kits and
          RSA BSAFE Cert-C and Cert-J encryption tools for integrating non-PKI
          applications with RSA Keon software.

     -    RSA Keon Web Passport, a standards-based product that is designed to
          make PKI easy to use. RSA Keon Web Passport is designed for
          environments where a desktop footprint is not appropriate and
          interoperability with applications like browsers, mail clients and Web
          authorization systems is required. The small, downloaded plug-in
          seamlessly integrates with browsers, mail clients, and other
          applications to help enable digital signing, user-authenticated SSL,
          secure email and VPNs.

  RSA BSAFE Cryptographic Software

     RSA BSAFE software is a family of platform-independent cryptographic
security developer tools and components, which are designed to enable software
developers to reliably incorporate e-security into a wide range of software
applications and hardware devices. RSA BSAFE encryption components are used to
secure applications for electronic commerce and services over the Internet and
intranets, enterprise security, entertainment, wireless communications, the
delivery of digital information over cable and other uses. Our RSA BSAFE
products include:

     -    RSA BSAFE Crypto-C and Crypto-J, popular core cryptography components
          for the C and Java programming languages.

     -    RSA BSAFE Cert-C and Cert-J, standards-based certificate processing
          tools for C and Java.

     -    RSA BSAFE IPSEC-C, for rapidly developing secure networking products
          that meet the highest standards of reliability, performance and
          interoperability.

     -    RSA BSAFE Wireless Core, which enables developers of wireless products
          to select only the algorithms needed in reduced code sizes.

     -    RSA BSAFE Broadband cryptographic software, which allows developers to
          quickly integrate tested, reliable security into their cable broadband
          devices - including cable modems, set-top boxes and multimedia
          terminal adapters.

STRATEGIC PARTNERS

     Historically, we have placed a premium on establishing interoperability
between our products and those of other vendors. To that end, we invest in and
support a strategic partnering program under the name of "RSA Secured." The RSA
Secured partner program is designed to help vendors integrate or establish
interoperability between


                                       9
<PAGE>

partner products and our products, including the RSA SecurID, RSA ClearTrust,
RSA Keon and RSA BSAFE product lines. The RSA Secured partner program includes
three specific programs:

     -    We test and certify interoperability between our RSA SecurID and RSA
          ACE/Server products and products from vendors of remote access
          devices, Internet firewalls, network and applications software and
          virtual private network products. We have certified more than 210
          vendor applications as part of our RSA Secured SecurID Ready program,
          making this program one of the largest certified strong authentication
          partner programs in the industry.

     -    We offer interoperability testing and certification for vendors
          seeking to ensure interoperability between their products and our RSA
          Keon PKI solutions. We have certified more than 150 vendor
          applications as part of our RSA Secured Keon Ready program, making
          this program one of the largest certified partner programs in the PKI
          industry. We believe that the mandatory certification testing in our
          RSA SecurID and Keon Ready programs sets these interoperability
          programs apart from those of our competitors, some of whom do not test
          the interoperability between their products and their partners'
          products.

     -    We offer specific programs for licensees of our RSA BSAFE technology,
          who incorporate RSA BSAFE software into their products.

     Collectively, through all of the RSA Secured partner programs, we have
strategic relationships with more than 500 vendors, including Apple Computer,
AT&T, Check Point, Cisco Systems, Compaq, IBM, Intel, Microsoft, Nortel
Networks, Novell, Oracle, Sun Microsystems and others, who have integrated our
technologies into more than 1,000 products. The end-user customers of the
vendors who have joined the RSA Secured partner program can purchase
authenticators and license RSA ACE/Server software directly from us. We believe
that these relationships help us and our customers expand their enterprise
network coverage and assist us in increasing our customer base.

     We have created marketing programs to foster the use of the RSA Secured
logo on vendor products that incorporate our technologies or are interoperable
with our products. These programs include but are not limited to listings in
online directories, use of logos on product packaging and promotional materials,
RSA Secured advertising and access to marketing funds and joint promotional
activities, such as tradeshows, advertising, direct mail and joint press
releases.

SALES AND MARKETING

     We have established a multi-channel distribution and sales network to serve
the e-security market. We sell and license our products directly to end users
through our direct sales force and indirectly through a network of original
equipment manufacturers, or OEMs, value-added resellers, or VARs, and
distributors. In addition, we support our direct and indirect sales efforts
through strategic marketing relationships and public relations programs, trade
shows and other marketing activities.


                                       10
<PAGE>

     In support of our sales efforts, we conduct sales training courses and
comprehensive targeted marketing programs, including direct mail, public
relations, advertising, seminars, trade shows, interactive marketing,
telemarketing and ongoing customer and third-party communications programs. We
also seek to stimulate interest in e-security through our public relations
program, speaking engagements, white papers, technical notes and other
publications.

     Our direct sales staff focuses on major accounts, provides technical advice
and support with respect to our products and works closely with our customers,
developers, VARs and distributors.

     We also market, sell and license our products indirectly through our RSA
SecurWorld network of OEMs, VARs and distributors. As of September 30, 2001, we
had distributor and reseller relationships with approximately 350 OEMs, VARs and
distributors.

     Generally, we sell our RSA BSAFE products to developers through our direct
sales force, rather than through distributors.

     To enhance demand for our products, we have participated in the development
of various industry-specific protocols that incorporate our RSA BSAFE
cryptographic data security technologies. We also host our own annual industry
conference, the RSA Conference, and participate in other conferences to increase
demand for our products. Through our RSA Laboratories division, we maintain a
leading role in basic cryptographic research, develop new encryption
technologies and maintain close working relations with leading academic centers
and customer development teams.

     Our business has historically tended to be seasonal, with the last quarter
of the year having the highest amount of revenue and the first quarter of the
year having the lowest amount of revenue. We believe that the higher amounts of
revenue in the last quarter is due to our quota-based compensation plans,
year-end budgetary pressures on our customers and the tendency of some of our
customers to implement changes in e-business security just before the end of the
calendar year. In addition, revenue tends to slow in the summer months,
particularly in Europe, when many businesses defer purchase decisions.

CUSTOMERS

     As of September 30, 2001, we have sold more than 10 million RSA SecurID
authenticators to more than 8,000 customers worldwide. Historically, our
principal customers have been in the telecommunications, pharmaceutical,
financial and healthcare industries as well as academic institutions, research
laboratories and government organizations. These customers generally work with
highly confidential information and are sophisticated and knowledgeable
purchasers of e-security systems. We believe that as corporate networks
proliferate and become more complex, the number of industries concerned with
e-security will grow.


                                       11
<PAGE>

     As of September 30, 2001, we had licensed our RSA BSAFE encryption engine
and patented technology to more than 1,000 organizations that typically
incorporate the encryption technology into their products. RSA BSAFE encryption
technology is embedded in current versions of Microsoft Windows NT, Microsoft
Internet Explorer, Netscape Navigator, Quicken by Intuit, Lotus Notes and
numerous other products, including mobile phones, pagers and other wireless
products of Ericsson, Matsushita, Nokia, Openwave Systems (formerly Phone.com)
and Symbian. We also license RSA BSAFE encryption technology directly to
enterprise customers for incorporation into their business, financial and
electronic commerce networks. RSA BSAFE technologies are part of existing and
proposed standards for the Internet and World Wide Web, ITU, ISO, ANSI and IEEE.

     No customer accounted for more than 5% of our total revenue in 1998, 1999,
2000 or the nine months ended September 30, 2001.

CUSTOMER SERVICE AND SUPPORT

     We maintain a customer support help desk, technical support organization
and professional services group at our headquarters in Bedford, Massachusetts
and at other locations throughout the world. We offer telephone and Web support
for certain of our products 24 hours a day, seven days a week. We also have
field technical support personnel who work directly with our direct sales force,
distributors and customers.

     Our standard practice is to provide a warranty on all RSA SecurID
authenticators for the customer-selected programmed life of the authenticator
(generally three to four years) and to replace any damaged authenticators (other
than authenticators damaged by a user's abuse or alteration) free of charge. We
generally sell each of our other products to customers with a warranty for
product defects for specified periods. At the time of purchase, customers may
elect to purchase a maintenance contract for 12-month renewable periods. Under
these contracts, we agree to provide corrections for documented program errors;
version upgrades for both software and, if applicable, firmware; telephone
consultation; and Web-based access to solutions, patches and documentation.

PRODUCT DEVELOPMENT

     Our product development efforts are focused on enhancing the functionality,
reliability, performance and flexibility of our existing products. We are
developing architectures and technologies to continually enhance the
administrative capabilities and scalability of our RSA ACE/Server, RSA
ClearTrust and RSA Keon products and to increase interoperability with
additional network operating systems, applications and directory services. We
are also developing tools to assist customers, strategic partners and other
third-party integrators in integrating our products with custom and other
third-party network or system applications.


                                       12
<PAGE>

     We are working to improve our competitive position by developing
standards-based protocols and solutions that address the needs of specific
market segments and build on our industry-leading RSA BSAFE technology.

     In addition to enhancing our existing products, we continue to identify and
prioritize various technologies for potential future product offerings. We may
develop these products internally or enter into arrangements to license or
acquire products or technologies from third parties.

     Our product development staff, which at September 30, 2001 consisted of
approximately 435 employees working in eight development centers worldwide,
engages in software and hardware engineering, testing and quality assurance and
technical documentation. We also engage outside contractors where appropriate to
supplement our in-house expertise or expedite projects based on customer or
market demand.

MANUFACTURING AND SUPPLIERS

     We currently contract for the manufacture of RSA SecurID authenticators
with two suppliers, one in China and one in Thailand. We have generally been
able to obtain adequate supplies of RSA SecurID authenticators in a timely
manner and believe that alternate vendors could be identified if our current
vendors were unable to fulfill our needs.

     RSA ACE/Server, RSA ClearTrust, RSA Keon and RSA BSAFE software products
are distributed on standard magnetic diskettes, compact disks and tapes together
with documentation. We contract with media duplication subcontractors for the
majority of our media duplication. We have the capability to do all media
duplication in-house, but limit this use to small production runs such as beta
programs.

     Although we generally use standard parts and components for our products,
some components are currently available only from limited sources. For example,
Sanyo Electric Co., Ltd. and Epson Electronics are our only suppliers for the
microprocessor chips contained in our RSA SecurID products. If we were unable to
obtain a sufficient supply of these or any other components, then we might be
unable to fill customer orders and might have to expend significant resources to
find new suppliers. As a result, we attempt to maintain a three-to-four-month
supply in inventory. We believe that it would take approximately six months to
identify and commence production of suitable replacements for the microprocessor
chip used in RSA SecurID authenticators.

COMPETITION

     The market for e-security products is highly competitive and subject to
rapid change. We believe that competition in this market is likely to intensify
as a result of increasing demand for e-security products. We currently
experience direct and indirect competition from a number of sources, including
software operating systems suppliers and application software vendors that
incorporate a single-factor static password security system into their products;
vendors of hardware tokens competitive with RSA SecurID products; smart card
security device vendors; biometric security device vendors; vendors


                                       13
<PAGE>

of authorization solutions; PKI and cryptographic software firms; and
application access providers. In some cases, these vendors also support our
products and those of our competitors. In the future, we may also face
competition from these and other parties that develop e-security products based
upon approaches similar to or different from those we employ, including
operating system or network suppliers not currently offering competitive
e-security products.

     We believe that the principal competitive factors affecting the market for
e-security products include technical features, ease of use, interoperability,
quality/reliability, level of security, customer service and support,
distribution channels and price.

PROPRIETARY RIGHTS

     We rely on a combination of patent, trade secret, copyright and trademark
laws, software licenses, nondisclosure agreements and technical measures to
protect our proprietary technology. We also generally enter into nondisclosure
and assignment of inventions agreements with our employees and confidentiality
and/or license agreements with our distributors, strategic partners and
customers and potential customers, and limit access to and distribution of our
software, documentation and other proprietary information.

     Our 29 issued U.S. patents expire at various dates ranging from 2005 to
2018. Our 32 foreign patents expire at various dates between 2005 and 2014. We
have also filed patent applications on inventions embodied in new technologies
that we developed and on inventions that may be useful in the field of
e-security. There can be no assurance that any of these applications will result
in an issued patent.

     We have registered, or are seeking to register, our trademarks and service
marks in countries where we are selling our products. However, from time to time
third parties have opposed our pending trademark and service mark applications,
and we may face such opposition in the future to our current or future
applications. Furthermore, some national trademark offices may not permit us to
register the marks on terms that we find acceptable. We will seek to enforce our
trademark and service mark rights against third parties who are marketing goods
or services under marks that we consider confusingly similar to our marks.
However, there can be no assurance that we will prevail in any enforcement
action. We may also seek to purchase or license trademarks from third parties,
but there can be no assurance that we will be able to purchase or license
trademarks on commercially favorable terms or at all.

GOVERNMENT REGULATION AND EXPORT CONTROLS

     All of our products are subject to U.S. export control laws and applicable
foreign government import, export and/or use restrictions. Minimal U.S. export
restrictions apply to all products, whether or not they perform encryption
functions.

     Exports of commercial products using encryption are regulated by the Export
Administration Regulations of the U.S. Department of Commerce. Under regulations


                                       14
<PAGE>

issued by the Department of Commerce in January 2000, encryption products of any
key length, including general purpose encryption toolkits such as our RSA BSAFE
products, may be exported, after a one-time technical review, to all end-users
other than governmental end-users. Encryption products may be exported to
governmental end-users under special Encryption Licensing Arrangements or
individual export licenses that may be issued at the discretion of the
Department of Commerce. In October 2000, the Department of Commerce further
revised the Export Administration Regulations to remove the export licensing
requirement for shipments to governmental end-users in 23 countries, including
most of the United States' major trading partners. We believe that we have
completed the necessary technical reviews of the products and services we
currently export, but products we acquire such as the Xcert and Securant
products, may require technical review before we can export them. Following
export of certain of our products, we will be subject to various post-shipment
reporting requirements.

     The export regulations may be modified at any time. In light of the
September 11, 2001 terrorist attacks on New York and Washington, D.C. and
ongoing discussions regarding anti-terrorism legislation in the United States
Congress, there may be an increased risk that export regulations may be modified
in the future. In the event of any such modification, there can be no assurance
that we will be authorized to export encryption products from the United States
without a license in the future. In the event of such a modification, we might
be at a disadvantage in competing for international sales compared to companies
located outside of the United States that would not be subject to such
restrictions.

EMPLOYEES

     At September 30, 2001, we employed 1,416 employees, of which 1,351 were
devoted to our e-security solutions segment and 65 were devoted to our RSA
Capital segment. No employees are covered by any collective bargaining
agreements. We believe that our relationships with our employees are good.

FACILITIES

     Our principal administrative, sales and marketing, research and development
and support facilities aggregate approximately 210,000 square feet of office
space and are located in Bedford, Massachusetts under non-cancelable ten year
leases expiring in August 2008. We entered into an operating lease agreement in
November 2000 for a new corporate headquarters facility that is currently under
construction. The new headquarters facility will be located in Bedford,
Massachusetts, and construction of the approximately 328,000 square foot
facility is expected to be completed in April 2002. We intend to sublease our
existing principal facilities once we move into the new facility. We also lease
approximately 58,000 square feet of office space for research and development
and sales and marketing in San Mateo, California under non-cancelable ten-year
leases expiring in 2008. In addition, we lease facilities for administration,
field sales, research and development, manufacturing and customer support
throughout the United States, Canada, Asia, Australia and Europe.


                                       15
<PAGE>

     During 2000, we purchased an approximately 31,000 square foot office
building in Bracknell, United Kingdom. This building is used as our
administration, sales and marketing headquarters for our European operations.

     In connection with the consolidation of certain operations commencing in
January 1999, we sublet to third parties a total of approximately 50,000 square
feet of our facilities at various locations, expiring through June 2002. In
addition, as of September 30, 2001 our facility obligations included
approximately $4.9 million per year for facilities for which we are actively
seeking sublease tenants.


                                   SIGNATURES

     Pursuant to the requirements of the Securities Exchange Act of 1934, as
amended, the Registrant has duly caused this report to be signed on its behalf
by the undersigned hereunto duly authorized.


Dated: October 15, 2001              RSA SECURITY INC.
                                     (Registrant)

                                     By: /s/ John F. Kennedy
                                         -----------------------------------
                                         John F. Kennedy
                                         Senior Vice President, Finance and
                                         Operations, and Chief Financial Officer


                                       16