SEC Filing | VeriSign, Inc.

- -------------------------------------------------------------------------------- - -------------------------------------------------------------------------------- UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 ---------------- FORM 10-K (Mark One) [X]ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE YEAR ENDED DECEMBER 31, 1998 OR [_]TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 FOR THE TRANSITION PERIOD FROM TO COMMISSION FILE NUMBER: 000-23593 VERISIGN, INC. (Exact name of registrant as specified in its charter) DELAWARE 94-3221585 (State or other jurisdiction of (I.R.S. Employer incorporation or organization) Identification No.) 1390 SHOREBIRD WAY, MOUNTAIN VIEW, CA 94043-1338 (Address of principal executive offices) (Zip Code) Registrant's telephone number, including area code: (650) 961-7500 Securities registered pursuant to Section 12(b) of the Act: None Securities registered pursuant to Section 12(g) of the Act: Common Stock Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. YES [X] NO [_] Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of the registrant's knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K. [X] The aggregate market value of the common stock held by non-affiliates of the registrant as of January 31, 1999 was approximately $7,795,000,000. The number of shares outstanding of the registrant's common stock as of January 31, 1999 was 24,850,356. DOCUMENTS INCORPORATED BY REFERENCE Portions of the definitive Proxy Statement to be delivered to stockholders in connection with the Notice of Annual Meeting of Stockholders to be held on May 27, 1999 are incorporated by reference into Part II. - -------------------------------------------------------------------------------- - --------------------------------------------------------------------------------

TABLE OF CONTENTS Page ---- PART I Item 1. Business.............................................................................. 3 Item 2. Properties............................................................................ 16 Item 3. Legal Proceedings..................................................................... 16 Item 4. Submission of Matters to a Vote of Security Holders................................... 16 Item 4A. Executive Officers of the Registrant.................................................. 16 PART II Item 5. Market for Registrant's Common Stock and Related Shareholder Matters.................. 18 Item 6. Selected Financial Data............................................................... 19 Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations. 20 Item 7A. Quantitative and Qualitative Disclosures About Market Risk............................ 33 Item 8. Financial Statements and Supplemental Data............................................ 34 Item 9. Changes In and Disagreements With Accountants on Accounting and Financial Disclosure.. 35 PART III Item 10. Directors and Executive Officers of the Registrant.................................... 36 Item 11. Executive Compensation................................................................ 36 Item 12. Security Ownership of Certain Beneficial Owners and Management........................ 36 Item 13. Certain Relationships and Related Transactions........................................ 36 PART IV Item 14.Exhibits, Financial Statement Schedule, and Reports on Form 8-K........................ 37 Signatures..................................................................................... 40 Summary of Trademarks.......................................................................... 41 Financial Statements........................................................................... 42 Exhibits....................................................................................... 64 2

Forward-Looking Statements Except for historical information, this Report contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. Such forward-looking statements involve risks and uncertainties, including, among other things, statements regarding our anticipated costs and expenses, revenue mix and plans for addressing Year 2000 issues. Such forward-looking statements include, among others, those statements including the words "expects," "anticipates," "intends," "believes" and similar language. Our actual results may differ significantly from those projected in the forward-looking statements. Factors that might cause or contribute to such differences include, but are not limited to, those discussed in the section "Management's Discussion and Analysis of Financial Condition and Results of Operations--Factors That May Affect Future Results of Operations." You should carefully review the risks described in other documents we file from time to time with the Securities and Exchange Commission, including the Quarterly Reports on Form 10-Q that we will file in 1999. You are cautioned not to place undue reliance on the forward-looking statements, which speak only as of the date of this Annual Report on Form 10-K. We undertake no obligation to publicly release any revisions to the forward-looking statements or reflect events or circumstances after the date of this document. PART I ITEM 1. BUSINESS VeriSign is the leading provider of Internet-based trust services needed by websites, enterprises and individuals to conduct trusted and secure electronic commerce and communications over the Internet, intranets and extranets, which we refer to as IP networks. We have established strategic relationships with industry leaders, including AT&T, BT, Cisco, Microsoft, Netscape, Network Associates, RSA, Security Dynamics and VISA, to enable widespread utilization of our digital certificate services and to assure their interoperability with a wide variety of applications and network equipment. We have used our secure online infrastructure to issue over 100,000 of our website digital certificates and over 3.5 million of our digital certificates for individuals. We believe that we have issued more digital certificates than any other company in the world. Our Website Digital Certificate services are used by over 400 of the Fortune 500 companies and all of the top 25 electronic commerce websites as listed by Jupiter Communications. We also offer the VeriSign OnSite service, which allows an organization to leverage our trusted service infrastructure to develop and deploy customized digital certificate services for use by its employees, customers and business partners. Over 300 enterprises have subscribed to the OnSite service since its introduction in November 1997, including Bank of America, Hewlett-Packard, the Internal Revenue Service, Kodak, Sumitomo Bank, Texas Instruments and USWest. We market our Internet-based trust services worldwide through multiple distribution channels, including the Internet, direct sales, telesales, VARs, systems integrators and our affiliates. VeriSign's Trust Services VeriSign's Internet-based trust services are built upon its proprietary WorldTrust software platform, scalable operations infrastructure and comprehensive security and trust practices. Our secure data centers, designed to provide carrier-class reliability with advanced security procedures, allow the issuance and management of millions of digital certificates. Furthermore, because we have worked with industry leaders to embed our digital certificate interface technology into a wide range of software applications and network equipment, such as Netscape and Microsoft browsers and servers and Cisco routers, our services are interoperable with a wide range of IP-based applications. By providing a trusted platform for commerce and communications, we are able to offer services to customers with a wide range of needs. Our service offerings are targeted towards three primary areas: Website Digital Certificate services, Enterprise Digital Certificate services and VeriSign Affiliate Certificate services. 3

Website Digital Certificate Services VeriSign's family of Website Digital Certificate services allows organizations to implement and operate secure websites that utilize the SSL protocol to establish their identity to customers and other websites during electronic commerce transactions and communications over the Internet. Prior to issuing a digital certificate for a website's server, we establish the authenticity of the website through a series of background checks, including corroborating an organization's authority to do business under a given name and their authority to operate a server with a specific domain name or URL. These practices protect organizations against another entity impersonating their identity and allow online visitors and customers to conduct private transactions and communications. Without a digital certificate installed on the website server the SSL protocol cannot be utilized. Our Website Digital Certificate services are utilized by a broad range of merchant, financial and government websites as well as for intranet applications. We currently offer several distinct versions of our Website Digital Certificate services, each differentiated by the target application of the server that hosts the digital certificate. . Secure Server digital certificates constitute the core service offering and enable websites to implement basic SSL security features between their sites and individual end-user browsers. . Global Server digital certificates allow U.S. corporations and certain global financial services enterprises to offer stronger 128-bit encrypted SSL sessions between their websites and specially configured end-user browsers from Netscape and Microsoft. . Financial Server digital certificates are used by financial institutions for authentication of their websites and to enable the secure exchange of data between these organizations and home banking, brokerage or insurance customers. . EDI Server digital certificates are designed for organizations or individuals who participate in large online trading networks, support a variety of Electronic Data Interchange (EDI) standards and potentially require each transaction to be digitally signed to ensure non- repudiation. . Content Signing digital certificates enable content providers, publishers and vendors to digitally sign their content or Internet subscription "channels" in order to ensure authenticity and integrity of the content delivered to end-users. Our Website Digital Certificate services are offered on an annual subscription basis for prices between $250 and $1,200 per server per year, depending on the version of digital certificate requested and the overall volume of website digital certificates used by the customer. Customers can subscribe to the Website Digital Certificate services through the VeriSign website, through selected international service providers or through VeriSign's Enterprise Digital Certificate services. Enterprise Digital Certificate Services VeriSign's Enterprise Digital Certificate services, sold predominantly under the VeriSign OnSite brand, are tailored to meet the specific needs of corporations, financial institutions, government agencies and other organizations that wish to issue digital certificates to employees, customers, citizens or trading partners. Our OnSite service is designed to support a wide range of digital certificate needs for both small and large user communities. OnSite can be used by customers to provide digital certificates for a variety of applications, including: controlling access to sensitive data and account information, enabling digitally-signed e-mail, creating an online electronic trading community, managing supply chain interaction or facilitating and protecting online credit card transactions. The OnSite service is designed to offer customers ease of use at a low initial investment combined with broad flexibility and scalability. OnSite services vary based on the nature and complexity of the application and the degree of control customers desire to maintain. To expand and complement OnSite, VeriSign's professional services group employs experts in digital certificate architecture and application integration. Our professional services group provides a variety of design, 4

development and implementation services. These services include integration with existing applications and databases, consulting on policies and procedures related to the management and deployment of digital certificates, training classes on the latest developments in security technology and the selection of enabled software and hardware to complement a digital certificate solution. The OnSite service is offered as an annual subscription service with pricing dependent upon the number of users to be supported, the complexity of the applications and the number of additional services provided. Pricing typically ranges from $10,000 to $500,000 per year. Customers can subscribe to the OnSite service through the VeriSign website, the direct sales force, selected international service providers or system integrators. VeriSign Affiliate Certificate Services VeriSign Affiliate Certificate Services are targeted at a wide variety of organizations that provide large-scale electronic commerce and communications services over IP networks. Examples include telecommunications companies, Internet Service Providers, or ISPs, financial and other professional services firms and businesses that operate Internet-based "communities of interest," such as a web portal. These companies typically desire to offer digital certificate services to their customers under either the VeriSign brand or a co-branding relationship. In many cases, these digital certificate services are integrated with other value-added services offered by the organization. For example, an ISP may offer website digital certificates in conjunction with its website hosting services for small and medium size businesses, while a community of interest operator may offer digital certificates to each member of the community in order to support user authentication and secure messaging services. VeriSign designates these types of organizations "VeriSign Affiliates" and provides them with a combination of technology, support and marketing services to facilitate their initial deployment and on-going delivery of digital certificate services. VeriSign Affiliate Certificate Services are delivered through either the VeriSign Service Center or VeriSign Processing Center offerings. Both offerings are based on the WorldTrust software platform and enable a licensed VeriSign Affiliate to offer one or more types of digital certificate services. VeriSign Service Center. The VeriSign Service Center provides a VeriSign Affiliate with all of the capabilities needed to perform subscriber enrollment and authentication, digital certificate issuance, directory hosting, customer support, billing integration and report generation from within their facilities while leveraging VeriSign's secure data centers for back-end processing. VeriSign Processing Center. The VeriSign Processing Center provides a VeriSign Affiliate with all of the capabilities of the Service Center plus the WorldTrust modules required to perform all certificate processing functions from within their own secure data center. VeriSign also provides each VeriSign Affiliate with the appropriate business readiness services to facilitate the efficient and timely roll-out of their digital certificate offerings. These readiness services may include Service or Processing Center installation and integration services, facility and network design consulting, technical and customer support documentation and training, sales and marketing support, operating practice templates and local market customization. VeriSign Affiliates that agree to conform to certain standards are also offered membership in the global VeriSign Trust Network, an international network of digital certificate service providers that operate with common technology, infrastructure and practices to enable digital certificate interoperability on a worldwide basis. Current VeriSign Trust Network members include BT in the U.K., CertPlus in France, Acer HiTrust in Taiwan, VeriSign Japan in Japan and the South African Certification Authority (SACA) in South Africa. VeriSign has also recently entered into a similar agreement with an organization in Germany. VeriSign Affiliates typically enter into a technology licensing and revenue sharing agreement with VeriSign whereby VeriSign receives up-front licensing fees for the Service Center or Processing Center 5

technology, as well as ongoing royalties for each digital certificate issued by the VeriSign Affiliate. Initial licensing fees typically range from $250,000 to $2 million, and royalties can range from 20% to 50% of the net revenue received by the VeriSign Affiliate for each digital certificate. Customers and Markets VeriSign has a broad customer base from a variety of industry groups that require trusted and secure electronic commerce and communications over IP networks. Following is a representative list of customers that have purchased VeriSign's services: Financial Services Telecommunications Manufacturing/Transportation - -------------------- -------------------------- ------------------------------- American Skandia Insurance AT&T CSX Barclay's Bank BellSouth Eastman Kodak Bank of America British Telecommunications Ford Motor Company Deutsche Bank Japan Communication Gillette First Union Bank MCI--Worldcom Miller Brewing Company First USA Paymentech NTT Communications United Parcel Service Merrill Lynch US West Morgan Stanley Dean Witter Government ------------------------------- Royal Bank of Canada Technology Department of Agriculture -------------------------- Sumitomo Bank EDS Department of Justice TransUnion Hewlett-Packard Federal Bureau of Investigation VISA Intuit Internal Revenue Service Netscape National Security Agency NEC Patent & Trademark Office NTT Data Social Security Administration Texas Instruments U.S. Army Veteran's Administration VISA accounted for approximately 10% of our revenues in 1997 and 21% of our revenues in 1996. No other customer accounted for 10% or more of our revenues during 1998, 1997 or 1996. The following examples illustrate how certain organizations use our Internet- based trust services to enable trusted and secure electronic commerce and communications. These customers have purchased VeriSign OnSite, integration modules and professional services from VeriSign and are able to issue digital certificates to their clients, customers or employees to communicate and conduct transactions over IP networks. Banking. A large U.S.-based bank provides a variety of services for consumers, corporations and governments. The bank is utilizing IP networks and digital certificates to provide its services to existing customers as well as reaching new customers where physical branch locations do not exist. These services include cash management and treasury applications for its corporate clients, consumer-based home banking services for its customers and secure e- mail for its employees over the Internet. We believe that providing such services securely over IP networks will allow the bank to generate additional revenue, reduce operating costs and improve customer service. Global Automobile Manufacturer. A global automobile manufacturer intends to use IP networks and digital certificates for a variety of applications including: automating its requisition systems to eliminate paperwork; providing single sign-on capabilities to employees for all its disparate computer systems; participation in the Automotive Network Exchange enabling electronic transactions with global automotive parts suppliers; and connecting its retail dealer network to a centralized information system providing order information and inventory status. 6

Global Semiconductor Manufacturer. A global semiconductor manufacturer intends to use IP networks and digital certificates for a variety of applications including: enabling customers to check order status; providing customers and design consultants secure remote access to its proprietary design tools for the design of application specific integrated circuits; the integration of its logistics management software with a web-based interface enabling centralized monitoring of its global manufacturing operations; and the implementation of secure e-mail for all of that company's global employees. Technology VeriSign employs a modular set of software applications and toolkits, which collectively make up its proprietary WorldTrust platform, as the core platform for all of its Internet-based trust services. The modular design of the WorldTrust platform enables our trust services to be distributed over one or many co-located or dispersed computer systems, allowing certain functions of the certification process, such as registration, authentication, issuance, revocation, renewal or replacement, to be deployed at customer or affiliate locations while maintaining a secure and reliable link to one of our secure data centers for back-end processing. These modules can also be replicated in order to handle increased volumes of digital certificates. Digital certificate service modules incorporated in the WorldTrust platform include: Subscriber Services Module. Our subscriber services module supports requests for digital certificate issuance, revocation, renewal and replacement. Software toolkits are provided to permit rapid customization and integration of digital certificate services with a customer's business-specific web-based solutions. Authentication Services Module. Our authentication services module supports manual, automated and delegated authentication of subscribers by designated sources prior to digital certificate issuance. We provide software toolkits and programming interfaces to allow for integration with various process models and database systems. Administration and Support Modules. Our administration and support modules provide lifecycle services such as digital certificate revocation, renewal and reissuance, as well as a customer support knowledge base to facilitate general reporting of CA activity, and web-based and e-mail-based support for customers and end users. Directory Services Module. Our directory services module utilizes database applications typically hosted at one of our secure data centers to support the storage of and access to digital certificates and associated information for a particular customer. VeriSign OnSite customers and our affiliates can also download updated copies of their directory information to their systems. Service Control Module. Our service control module is hosted at one of our secure data centers and acts as a gatekeeper, decoding and routing all digital certificate service requests based on customer type, application type, security protocol, authentication policies, certificate content and billing rules. This module utilizes a proprietary, data-driven programming model to define each service and dispatch the appropriate control and error commands to other modules. Digital Certificate Processing Module. Our digital certificate processing module is hosted at one of our secure data centers and creates digital certificates with digital signatures on each certificate, delivers digital certificates to subscribers and stores a copy of each digital certificate for archive, audit and directory purposes. Infrastructure VeriSign believes that its highly reliable and scalable operations infrastructure represents a strategic advantage in providing Internet-based trust services. Our secure data centers are located in Mountain View, California and Kawasaki, Japan. Our international affiliates also operate secure data centers in their geographic areas. These centers operate on a 24 hour, 7 days per week basis and support all aspects of our Internet-based 7

trust services. VeriSign guarantees that a customer's services are operational on a 24 hour, 7 days per week basis, except for scheduled downtime. By leveraging our WorldTrust platform, we can distribute certain functionality of our secure data centers in optimum configurations based on customer requirements for availability and capacity. Key features of our infrastructure include: Distributed Servers. We deploy a large number of high-speed servers to support capacity and availability demands. We can add additional servers to support increases in digital certificate volumes, new services introductions, new customers and higher levels of redundancy without service interruptions or response time degradation. The WorldTrust platform provides automatic fail- over, load balancing and threshold monitoring on critical servers. Advanced Telecommunications. We deploy and maintain redundant telecommunications and routing hardware and maintain high-speed connections to multiple ISPs and throughout our internal network to ensure that our mission critical services are readily accessible to customers at all times. Network Security. We incorporate advanced architectural concepts such as protected domains, restricted nodes and distributed access control in our system architecture. We have also developed proprietary communications protocols within and between the WorldTrust platform modules that we believe can prevent most known forms of electronic attacks. In addition, we employ the latest network security technologies including firewalls and intrusion detection software, and contract with security consultants who perform periodic attacks and security risk assessments. We will continue to evaluate and deploy new technological defenses as they become available. See "Management's Discussion and Analysis of Financial Condition and Results of Operations-- Factors That May Affect Future Results of Operations--System interruptions and security breaches could harm our business." Call Center and Help Desk. We provide a wide range of customer support services through a phone-based call center, e-mail help desk and web-based self-help system. Our call center is staffed from 5 a.m. to 6 p.m. PST and employs an automated call director system. The web-based support services are available on a 24 hour, 7 days per week basis, utilizing customized auto response systems to provide self-help recommendations and a staff of trained customer support agents. Disaster Recovery Plans. Although we believe our operations facilities are highly resistant to systems failure and sabotage, we have developed a disaster recovery and contingency operation plan. We also have an agreement with Comdisco Corporation to provide replication of customer data, facilities and systems at another site so that all of our services can be re-instated within 24 hours of a failure. In addition, all of our digital certificate services are linked to advanced storage systems that provide data protection through techniques such as mirroring and replication. See "Management's Discussion and Analysis of Financial Condition and Results of Operations--Factors That May Affect Future Results of Operations--System interruptions and security breaches could harm our business." International Affiliates. VeriSign's international affiliates are required to build, implement and maintain their infrastructure according to VeriSign's requirements. VeriSign currently has affiliates located in France (CertPlus), Japan (VeriSign Japan), South Africa (SACA), Taiwan (Acer HiTrust) and the United Kingdom (BT). We have also recently entered into agreements with affiliates in Germany and the Netherlands. Security and Trust Practices VeriSign believes that its perceived level of trustworthiness will continue to be a significant determining factor in the acceptance of its Internet-based trust services. We believe that our reputation as a trusted party is based, to a large extent, on both the security of our physical infrastructure and the special practices used in our operations, which include our secure data centers incorporating state-of-the-art physical and network security. We believe we have established a leadership role in defining and adhering to industry- endorsed trust practices 8

and policies, a role we believe enhances our perceived trustworthiness as a provider of Internet-based trust services. Over the past three years, we have invested, and continue to invest, capital and human resources in the following key areas: Employees. We use stringent hiring and personnel management practices for all operations and certain engineering personnel as well as all executive management. We utilize a licensed private investigation firm to conduct background checks into potential employees' criminal and financial histories and conduct periodic investigations of such personnel on an ongoing basis. Security Monitoring Systems. We have sophisticated access control and monitoring systems that help prevent unauthorized access to secure areas and provide 24 hour, 7 days per week monitoring and logging of activities within our facilities. These systems include electronic key and biometric access control devices, video monitoring and recording devices, deployment and automatic arming of motion detectors, glass breakage detectors and remote alarm system monitoring. Site Construction. Our secure data centers have been built using construction techniques modeled after U.S. Army specifications for facilities accredited to handle classified information and contain a robust set of physical and environmental defenses. These defenses include double layer, slab-to-slab wall design, self-closing and locking metal doors at all secure entrances, man traps, tamper proof enclosures for cryptographic materials and fire prevention systems. Back-up Power Systems. We have invested in back-up power systems that automatically activate in the event of a failure in our primary power sources. These include uninterruptible power supply systems and a diesel generator and fuel supply. To ensure reliability, these systems are tested on a periodic basis. Audits. Our Practices and External Affairs Department periodically performs, and retains accredited third parties to perform, audits of our operational procedures under both internally-developed procedures and externally-recognized standards. Practices. Our Practices and External Affairs Department is responsible for the development of VeriSign's practices for issuing and managing digital certificates. These practices are set forth in our Certification Practice Statement, which we provide in order to assure potential customers and strategic partners as to the trustworthiness of our Internet-based trust services. The Practices and External Affairs Department is also responsible for our accountability and security controls and regularly monitors all aspects of our secure data centers. Policy Making Activities. The Practices and External Affairs Department also takes a leading role in a variety of organizations that are defining standards for trusted and secure electronic commerce and communications over IP networks. For example, we actively participate in the United Nations Commission on International Trade Law, which created the United Nations Model Law on Electronic Commerce, the American Bar Association's Information Security Committee, Section of Science and Technology, which has drafted digital signature guidelines, the International Chamber of Commerce ETERM Working Party, which is chaired by VeriSign's Vice President of Practices and External Affairs, and the U.S. State Department Advisory Committee on Electronic Commerce. Strategic Relationships VeriSign has established strategic relationships with leading companies across a number of industry segments. We currently maintain strategic relationships with AT&T, BT, Cisco, Microsoft, Netscape, Network Associates, Security Dynamics and VISA. AT&T. We have an agreement with AT&T in which AT&T offers our digital certificates in conjunction with AT&T's Internet services. AT&T acts as a CA and issues digital certificates on a co-branded basis. 9

British Telecommunications. BT is a member of our international affiliate program. BT issues digital certificates and provides a range of services for secure Internet access and electronic commerce on a co-branded basis. With our support, BT has established CA infrastructure in the U.K., including the creation of a secure data center that adheres to our site construction specifications. We have agreed to collaborate to develop legal practices and policies to maintain compliance with U.K. and European-based regulations and standards as they emerge. Cisco. Our technology is incorporated in Cisco's Internetwork Operating System through the use of the jointly developed Certificate Request Syntax (CRS) protocol, which enables digital certificate functionality in a variety of Cisco's networking products. As a result, IP networks utilizing Cisco network devices such as routers and firewalls support applications that rely on VeriSign digital certificates for authentication and network management. We also engage in a variety of joint marketing efforts with Cisco. Cisco is one of our stockholders. Microsoft. We work with Microsoft to develop, promote and distribute a variety of client-based and server-based digital certificate services and we have been designated as the preferred provider of digital certificates for Microsoft customers. Our technology has been embedded in Microsoft's Internet Explorer since version 2.0, allowing users to uniquely identify themselves to web servers and securely access information over the Internet. In addition, users can easily obtain their own digital certificate for use with Explorer by registering on our website for our digital certificates. We also provide Secure Server digital certificates for Microsoft's Internet Information Server product. VeriSign's services can be used in conjunction with Microsoft Outlook 98 to enable the delivery of secure email in extranet applications. In addition, in September 1998, VeriSign and Microsoft announced plans for enhanced integration of our digital certificate services with Microsoft Exchange Server 5.5. The new capability offers a secure email extranet "gateway" service which will allow Exchange Server customers to issue and manage digital certificates within the global VeriSign Trust Network. VeriSign and Microsoft also jointly promote a set of technologies and security policies for the secure authentication and distribution of software over the Internet and engage in other joint marketing activities. Microsoft is one of our stockholders. Netscape. We work with Netscape on a variety of technology projects and joint marketing activities. Our technology has been embedded in Netscape's Navigator since version 1.1 and in Netscape's Communicator since version 4.0. We also have an agreement with Netscape that provides that Netscape feature us as a premier provider of digital certificates on the Netscape website and also provides for VeriSign to have a first right of participation for any new Netscape products incorporating digital certificate technology. Users of Netscape browsers can easily enroll for standard VeriSign digital certificates using Netscape products. Netscape's SuiteSpot product, including versions with 128-bit encryption capabilities, can also utilize our Secure Server and Global Server digital certificates. We also support Netscape's object-signing technology, enabling software developers to digitally sign Java and JavaScript objects in order to authenticate the developer's identity and assure end users that the downloaded objects have not been tampered with or modified. Network Associates. We have a strategic relationship with Network Associates with the goal of enabling cross product support and promotion of each company's digital certificate-based enterprise security solutions. Network Associates' Net Tools Secure products will be able to communicate securely with each other using our Internet-based trust services and will be enabled to automatically administer the essential functions of running a digital certificate infrastructure. Our digital certificate services will be used with Network Associates' applications to allow customers to deploy and manage a security solution in which their firewalls, security vulnerability scanners, encryption applications and virtual private network products are integrated to more effectively prevent security breaches. Customers utilizing this joint product integration will be able to use our services to manage digital certificates for Network Associates' Net Tools Secure product suite, thereby allowing enterprise customers to establish themselves as a CA. We also engage in a variety of joint marketing efforts with Network Associates. We currently have no written agreement with Network Associates. Security Dynamics. We have an agreement with Security Dynamics under which Security Dynamics will incorporate custom digital certificate technology developed by VeriSign into Security Dynamics' future 10

products. Security Dynamics has also agreed to be a reseller of certain VeriSign OEM technology. We believe Security Dynamics is a market leader in enterprise security and that, by including our technology in Security Dynamics' products, we will have a broader potential market for our digital certificate services. Security Dynamics, through a controlled entity, holds more than 5% of our common stock. VISA. We have an agreement with VISA under which we provide SET digital certificate services to VISA on behalf of its member banks, enabling them to offer branded SET-compliant digital certificates to their cardholders and merchants. VISA is a stockholder of VeriSign. Marketing, Sales and Distribution Marketing VeriSign utilizes a variety of marketing programs to increase brand awareness. In addition to joint marketing arrangements, we also engage in a variety of direct marketing programs focused on owners of web servers, home and business PC users and enterprise professionals in mid-sized and large organizations. We address these customers through outbound e-mail, telemarketing and printed mail campaigns to stimulate product trial, purchase and usage. We also use banner ads that link to our website and participate in industry-specific events, trade shows, executive seminars, industry association activities and various national and international standards bodies. We have 36 employees engaged in marketing activities. Sales and Distribution VeriSign markets its Internet-based trust services worldwide through multiple distribution channels. These sales and service groups are based in our headquarters in Mountain View, California, and in several field offices in the United States. We also market our Internet-based trust services through other distribution channels, including telesales, VARs, systems integrators and our affiliates. Outside the United States, VeriSign markets its Internet-based trust services directly over the Internet and through reseller and affiliate relationships-- the global VeriSign Trust Network. Except for VeriSign Japan, the members of the global VeriSign Trust Network sell and support VeriSign Internet-based trust services both within their local countries and certain other foreign countries where we do not operate through a direct sales subsidiary. In Japan, we market our Internet-based trust services through VeriSign Japan, which maintains a secure data center in Kawasaki, Japan, and employed 28 persons as of December 31, 1998. Revenues from VeriSign Japan and other international customers were 4% in 1996, 9% in 1997 and 14% in 1998. Internet Sales. VeriSign distributes many of its Internet-based trust services through its website. We believe that Internet distribution is particularly well-suited for sales of certain of our website authentication products and Internet-based trust services. We also use our website to assist in disseminating services information and in generating services trials. Direct Sales. VeriSign's direct sales force targets mid-sized and large corporations, financial institutions, commercial Web sites and federal and state government agencies. We believe that these organizations have a substantial installed base of PCs, web servers, IP networks and high-speed access to the Internet and are most likely to be able to benefit quickly from the use of digital certificates. The direct sales force also targets international organizations that we believe are the most suitable to act as VeriSign affiliates. As of December 31, 1998, we had 60 direct sales and sales support employees in the United States, while the international direct sales and sales support groups consisted of 10 employees. Telesales. During 1998 we commenced our own internal telemarketing operation that is responsible for customer prospecting, lead generation and lead follow- up. This marketing activity qualifies leads for further follow up by the direct sales force or inside sales team or leads the prospect to our website so that the prospect can access information and enroll for our Internet-based trust services. 11

VARs and Systems Integrators. VeriSign works with VARs and systems integrators to package and sell its Internet-based trust services. We also have a VeriSign Business Partner Program that allows ISPs to offer Secure Server digital certificates as an integral part of their secure web hosting services. Research and Development We believe that our future success will depend in large part on our ability to continue to maintain and enhance our current technologies and Internet-based trust services. To this end, we leverage the modular nature of our WorldTrust platform to enable us to develop enhancements rapidly and to deliver complementary new Internet-based trust services. In the past, we have developed Internet-based trust services both independently and through efforts with leading application developers and major customers. We have also, in certain circumstances, acquired or licensed technology from third parties, including public key cryptography technology from RSA. Although we will continue to work closely with developers and major customers in our development efforts, we expect that most of our future enhancements to existing services and new Internet-based trust services will be developed internally. As of December 31, 1998, VeriSign had 65 employees dedicated to research and development. We also employ independent contractors for documentation, usability, artistic design and editorial review. Research and development expenses were $8.4 million in 1998, $5.3 million in 1997 and $2.1 million in 1996. To date, all development costs have been expensed as incurred. We believe that timely development of new and enhanced Internet-based trust services and technology are necessary to remain competitive in the marketplace. Accordingly, VeriSign intends to continue recruiting and hiring experienced research and development personnel and to make other investments in research and development. The market for digital certificate products and related services is an emerging market characterized by rapid technological developments, frequent new product introductions and evolving industry standards. The emerging nature of this market and its rapid evolution will require that we continually improve the performance, features and reliability of our Internet-based trust services, particularly in response to competitive offerings and that we introduce new Internet-based trust services or enhancements to existing Internet-based trust services as quickly as possible and prior to our competitors. The success of new introductions is dependent on several factors, including proper new definition, timely completion and introduction of new services, differentiation of new services from those of our competitors and market acceptance of our new Internet-based trust services. There can be no assurance that we will be successful in developing and marketing new Internet-based trust services that respond to competitive and technological developments and changing customer needs. Our failure to develop and introduce new Internet-based trust services successfully on a timely basis and to achieve market acceptance for such Internet-based trust services could have a material adverse effect on our business, operating results and financial condition. In addition, the widespread adoption of new Internet, networking or telecommunication technologies or standards or other technological changes could require that we make substantial expenditures to modify or adapt our Internet-based trust services. To the extent that a specific method other than digital certificates is adopted to enable trusted and secure electronic commerce and communications over IP networks, sales of VeriSign's existing and planned Internet-based trust services would be adversely affected and our Internet-based trust services could be rendered unmarketable or obsolete, which would have a material adverse effect on our business, operating results and financial condition. We believe that there is a time-limited opportunity to achieve market share. We may not be successful in achieving widespread acceptance of our Internet-based trust services or in achieving market share before competitors offer products and services with features similar to our current offerings. Any such failure by us could materially harm our business. Customer Support We believe that a high level of customer support for customers as well as end users of digital certificates is necessary to achieve acceptance of our Internet-based trust services. We provide a wide range of customer 12

support services through a staff of customer service personnel, call center, e- mail help desk and a web-based self-help system. Since we first introduced our Internet-based trust services over three years ago, we have developed a substantial knowledge base of customer support information based on our customer interactions and we believe that this offers us a competitive advantage. Our call center is staffed from 5 a.m. to 6 p.m. PST and employs an automated call director system to provide self-help services and, if necessary, to route support calls to available support personnel. We also offer web-based support services that are available on a 24 hour, 7 days per week basis and that are frequently updated to improve existing information and to support new services. Our e-mail customer support service utilizes customized auto response systems to provide self-help recommendations and also utilizes a staff of trained customer support agents who typically respond to customer inquiries within 24 hours. As of December 31, 1998, we had 86 employees in our customer support organization. We also employ technical support personnel who work directly with our direct sales force, distributors and customers of our electronic commerce and enterprise solutions. Our annual maintenance agreements for our electronic commerce and enterprise solutions include technical support and upgrades. We also provide training programs for enterprise customers of our Internet-based trust services. Competition Our Internet-based trust services are targeted at the new and rapidly evolving market for trusted and secure electronic commerce and communications over IP networks. Although the competitive environment in this market has yet to develop fully, we anticipate that it will be intensely competitive, subject to rapid change and significantly affected by new product and service introductions and other market activities of industry participants. Our principal competitors generally fall within one of three categories: (1) companies such as Entrust Technologies which offer software applications and related digital certificate products that customers operate themselves; (2) companies such as Digital Signature Trust Company (a subsidiary of Zions Bancorporation) that primarily offer digital certificate and CA related services; and (3) companies focused on providing a bundled offering of products and services such as GTE CyberTrust and IBM (working jointly with Equifax). We also experience competition from a number of smaller companies, and we believe that our primary long-term competitors may not yet have entered the market. Netscape has introduced software products that enable the issuance and management of digital certificates, and we believe that other companies could introduce such products. Additional companies could offer digital certificate solutions that are competitive with ours. Several of our current and potential competitors have longer operating histories and significantly greater financial, technical, marketing and other resources than we do and therefore may be able to respond more quickly than we can to new or changing opportunities, technologies, standards and customer requirements. Many of these competitors also have broader and more established distribution channels that may be used to deliver competing products or services directly to customers through bundling or other means. If such competitors were to bundle competing products or services for their customers, the demand for our products and services might be substantially reduced and our ability to distribute our products successfully and the utilization of our services would be substantially diminished. In addition, browser companies that embed our interface technologies or otherwise feature VeriSign as a provider of digital certificate solutions in their web browsers or on their websites could also promote our competitors or charge VeriSign substantial fees for such promotions in the future. New technologies and the expansion of existing technologies may increase the competitive pressures on us. There can be no assurance that competing technologies developed by others or the emergence of new industry standards will not adversely affect our competitive position or render our Internet-based trust services or technologies noncompetitive or obsolete. In addition, the market for digital certificates is nascent and is characterized by announcements of collaborative relationships involving our competitors. The existence or announcement of such relationships could adversely affect our ability to attract and retain customers. As a result of the foregoing and other factors, we may not be able to compete effectively with current or future competitors and competitive pressures that we face could materially harm our business. 13

In connection with our first round of financing, RSA contributed certain technology to us and entered into a noncompetition agreement with us pursuant to which RSA agreed that it would not compete with our CA business for a period of five years. This noncompetition agreement will expire in April 2000. We believe that, because RSA, which is now a wholly-owned subsidiary of Security Dynamics, has already developed expertise in the area of cryptography, its barriers to entry would be lower than those that would be encountered by our other potential competitors should it choose to enter any of our markets. If RSA were to enter into the digital certificate market, our business could be materially harmed. Government Regulation Exports of software products utilizing encryption technology are generally restricted by the U.S. and various non-U.S. governments. Although we have obtained approval to export our Global Server digital certificate service and none of our other Internet-based trust services are currently subject to export controls under U.S. law, the list of products and countries for which export approval is required could be revised in the future to include more digital certificate products and related services. If we do not obtain required approvals we may not be able to sell certain Internet-based trust services in international markets. There are currently no federal laws or regulations that specifically control CAs, but a limited number of states have enacted legislation or regulations with respect to CAs. If the market for digital certificates grows, the U.S. federal or state or non-U.S. governments may choose to enact further regulations governing CAs or other providers of digital certificate products and related services. Such regulations or the costs of complying with such regulations could harm our business. Many companies conducting electronic commerce over IP networks do not collect sales or other similar taxes with respect to shipments of goods into other states or foreign countries or with respect to other transactions conducted between parties in different states or countries. It is possible that the U.S. federal or state or non-U.S. governments may seek to impose sales taxes on companies that engage in electronic commerce over IP networks. In the event that government bodies succeed in imposing sales or other taxes on electronic commerce, the growth of the use of IP networks for electronic commerce could slow substantially, which could materially harm our business. Due to the increasing popularity of IP networks, it is possible that laws and regulations may be enacted covering issues such as user privacy, pricing, content and quality of products and services. The increased attention focused upon these issues as a result of the adoption of other laws or regulations may reduce the rate of growth of IP networks, which in turn could result in decreased demand for our Internet-based trust services or could otherwise materially harm our business. Intellectual Property We rely primarily on a combination of copyrights, trademarks, trade secret laws, restrictions on disclosure and other methods to protect our intellectual property and trade secrets. We also enter into confidentiality agreements with our employees and consultants, and generally control access to and distribution of our documentation and other proprietary information. Despite these precautions, it may be possible for a third party to copy or otherwise obtain and use our intellectual property or trade secrets without authorization. In addition, there can be no assurance that others will not independently develop substantially equivalent intellectual property. There can be no assurance that the precautions we take will prevent misappropriation or infringement of our technology. We have also filed five applications for patents with respect to certain of our technology. However, the U.S. Patent and Trademark Office may not award any patents with respect to these applications. Even if patents are issued, they may not adequately protect this technology from infringement or prevent others from claiming our technology infringes that of third parties. Our failure to protect our intellectual property in a meaningful manner could materially harm our business. In addition, litigation may be necessary in the future to enforce our intellectual property rights, to protect our trade secrets or to determine the validity and scope of the proprietary rights of others. Such litigation could result in substantial costs and diversion of management and technical resources, either of which could materially harm our business. 14

We also rely on certain licensed third-party technology, such as public key cryptography technology licensed from RSA and other technology that is used in our Internet-based trust services to perform key functions. In particular, RSA has granted VeriSign a perpetual, royalty free, nonexclusive, worldwide license to distribute Internet-based trust services we develop that contain or incorporate the RSA BSAFE and TIPEM products and that relate to digital certificate issuing software, software for the management of private keys and for digitally signing computer files on behalf of others, software for customers to preview and forward digital certificate requests to us, or such other services that, in RSA's reasonable discretion, are reasonably necessary for the implementation of a digital certificate business. Our agreement with RSA also requires RSA to provide us maintenance and technical support for these services. RSA's BSAFE product is a software tool kit that allows for the integration of encryption and authentication features into software applications. TIPEM is a secure e-mail development tool kit that allows for secure e-mail messages to be sent using one vendor's e-mail product and read by another vendor's e-mail product. These third-party technology licenses may not continue to be available to VeriSign on commercially reasonable terms or at all. The loss of any of these technologies could materially harm our business. Moreover, in our current license agreements, the licensor has agreed to defend, indemnify and hold VeriSign harmless with respect to any claim by a third party that the licensed software infringes any patent or other proprietary right. Although these licenses are fully paid, there can be no assurance that the outcome of any litigation between the licensor and a third party or between VeriSign and a third party will not lead to obligations for us to pay royalties for which we are not indemnified or for which such indemnification is insufficient, or that we will be able to obtain any additional license on commercially reasonable terms or at all. In the future, we may seek to license additional technology to incorporate in our Internet-based trust services. Third party technology licenses that we may need to obtain in the future may not be available to us on commercially reasonable terms or at all. The loss of or inability to obtain or maintain any of these technology licenses could result in delays in introduction of our Internet-based trust services until equivalent technology, if available, is identified, licensed and integrated. This could materially harm our business. From time to time, we have received, and may receive in the future, notice of claims of infringement of other parties' proprietary rights. Infringement or other claims could be asserted or prosecuted against us in the future, and it is possible that past or future assertions or prosecutions could harm our business. Any such claims, with or without merit, could be time-consuming, result in costly litigation and diversion of technical and management personnel, cause delays in the release of new Internet-based trust services or require us to develop non-infringing technology or enter into royalty or licensing agreements. Such royalty or licensing agreements, if required, may not be available on terms acceptable to us, or at all. In the event of a successful claim of infringement against VeriSign and our failure or inability to develop non-infringing technology or license the infringed or similar technology on a timely basis, our business could be materially harmed. See "Management's Discussion and Analysis of Financial Condition and Results of Operations--Factors That May Affect Future Results--There are Risks Related to Intellectual Property Rights." Employees As of December 31, 1998, VeriSign had 315 full-time employees. Of the total, 106 were employed in sales and marketing, 65 in research and development, 86 in customer support, 7 in practices and external affairs, 4 in federal markets and 47 in finance and administration, including information services personnel. We have never had a work stoppage, and no employees are represented under collective bargaining agreements. We consider our relations with our employees to be good. Our ability to achieve our financial and operational objectives depends in large part upon our continued ability to attract, integrate, train, retain and motivate highly qualified sales, technical and managerial personnel, and upon the continued service of our senior management and key sales and technical personnel, none of whom is bound by an employment agreement. Competition for such qualified personnel in our industry and geographical location in the San Francisco Bay Area is intense, particularly in software development and product management personnel. 15

ITEM 2. PROPERTIES VeriSign's principal administrative, sales, marketing, research and development and operations facilities are located in two adjacent buildings in Mountain View, California, where we occupy approximately 44,000 square feet under leases that expire in 2005. We have leased additional office space contiguous to our headquarters under a lease that begins January 1, 1999 and expires in June 2005. We believe that with this additional space of approximately 52,000 square feet, our office space will be adequate to meet our needs for the foreseeable future. VeriSign also leases space for sales and support offices in Norcross, Georgia; Rosemont, Illinois; Linthicum, Maryland; Wakefield, Massachusetts; Novi, Michigan; Uniondale, New York; and Irving, Texas. In addition, we lease space in Kawasaki, Japan for our offices and secure data center and we lease space for a sales and support office in Upplands Vasby, Sweden. The Company's success is largely dependent on the uninterrupted operation of its secure data centers and computer and communications systems. See "Management's Discussion and Analysis of Financial Condition and Results of Operations--Factors That May Affect Future Results of Operations--System interruptions and security breaches could harm our business." ITEM 3. LEGAL PROCEEDINGS Not applicable. ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS Not applicable. ITEM 4A. EXECUTIVE OFFICERS OF THE REGISTRANT The following table sets forth certain information regarding the executive officers of VeriSign as of December 31, 1998. Name Age Position ---- --- -------- Stratton D. Sclavos..... 37 President, Chief Executive Officer and Director Jagtar S. Chaudhry...... 40 Vice President and General Manager of Security Vice President of Finance and Administration and Services Dana L. Evan... 39 Chief Financial Officer Quentin P. Gallivan..... 41 Vice President of Worldwide Sales Arnold Schaeffer........ 35 Vice President of Engineering Richard A. Yanowitch.... 42 Vice President of Marketing Stratton D. Sclavos has served as President and Chief Executive Officer and as a director of VeriSign since he joined VeriSign in July 1995. From October 1993 to June 1995, he was Vice President, Worldwide Marketing and Sales of Taligent, Inc., a software development company that was a joint venture among Apple Computer, Inc., IBM and Hewlett-Packard. From May 1992 to September 1993, Mr. Sclavos was Vice President of Worldwide Sales and Business Development of GO Corporation, a pen-based computer company. Prior to that time, he served in various sales and marketing capacities for MIPS Computer Systems, Inc. and Megatest Corporation. Mr. Sclavos is also a director and a member of the compensation committee of Network Solutions, Inc. Mr. Sclavos holds a B.S. degree in Electrical and Computer Engineering from the University of California at Davis. Jagtar S. Chaudhry has served as Vice President and General Manager of Security Services of VeriSign since VeriSign acquired SecureIT in July 1998. Mr. Chaudhry founded SecureIT in January 1997 and served as its President and Chief Executive Officer until it was acquired by VeriSign. Prior to founding SecureIT, from January 1995, Mr. Chaudhry served as Vice President of Worldwide Marketing at IQ Software, a database 16

reporting tools company. Mr. Chaudhry was the Vice President of Sales and Marketing--Software Products Group at Unisys from March 1993 to January 1995. Mr. Chaudhry holds a B.S. degree in Electrical Engineering from the Institute of Technology, Varanasi, India and two M.S. degrees in Computer Engineering and Industrial Engineering and an M.B.A. from the University of Cincinnati. Dana L. Evan has served as Vice President of Finance and Administration and Chief Financial Officer of VeriSign since she joined VeriSign in June 1996. From 1988 to June 1996, she worked as a financial consultant in the capacity of chief financial officer, vice president of finance or corporate controller for various public and private companies and partnerships, including VeriSign from November 1995 to June 1996, Delphi Bioventures, a venture capital firm, from 1988 to June 1995, and Identix Incorporated, a manufacturer of biometric identity verification and imaging products, from 1991 to August 1993. Prior to 1988, she was employed by KPMG LLP, most recently as a senior manager. Ms. Evan is a certified public accountant and holds a B.S. degree in Commerce with a concentration in Accounting and Finance from the University of Santa Clara. Quentin P. Gallivan has served as Vice President of Worldwide Sales of VeriSign since he joined VeriSign in October 1997. From April 1996 to October 1997, he was Vice President for Asia Pacific and Latin America of Netscape, a software company. Prior to that time, Mr. Gallivan was with General Electric Information Services, an electronic commerce services company, most recently as Vice President, Sales and Services for the Americas. Arnold Schaeffer has served as Vice President of Engineering of VeriSign since he joined VeriSign in January 1996. From March 1992 to December 1995, he was employed by Taligent, most recently as Vice President of Engineering, CommonPoint Products. Prior to working at Taligent, he served as a software engineer for Apple, Intellicorp and Hewlett-Packard. Mr. Schaeffer holds a B.S. degree in Information and Computer Science from the Georgia Institute of Technology and an M.B.A. degree from the University of California at Berkeley. Richard A. Yanowitch has served as Vice President of Marketing of VeriSign since he joined VeriSign in May 1996. From July 1995 to May 1996, he was a management consultant to private software companies. From 1989 to June 1995, he held a series of marketing positions with Sybase, Inc., a software company, most recently as Vice President of Corporate Marketing. Prior to that time, he held various sales, marketing and operating positions with The Santa Cruz Operation, Inc., Digital Equipment Corporation, Lanier Harris Corporation and Brooks International Corporation. Mr. Yanowitch holds a B.A. degree in History from Swarthmore College and an M.B.A. degree in Entrepreneurial Management and Marketing from Harvard Business School. 17

PART II ITEM 5. MARKET FOR REGISTRANT'S COMMON STOCK AND RELATED SHAREHOLDER MATTERS VeriSign's common stock has been traded on the Nasdaq National Market under the symbol "VRSN" since January 29, 1998, the date of our initial public offering. Prior to such time, there was no public market for our common stock. The following table sets forth, for the periods indicated, the high and low sales prices for our common stock as reported by the Nasdaq National Market. Price Range ------------- High Low ------ ------ Year ended December 31, 1998: First Quarter (beginning January 30, 1998).................. $46.88 $20.50 Second Quarter.............................................. 49.00 26.00 Third Quarter............................................... 44.88 21.88 Fourth Quarter.............................................. 77.50 19.38 On January 31, 1999, there were 236 holders of record of our common stock. Because many of such shares are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders. The market price of our common stock has fluctuated in the past and is likely to fluctuate in the future. In addition, the market prices of securities of other technology companies, particularly Internet-related companies, have been highly volatile. Factors that may have a significant effect on the market price of our common stock include: . fluctuations in our operating results; . announcements of technological innovations or new Internet-based trust services by us or new products or services by our competitors; . analysts' reports and projections; . regulatory actions; and . general market, economic or political conditions in the U.S. or abroad. We have never declared or paid any cash dividends on our common stock or other securities and we do not anticipate paying cash dividends in the foreseeable future. In addition, the terms of our equipment line of credit agreement prohibit the payment of dividends on our capital stock. 18

ITEM 6. SELECTED FINANCIAL DATA The following selected consolidated financial data are derived from VeriSign's consolidated financial statements and are restated to reflect our acquisition of SecureIT, Inc. in 1998 in a transaction accounted for as a pooling-of-interests. See Note 2 of Notes to Consolidated Financial Statements. This data should be read in conjunction with the consolidated financial statements and notes thereto, and with Item 7, Management's Discussion and Analysis of Financial Condition and Results of Operations. Period from April 12, 1995 Years Ended December 31, (inception) to ---------------------------- December 31, 1998 1997 1996 1995 -------- -------- -------- -------------- (In thousands, except per share data) Consolidated Statement of Operations Data: Revenues..................... $ 38,930 $ 13,356 $ 1,356 $ 382 Total costs and expenses..... 62,075 34,657 12,415 2,524 Operating loss............... (23,145) (21,301) (11,059) (2,142) Minority interest in net loss of subsidiary............... 1,282 1,538 838 -- Net loss..................... (19,743) (18,589) (10,288) (1,994) Basic and diluted net loss per share................... (.95) (2.61) (2.07) (.43) December 31, -------------------------------------------- 1998 1997 1996 1995 -------- -------- -------- -------------- (In thousands) Consolidated Balance Sheet Data: Cash, cash equivalents and short-term investments...... $ 41,745 $ 12,893 $ 30,006 $ 2,687 Working capital.............. 31,085 6,160 24,788 2,284 Total assets................. 64,295 26,904 36,537 4,052 Stockholders' equity......... 40,728 13,541 28,520 3,376 19

ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS You should read the following discussion in conjunction with VeriSign's consolidated financial statements and notes thereto. Overview VeriSign is the leading provider of Internet-based trust services needed by websites, enterprises and individuals to conduct trusted and secure electronic commerce and communications over IP networks. We have established strategic relationships with industry leaders, including AT&T, BT, Cisco, Microsoft, Netscape, Network Associates, RSA, Security Dynamics and VISA, to enable widespread utilization of our digital certificate services and to assure their interoperability with a wide variety of applications and network equipment. We have used our secure online infrastructure to issue over 100,000 of our website digital certificates and over 3.5 million of our digital certificates for individuals. We believe that we have issued more digital certificates than any other company in the world. Our Website Digital Certificate services are used by over 400 of the Fortune 500 companies and all of the top 25 electronic commerce websites as listed by Jupiter Communications, an independent market research firm. We also offer the VeriSign OnSite service, which allows an organization to leverage our trusted service infrastructure to develop and deploy customized digital certificate services for use by its employees, customers and business partners. Over 300 enterprises have subscribed to the OnSite service since its introduction in November 1997, including Bank of America, Hewlett-Packard, the Internal Revenue Service, Kodak, Sumitomo Bank, Texas Instruments and USWest. We have derived substantially all of our revenues to date from fees for services rendered in connection with deploying Internet-based trust services. Revenues from our Internet-based trust services consist of fees for the issuance of digital certificates, fees for digital certificate software modules and fees for consulting, training, support and maintenance services. We defer revenues from the sale or renewal of digital certificates and recognize this revenue ratably over the life of the digital certificate, generally 12 months. We recognize revenues from the sale of digital certificate software modules to distributors and affiliates upon delivery of the software and signing of an agreement, provided the fee is fixed and determinable, collectibility is probable and the arrangement does not require significant production, modification or customization of the software. We recognize revenues from consulting and training services using the percentage-of-completion method for fixed-fee development arrangements or as the services are provided for time- and-materials arrangements. We recognize revenue ratably over the term of the agreement for support and maintenance services. We market our Internet-based trust services worldwide through multiple distribution channels, including the Internet, direct sales, telesales, VARs, systems integrators and our affiliates. A significant portion of our revenues to date has been generated through sales from our website, but we intend to continue increasing our direct sales force, both in the U.S. and abroad, and to continue to expand our other distribution channels. In connection with the formation of VeriSign Japan, we licensed certain technology and contributed other assets to VeriSign Japan. Subsequent to its formation, additional investors purchased minority interests in VeriSign Japan. As of December 31, 1998, we owned 50.5% of the outstanding capital stock of VeriSign Japan. Accordingly, our consolidated financial statements include the accounts of VeriSign Japan and our consolidated statements of operations reflect the minority shareholders' share of the net losses of VeriSign Japan. In July 1998, we acquired SecureIT, a provider of Internet and enterprise security solutions, including a range of products and services to help clients assess, design and implement security solutions. In addition, SecureIT provides training on related subjects. The acquisition added services and technology complementary to our Internet-based trust services. We have accounted for the acquisition as a pooling-of-interests. Accordingly, we have restated all prior period consolidated financial statements to include the results of operations, financial position and cash flows of SecureIT as though it had always been a part of VeriSign. 20

We have experienced substantial net losses in each fiscal period since our inception. As of December 31, 1998, we had an accumulated deficit of $51.4 million. These net losses and accumulated deficit resulted from our lack of substantial revenues and the significant costs incurred in the development and sale of our Internet-based trust services and in the establishment and deployment of our technology, infrastructure and practices. We intend to increase our expenditures in all areas in order to execute our business plan. As a result, we expect to incur substantial additional losses. Although our revenues have grown in recent periods, we may be unable to sustain such growth. Therefore, you should not consider our historical growth indicative of future revenue levels or operating results. We may never achieve profitability or, if we do, we may not be able to sustain it. A more complete description of these and other risks relating to our business is set forth under the caption "Factors That May Affect Future Results of Operations." Results of Operations Revenues 1998 Change 1997 Change 1996 ------- ------ ------- ------ ------ (Dollars in thousands) Revenues................................ $38,930 191% $13,356 885% $1,356 Revenues increased significantly in 1998 from 1997 and 1996 due to increased sales of our Internet-based trust services, particularly our website digital certificates and VeriSign OnSite services, delivery of more training and services and higher sales of third-party products. In the third quarter of 1997, we increased our per-unit prices for digital certificates by approximately 15%. In addition, during 1998, we completed certain work required under various consulting contracts and recognized the related portion of revenues. We adopted the American Institute of Certified Public Accountants' Statement of Position ("SOP") No. 97-2, "Software Revenue Recognition," for software transactions entered into beginning January 1, 1998. SOP No. 97-2 generally requires revenue earned on software arrangements involving multiple elements to be allocated to each element based on its relative fair value. The fair value of the element must be based on objective evidence that is specific to the vendor. If a vendor does not have objective evidence of the fair value of all elements in a multiple-element arrangement, all revenue from the arrangement must be deferred until such evidence exists or until all elements have been delivered. The adoption of SOP No. 97-2 did not have a material effect on our operating results. No customer accounted for 10% or more of revenues during the year ended December 31, 1998. VISA International accounted for approximately 10% of our revenues in 1997 and approximately 21% of our revenues in 1996. Revenues of VeriSign Japan and revenues from other international customers accounted for 14% of total revenues in 1998 and less than 10% of revenues in each of 1997 and 1996. Costs and Expenses VeriSign's cost and expenses increased in 1998 compared to 1997 and 1996 primarily due to our overall growth. The total number of our employees increased from 26 at January 1, 1996 to 315 at December 31, 1998. In addition, we opened several new offices, increased our sales and marketing and research and development efforts and expanded our headquarters and secure data centers during these time periods. Cost of revenues 1998 Change 1997 Change 1996 ------- ------ ------ ------ ------ (Dollars in thousands) Cost of revenues......................... $19,454 101% $9,689 247% $2,791 Cost of revenues consists primarily of costs related to providing digital certificate enrollment and issuance services, customer support and training, consulting and development services and costs of facilities and 21

computer equipment used in such activities. Cost of revenues also includes fees paid to third parties to verify certificate applicants' identities, insurance premiums for our service warranty plan and errors and omission insurance and the cost of software resold to customers. The increase in cost of revenues in 1998 from 1997 was due to a number of factors. We hired more employees to support the additional volume of digital certificates issued and to support the growth of SecureIT's security consulting and training activities. The cost of insurance premiums for our service warranty plan increased, partly because of greater volume and partly because this plan was not in effect for a portion of 1997. In addition, we incurred increased expenses for access to third-party databases, higher support charges for our external disaster recovery program and for the cost of software products resold to customers as part of network security solution implementations. Cost of revenues increased in 1997 over 1996 as a result of many of the same factors as caused the increase in 1998 over 1997. In addition, facilities costs and related overhead costs increased as we built our operations infrastructure. We also incurred costs related to the introduction of new services as well as the costs related to certain third-party software products that were resold to our customers as part of network security solution implementations. Also in 1997, we implemented our services warranty program and our disaster recovery program. Certain of our services require greater personnel involvement and therefore have higher costs than other services. As a result, we anticipate that cost of revenues will vary in 1999 depending on the mix of services sold. Sales and marketing 1998 Change 1997 Change 1996 ------- ------ ------- ------ ------ (Dollars in thousands) Sales and marketing.................. $22,943 94% $11,826 142% $4,885 Percentage of revenues............... 59% 89% 360% Sales and marketing expenses consist primarily of costs related to sales, marketing and practices and external affairs. These expenses include salaries, sales commissions and other personnel-related expenses, travel and related expenses, costs of computer and communications equipment and support services, facilities costs, consulting fees and costs of marketing programs. Sales and marketing expenses increased in 1998 from 1997 as a result of the continued growth of our direct sales force and the expansion of our efforts, particularly in lead and demand generation activities. The growth and expansion of the SecureIT sales and marketing organization also contributed to the increase in these expenses. The increase in 1997 over 1996 was substantially due to increased headcount and, to a lesser extent, increased expenditures for marketing programs. The decrease in sales and marketing expenses as a percentage of revenues from 1996 to 1997 and 1998 is primarily due to the fact that revenues have increased faster than sales and marketing expenses in those periods. We anticipate that sales and marketing expenses will continue to increase in absolute dollars as we expand our direct sales force and increase our marketing and promotional activities both in the U.S. and abroad. Research and development 1998 Change 1997 Change 1996 ------ ------ ------ ------ ------ (Dollars in thousands) Research and development............... $8,435 59% $5,303 158% $2,058 Percentage of revenues................. 22% 40% 152% Research and development expenses consist primarily of costs related to research and development personnel, including salaries and other personnel- related expenses, consulting fees and the costs of facilities, computer and communications equipment and support services used in service and technology development. 22

Research and development expenses increased in absolute dollars in each of the periods presented as we invested in the design, testing and deployment of, and technical support for, our expanded Internet-based trust service offerings and technology. The increase reflects the expansion of our engineering staff and related costs required to support our continued emphasis on developing new products and services as well as enhancing existing products and services. During 1998, we continued to make significant investments in development of all of our services, including those targeted for the service provider market. The decrease in research and development expenses as a percentage of revenues from 1996 to 1997 and 1998 is primarily due to the fact that revenues have increased faster than research and development expenses in those periods. We believe that timely development of new and enhanced Internet-based trust services and technology are necessary to remain competitive in the marketplace. Accordingly, we intend to continue to recruit experienced research and development personnel and to make other investments in research and development. As a result, we expect research and development expenses will continue to increase in absolute dollars. To date, we have expensed all research and development expenditures as incurred. General and administrative 1998 Change 1997 Change 1996 ------ ------ ------ ------ ------ (Dollars in thousands) General and administrative............. $7,688 53% $5,039 88% $2,681 Percentage of revenues................. 20% 38% 198% General and administrative expenses consist primarily of salaries and other personnel-related expenses for our administrative, finance and human relations personnel, facilities and computer and communications equipment, support services and professional services fees. Our expenses increased in each of the years presented due primarily to increased staffing levels required to manage and support our expanded operations and the implementation of additional management information systems and related procedures. In addition, in 1998, we incurred additional costs related to being a public company, including investor relations programs and professional services fees. We expect to continue to invest in a more comprehensive executive and administrative infrastructure and to add additional facilities as required. As a result, we anticipate that general and administrative expenses will continue to increase in absolute dollars. Special charges 1998 Change 1997 Change 1996 ------ ------ ------ ------ ---- (Dollars in thousands) Special charges........................... $3,555 27% $2,800 NA -- Percentage of revenues.................... 9% 21% -- In connection with our acquisition of SecureIT, we recorded a special charge of $3.6 million to operating expenses in the third quarter of 1998. The expenses included $2.4 million for direct and other merger-related costs pertaining to the merger transaction. Merger transaction costs consisted primarily of fees for investment bankers, attorneys, accountants, filing fees and other related charges. The remaining $1.2 million related to stock-based compensation charges in connection with the acceleration of certain performance stock options held by SecureIT employees. In September 1996, VeriFone, Inc. which subsequently became a wholly-owned subsidiary of Hewlett-Packard, filed a lawsuit against VeriSign alleging, among other things, trademark infringement. In November 1997, VeriSign, Hewlett- Packard and VeriFone reached an agreement, under which, among other things, we issued 250,000 shares of our common stock, which were transferred to Hewlett- Packard, and VeriSign and VeriFone settled all claims. The settlement amount was recorded in the third quarter of 1997 as a $2.0 million charge to operations. 23

In November 1997, we entered into a preferred provider agreement with Microsoft whereby we agreed to jointly develop, promote and distribute a variety of client-based and server-based digital certificate solutions. Under this agreement, we have been designated as the premier provider of digital certificates for Microsoft customers, In connection with the agreement, we issued 100,000 shares of our common stock to Microsoft and recorded an $800,000 charge to operations. Other Income (Expense) 1998 Change 1997 Change 1996 ------ ------ ------ ------ ---- (Dollars in thousands) Other income (expense)................ $2,120 81% $1,174 1,852% $(67) Percentage of revenues................ 5% 9% (5)% Other income (expense) consists primarily of interest earned on our cash, cash equivalents and short-term investments, less interest expense on bank borrowings of VeriSign Japan and the effect of foreign currency transaction gains and losses. The increase in other income in 1998 and 1997 is primarily due to a higher average cash and short-term investment base in each of 1998 and 1997. The 1998 increase was a result of the proceeds from our initial public offering on January 29, 1998. The 1997 increase was due to the cash proceeds from our November 1996 Series C Preferred Stock financing. Provision for Income Tax We have not recorded any provision for federal and California income taxes because we have experienced net losses since inception. As of December 31, 1998, we had federal net operating loss carryforwards of approximately $52.3 million and California net operating loss carryforwards of approximately $46.5 million. If we are not able to use them, the federal net operating loss carryforwards will expire in 2010 through 2018 and the state net operating loss carryforwards will expire in 2003. The Tax Reform Act of 1986 imposes substantial restrictions on the utilization of net operating losses and tax credits in the event of a corporation's ownership change, as defined in the Internal Revenue Code. Our ability to utilize net operating loss carryforwards may be limited as a result of such ownership change. We do not anticipate that any material limitation exists on our ability to use our carryforwards and credits. We have provided a full valuation allowance on our deferred tax asset because of the uncertainty regarding its realization. Our accounting for deferred taxes under Statement of Financial Accounting Standards No. 109, "Accounting for Income Taxes," involves the evaluation of a number of factors concerning the realizability of our deferred tax assets. In concluding that a full valuation allowance was required, we considered such factors as our history of operating losses and expected future losses and the nature of our deferred tax assets. Although our operating plans assume taxable and operating income in future periods, our evaluation of all of the available evidence in assessing the realizability of the deferred tax assets indicated that such plans were not considered sufficient to overcome the available negative evidence. See Note 9 of Notes to Consolidated Financial Statements. Minority Interest in Net Loss of Subsidiary Minority interest in the net losses of VeriSign Japan was $1.3 million, $1.5 million and $.8 million in 1998, 1997 and 1996, respectively. The decrease from 1997 to 1998 was primarily due to VeriSign Japan's increased revenue as compared to the prior year. The increase from 1996 to 1997 was due to the increased expenses incurred in establishing and expanding the operations of VeriSign Japan prior to the generation of significant revenues as well as to an increasing percentage of VeriSign Japan's capital stock being held by minority shareholders. VeriSign Japan is still in the early stage of operations and, therefore, we expect that the minority interest in net loss of subsidiary will continue to fluctuate in future periods. 24

Factors That May Affect Future Results of Operations We have a limited operating history. VeriSign was incorporated in April 1995, and we began introducing our Internet-based trust services in June 1995. Accordingly, we have only a limited operating history on which to base an evaluation of our business and prospects. Our prospects must be considered in light of the risks and uncertainties encountered by companies in the early stages of development. These risks and uncertainties are often worse for companies in new and rapidly evolving markets. Our success will depend on many factors, including, but not limited to, the following: . the rate and timing of the growth and use of IP networks for electronic commerce and communications; . the extent to which digital certificates are used for such communications and commerce; . the continued evolution of electronic commerce as a viable means of conducting business; . the demand for our Internet-based trust services; . competition levels; . the perceived security of electronic commerce and communications over IP networks; . the perceived security of our services, technology, infrastructure and practices; and . our continued ability to maintain our current, and enter into additional, strategic relationships. To address these risks we must, among other things: . successfully market our Internet-based trust services and our digital certificates to our new and existing customers; . attract, integrate, train, retain and motivate qualified personnel; . respond to competitive developments; . successfully introduce new Internet-based trust services; and . successfully introduce enhancements to our existing Internet-based trust services to address new technologies and standards. We cannot be certain that we will successfully address any of these risks. Our business depends on the adoption of IP networks. In order for VeriSign to be successful, IP networks must be widely adopted, in a timely manner, as a means of trusted and secure electronic commerce and communications. Because electronic commerce and communications over IP networks are new and evolving, it is difficult to predict the size of this market and its sustainable growth rate. To date, many businesses and consumers have been deterred from utilizing IP networks for a number of reasons, including, but not limited to: . potentially inadequate development of network infrastructure; . security concerns including the potential for merchant or user impersonation and fraud or theft of stored data and information communicated over IP networks; . inconsistent quality of service; . lack of availability of cost-effective, high-speed service; . limited numbers of local access points for corporate users; . inability to integrate business applications on IP networks; 25

. the need to operate with multiple and frequently incompatible products; and . a lack of tools to simplify access to and use of IP networks. The adoption of IP networks will require a broad acceptance of new methods of conducting business and exchanging information. Companies and government agencies that already have invested substantial resources in other methods of conducting business may be reluctant to adopt new methods. Also, individuals with established patterns of purchasing goods and services and effecting payments may be reluctant to change. The use of IP networks may not increase or may increase more slowly than we expect because the infrastructure required to support widespread use may not develop. The Internet may continue to experience significant growth both in the number of users and the level of use. However, the Internet infrastructure may not be able to continue to support the demands placed on it by continued growth. Continued growth may also affect the Internet's performance and reliability. In addition, the growth and reliability of IP networks could be harmed by delays in development or adoption of new standards and protocols to handle increased levels of activity or by increased governmental regulation. Changes in, or insufficient availability of, communications services to support IP networks could result in poor performance and also adversely affect their usage. Any of these factors could materially harm our business. See "Business-- Customers and Markets." Our market is new and evolving. We target our Internet-based trust services at the market for trusted and secure electronic commerce and communications over IP networks. This is a new and rapidly evolving market that may not continue to grow. Accordingly, the demand for our Internet-based trust services is very uncertain. Even if the market for electronic commerce and communications over IP networks grows, our Internet-based trust services may not be widely accepted. The factors that may affect the level of market acceptance of digital certificates and, consequently, our Internet-based trust services, include the following: . market acceptance of products and services based upon authentication technologies other than those we use; . public perception of the security of digital certificates and IP networks; . the ability of the Internet infrastructure to accommodate increased levels of usage; and . government regulations affecting electronic commerce and communications over IP networks. Even if digital certificates achieve market acceptance, our Internet-based trust services may fail to address the market's requirements adequately. If digital certificates do not achieve market acceptance in a timely manner and sustain such acceptance, or if our Internet-based trust services in particular do not achieve or sustain market acceptance, our business would be materially harmed. See "Business--Customers and Markets." System interruptions and security breaches could harm our business. We depend on the uninterrupted operation of our secure data centers and our other computer and communications systems. We must protect these systems from loss, damage or interruption caused by fire, earthquake, power loss, telecommunications failure or other events beyond our control. Most of our systems are located at, and most of our customer information is stored in, our facilities in Mountain View, California and Kawasaki, Japan, areas susceptible to earthquakes. Any damage or failure that causes interruptions in our secure data centers and our other computer and communications systems could materially harm our business. In addition, our ability to issue digital certificates depends on the efficient operation of the Internet connections from customers to our secure data centers. Such connections depend upon efficient operation of web browsers, Internet service providers and Internet backbone service providers, all of which have had periodic operational problems or experienced outages in the past. Any of these problems or outages could adversely affect customer satisfaction. 26

Our success also depends upon the scalability of our systems. Our systems have not been tested at the volumes that may be required in the future. Thus, it is possible that a substantial increase in demand for our Internet-based trust services could cause interruptions in our systems. Any such interruptions could adversely affect our ability to deliver our Internet-based trust services and therefore could materially harm our business. Although we periodically perform, and retain accredited third parties to perform, audits of our operational practices and procedures, we may not be able to remain in compliance with our internal standards or those set by third-party auditors. If we fail to maintain these standards, we may have to expend significant time and money to return to compliance and our business could be materially harmed. We retain certain confidential customer information in our secure data centers. It is critical to our business strategy that our facilities and infrastructure remain secure and are perceived by the marketplace to be secure. Despite our security measures, our infrastructure may be vulnerable to physical break-ins, computer viruses, attacks by hackers or similar disruptive problems. It is possible that we may have to expend additional financial and other resources to address such problems. Any physical or electronic break-ins or other security breaches or compromises of the information stored at our secure data centers may jeopardize the security of information stored on our premises or in the computer systems and networks of our customers. In such an event, we could face significant liability and customers could be reluctant to use our Internet-based trust services. Such an occurrence could also result in adverse publicity and therefore adversely affect the market's perception of the security of electronic commerce and communications over IP networks as well as of the security or reliability of our services. See "Business--Infrastructure," "--Security and Trust Practices" and "Properties." We must manage our growth and expansion. Our historical growth has placed, and any further growth is likely to continue to place, a significant strain on our resources. VeriSign has grown from 26 employees at December 31, 1995 to 315 employees at December 31, 1998. We have also opened additional sales offices and have significantly expanded our operations, both in the U.S. and abroad, during this time period. We expanded our operations by acquiring SecureIT during 1998. To be successful, we will need to implement additional management information systems, develop further our operating, administrative, financial and accounting systems and controls and maintain close coordination among our executive, engineering, accounting, finance, marketing, sales and operations organizations. Any failure to manage growth effectively could materially harm our business. We must establish and maintain strategic relationships. One of our significant business strategies has been to enter into strategic or other similar collaborative relationships in order to reach a larger customer base than we could reach through our direct sales and marketing efforts. We may need to enter into additional relationships to execute our business plan. We may not be able to enter into additional, or maintain our existing, strategic relationships on commercially reasonable terms. If we failed, we would have to devote substantially more resources to the distribution, sale and marketing of our Internet-based trust services than we would otherwise. Furthermore, as a result of our emphasis on these relationships, our success in such relationships will depend both on the ultimate success of the other parties to such relationships, particularly in the use and promotion of IP networks for trusted and secure electronic commerce and communications, and on the ability of certain of these parties to market our Internet-based trust services successfully. Failure of one or more of our strategic relationships to result in the development and maintenance of a market for our Internet-based trust services could materially harm our business. Our existing strategic relationships do not, and any future strategic relationships may not, afford VeriSign any exclusive marketing or distribution rights. In addition, the other parties may not view their relationships with us as significant for their own businesses. Therefore, they could reduce their commitment to VeriSign at any time in the future. These parties could also pursue alternative technologies or develop alternative products and services either on their own or in collaboration with others, including our competitors. If we are unable to 27

maintain our strategic relationships or to enter into additional strategic relationships, our business could be materially harmed. See "Business-- Strategic Relationships" and "--Marketing, Sales and Distribution." Certain of our internet-based trust services have lengthy sales and implementation cycles. We market many of our Internet-based trust services directly to large companies and government agencies. The sale and implementation of our services to these entities typically involves a lengthy education process and a significant technical evaluation and commitment of capital and other resources. This process is also subject to the risk of delays associated with customers' internal budgeting and other procedures for approving large capital expenditures, deploying new technologies within their networks and testing and accepting new technologies that affect key operations. As a result, the sales and implementation cycles associated with certain of our Internet-based trust services can be lengthy, potentially lasting from three to six months. Our quarterly and annual operating results could be materially harmed if orders forecasted for a specific customer for a particular quarter are not realized. Our international operations are subject to certain risks. Revenues of VeriSign Japan K.K., or VeriSign Japan, and revenues from other international affiliates and customers accounted for approximately 14% of our revenues in 1998 and approximately 9% of our revenues in 1997. We intend to expand our international operations and international sales and marketing activities. Expansion into these markets has required and will continue to require significant management attention and resources. We may also need to tailor our Internet-based trust services for a particular market and to enter into international distribution and operating relationships. We have limited experience in localizing our Internet-based trust services and in developing international distribution or operating relationships. We may not succeed in expanding our Internet-based trust service offerings into international markets. Any such failure could harm our business. In addition, there are certain risks inherent in doing business on an international basis, including, among others: . regulatory requirements; . legal uncertainty regarding liability; . export and import restrictions on cryptographic technology and products incorporating that technology; . tariffs and other trade barriers; . difficulties in staffing and managing foreign operations; . longer sales and payment cycles; problems in collecting accounts receivable; . difficulty of authenticating customer information; . political instability; . seasonal reductions in business activity; and . potentially adverse tax consequences. We have licensed to certain international affiliates the VeriSign Processing Center platform, which is designed to replicate our own secure data centers and allows the affiliate to offer back-end processing of Internet-based trust services. The VeriSign Processing Center platform provides an affiliate with the knowledge and technology to offer Internet-based trust services similar to those offered by VeriSign. It is critical to our business strategy that the facilities and infrastructure used in issuing and marketing digital certificates remain secure and be perceived by the marketplace to be secure. Although we provide the affiliate with training in security and trust practices, network management and customer service and support, these practices are performed by the affiliate and are outside of our control. Any failure of an affiliate to maintain the privacy of confidential customer information could result in negative publicity and therefore adversely affect the market's 28

perception of the security of our services as well as the security of electronic commerce and communication over IP networks generally. See "--System interruptions and security breaches could harm our business" and "Business-- VeriSign's Trust Services." All of our international revenues from sources other than VeriSign Japan are denominated in U.S. dollars. If additional portions of our international revenues were to be denominated in foreign currencies, we could become subject to increased risks relating to foreign currency exchange rate fluctuations. See "Business--Marketing, Sales and Distribution." Acquisitions could harm our business. During 1998, we acquired SecureIT. If we are unable to successfully complete the integration of SecureIT, our business could be materially harmed. We may acquire additional businesses, technologies, product lines or service offerings in the future. Acquisitions involve a number of risks including among others: . the difficulty of assimilating the operations and personnel of the acquired businesses; . the potential disruption of our business; . our inability to integrate, train, retain and motivate key personnel of the acquired business; . the diversion of our management from our day-to-day operations; . our inability to incorporate acquired technologies successfully into our Internet-based trust services; . the additional expense associated with completing an acquisition and amortizing any acquired intangible assets; . the potential impairment of relationships with our employees, customers and strategic partners; and . the inability to maintain uniform standards, controls, procedures and policies. If we are unable to successfully address any of these risks, our business could be materially harmed. Year 2000 Issues Background of Year 2000 Issues Many currently installed computer systems and software products are unable to distinguish between twentieth century dates and twenty-first century dates. This situation could result in system failures or miscalculations causing disruptions of operations of any business, including, among other things, a temporary inability to process transactions, send invoices or engage in similar normal business activities. As a result, many companies' software and computer systems may need to be upgraded or replaced to comply with such "Year 2000" requirements. State of Readiness Our business depends on the operation of numerous systems that could potentially be impacted by Year 2000 related problems. The systems include: hardware and software systems used to deliver our Internet-based trust services, including our proprietary software systems as well as software supplied by third parties; communications networks such as the Internet and private intranets; the internal systems of our customers and suppliers; digital certificates and software products sold to customers; the computer and communications hardware and software systems we use internally to manage our business; and non-information technology systems and services we use to manage our business, such as telephone systems and building systems. Based on an analysis of all systems potentially impacted by conducting business in the year 2000 and beyond, we are applying a phased approach to making such systems, and accordingly our operations, ready for 29

the year 2000. Beyond awareness of the issues and scope of systems involved, the phases of activities in progress include: an assessment of specific underlying computer systems, programs and/or hardware; remediation or replacement of Year 2000 non-compliant technology; validation and testing of technologically compliant Year 2000 solutions; and implementation of the Year 2000 compliant systems. The table below provides the status and timing of such phased activities. Targeted Impacted Systems Status Implementation ---------------- ------ -------------- Internet-based trust services sold to customers.................. Digital certificates tested and available for customer trial, other products in testing Completed Non-information technology systems and services.................. Systems upgraded or replaced as appropriate, testing and implementation completed Completed Hardware and software systems used to deliver services........... Assessment completed, remediation underway, conducting validation and testing Q1 1999 Communication networks used to provide services.................. Assessment completed, conducting validation and testing Q1 1999 Operability with internal systems of customers and suppliers..... Assessment completed, conducting validation and testing Q1 1999 Hardware and software systems used to manage VeriSign's business. Assessment completed, remediation underway, conducting validation and testing Q1 1999 As a trusted third-party certificate authority providing, among other services, digital certificates and related life cycle services, we depend on the hardware and software products from third parties used to deliver such Internet-based trust services. Inoperability of such products due to Year 2000 issues could harm our business. We have completed our assessment of the underlying systems and hardware. Certain components have been replaced and we are conducting validation and testing. Costs to Address Year 2000 Issues We expect that costs directly related to Year 2000 issues will not exceed approximately $500,000 for both costs incurred to date and future costs, including cases where non-compliant information technology systems have been or need to be replaced. We would have incurred the replacement cost of non- information technology systems regardless of the Year 2000 issue due to technology obsolescence and/or our growth. We have and will continue to expense all costs arising from Year 2000 issues, funding them from working capital. We do not believe that future expenditures to upgrade internal systems and applications will materially harm our business. In addition, while we do not know the potential costs of redeployment of personnel and any delays in implementing other projects, we anticipate the costs to be immaterial and we expect minimal adverse impact to the business. Risks of the Year 2000 Issues We believe our digital certificates and Internet-based trust services are Year 2000 compliant; however, success of our Year 2000 compliance efforts may depend on the success of our customers in dealing with Year 2000 issues. We sell our Internet-based trust services to companies in a variety of industries each with different issues and Year 2000 compliance challenges. Customer difficulties with Year 2000 issues could interfere with the use of Year 2000 compliant digital certificates which might require us to devote additional resources to resolve underlying problems. If problems exists within our digital certificate technology as it relates to customers' management systems and applications, our business, financial condition and results of operations could be materially harmed. This risk is minimized by our current offering of Year 2000 compliant test digital certificates which can validate the Year 2000 operation of customer applications and systems. However, there is no method to determine which customers will validate their applications and systems for Year 2000 compliance with our technology. 30

Furthermore, the purchasing patterns of these customers or potential customers may be affected by Year 2000 issues as companies expend significant resources to become Year 2000 compliant. The costs of becoming Year 2000 compliant for current or potential customers may result in fewer funds being available to purchase and implement our Internet-based trust services. Contingency Plans With the assistance of an independent consulting firm, we developed a Year 2000 project plan template. Of the template's Year 2000 recommendations, beyond those already identified through our internal review, no additional work was required. We have not yet developed a contingency plan for handling Year 2000 problems that are not detected and corrected prior to their occurrence. However, we have a comprehensive business resumption plan in the event of a failure of our digital certificate services delivered from our secure data centers. Upon completion of testing and implementation activities, we will be able to assess additional areas requiring contingency planning and we expect to institute appropriate contingency planning at that time. Any failure to address any unforeseen Year 2000 issue could harm our business. Liquidity and Capital Resources 1998 1997 Change ------- ------- ------ (Dollars in thousands) Cash, cash equivalents and short-term investments.... $41,745 $12,893 224% Working capital...................................... $31,085 $ 6,160 405% Stockholders' equity................................. $40,728 $13,541 201% Prior to our initial public offering, we financed our operations primarily through private sales of equity securities, raising approximately $46.1 million. Our initial public offering, which closed in February 1998, yielded net proceeds of approximately $43.7 million. In January 1999, we sold an additional 1,597,500 shares of common stock to the public for net proceeds of approximately $121.5 million. At December 31, 1998, our principal source of liquidity was $41.7 million of cash, cash equivalents and short-term investments, consisting principally of commercial paper, medium term notes, corporate bonds and notes, market auction securities and money market funds. We also have an equipment loan agreement under which we may borrow up to $3.0 million for purchases of equipment. This equipment loan agreement expires on March 31, 1999. Any amounts borrowed under this equipment loan agreement would bear interest at the rate of 7.5% per annum and would be secured by the equipment purchased with the loan proceeds. In the event that we borrow under this loan agreement, we would be obligated to issue to the lender a warrant to purchase 17,500 shares of our common stock. We have no current plans to borrow any amounts under this loan agreement. We have had significant negative cash flows from operating activities in each period to date. Net cash used in operating activities was $11.8 million in 1998, $12.8 million in 1997 and $6.0 million in 1996. Net cash used in operating activities in each of these periods was primarily the result of net losses and increases in accounts receivable. These amounts were partially offset in all periods by non-cash charges and increases in accounts payable, accrued liabilities and deferred revenue. Net cash used in investing activities was $16.0 million in 1998, $15.3 million in 1997 and $4.4 million in 1996. Net cash used in investing activities in these periods was primarily the result of capital expenditures for computer and communications equipment, purchased software, office equipment, furniture, fixtures and leasehold improvements. In addition, cash used in investing activities included net purchases of short-term investments of $11.0 million in 1998 and $8.0 million in 1997. Capital expenditures for property and equipment totaled $4.4 million in 1998, $6.8 million in 1997 and $4.2 million in 1996. Our planned capital expenditures for 1999 are approximately $5 million to $7 million, primarily for computer and communications equipment and leasehold improvements. As of December 31, 1998, we also had commitments under noncancelable operating leases for our facilities for various terms through 2005. See Note 10 of Notes to Consolidated Financial Statements. 31

Net cash provided by financing activities was $45.7 million in 1998, $3.1 million in 1997 and $37.8 million in 1996. In 1998, net cash provided by financing activities included $43.7 million from our initial public offering. In 1996, cash was provided primarily from net proceeds from the sale of preferred stock. In addition, net cash provided by financing activities of VeriSign Japan was $4.2 million in 1996 and $2.5 million in 1997, resulting from the sale of capital stock to minority investors and from the proceeds of bank borrowings. We believe that the net proceeds from our 1999 offering, together with existing cash, cash equivalents and short-term investments, will be sufficient to meet our working capital and capital expenditure requirements for the foreseeable future. However, at some time, we may need to raise additional funds through public or private financing, strategic relationships or other arrangements. Such additional funding, if needed, might not be available on terms attractive to us, or at all. If we have to enter into strategic relationships to raise additional funds we might be required to relinquish rights to certain of our technologies. Our failure to raise capital when needed could materially harm our business. If additional funds are raised through the issuance of equity securities, the percentage of our stock owned by our then- current stockholders would be reduced. Furthermore, such equity securities might have rights, preferences or privileges senior to those of our common stock. Recent Accounting Pronouncements In March 1998, the AICPA issued SOP No. 98-1, "Accounting for the Costs of Computer Software Developed or Obtained for Internal Use." SOP No. 98-1 requires entities to capitalize certain costs related to internal-use software once certain criteria have been met. We expect that the adoption of SOP No. 98- 1 will not have a material impact on our financial position, results of operations or cash flows. We will be required to implement SOP No. 98-1 for the year ending December 31, 1999. In April 1998, the AICPA issued SOP No. 98-5, "Reporting on the Costs of Start-Up Activities." SOP No. 98-5 requires that all start-up costs related to new operations must be expensed as incurred. In addition, all start-up costs that were capitalized in the past must be written off when SOP No. 98-5 is adopted. We expect that the adoption of SOP No. 98-5 will not have a material impact on our financial position, results of operations or cash flows. We will be required to implement SOP No. 98-5 for the year ending December 31, 1999. In June 1998, the Financial Accounting Standards Board issued SFAS No. 133, "Accounting for Derivative Instruments and Hedging Activities." SFAS No. 133 establishes methods for derivative financial instruments and hedging activities related to those instruments, as well as other hedging activities. Because we do not currently hold any derivative instruments and do not engage in hedging activities, we expect that the adoption of SFAS No. 133 will not have a material impact on our financial position, results of operations or cash flows. We will be required to implement SFAS No 133 for the year ending December 31, 2000. In December 1998, the AICPA issued SOP No. 98-9, "Modification of SOP 97-2, Software Revenue Recognition, with Respect to Certain Transactions." SOP No. 98-9 requires recognition of revenue using the "residual method" in a multiple- element software arrangement when fair value does not exist for one or more of the delivered elements in the arrangement. Under the "residual method," the total fair value of the undelivered elements is deferred and recognized in accordance with SOP No. 97-2. We will be required to implement SOP No. 98-9 for the year ending December 31, 2000. SOP No. 98-9 also extends the deferral of the application of SOP No. 97-2 to certain other multiple-element software arrangements through our year ending December 31, 1999. We are evaluating the provisions of SOP No. 98-9 and we have not yet determined what impact, if any, SOP No. 98-9 will have on our financial position, results of operations or cash flows. 32

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK Interest rate sensitivity The primary objective of VeriSign's investment activities is to preserve principal while at the same time maximizing the income we receive from our investments without significantly increasing risk. Some of the securities that we have invested in may be subject to market risk. This means that a change in prevailing interest rates may cause the principal amount of the investment to fluctuate. For example, if we hold a security that was issued with a fixed interest rate at the then-prevailing rate and the prevailing interest rate later rises, the principal amount of our investment will probably decline. To minimize this risk, we maintain our portfolio of cash equivalents and short- term investments in a variety of securities, including commercial paper, medium-term notes, corporate bonds and notes, market auction securities and money market funds. In general, money market funds are not subject to market risk because the interest paid on such funds fluctuates with the prevailing interest rate. In addition, we invest in relatively short-term securities. As of December 31, 1998, all of our investments mature in less than one year. See Note 3 of Notes to Consolidated Financial Statements. The following table presents the amounts of our cash equivalents and short- term investments that are subject to market risk by range of expected maturity and weighted-average interest rates as of December 31, 1998. This table does not include money market funds because such funds are not subject to market risk. Maturing in --------------------- Six Months Six Months to Fair or Less One Year Total Value ---------- ---------- ------- ------- Included in cash and cash equivalents......................... $14,573 NA $14,573 $14,573 Weighted-average interest rate....... 5.43% Included in short-term investments... $13,888 $5,071 $18,959 $18,959 Weighted-average interest rates...... 5.38% 5.15% Exchange rate sensitivity VeriSign considers its exposure to foreign currency exchange rate fluctuations to be minimal. Our recently established subsidiary in Sweden has not had significant operations to date. All revenues derived from our European affiliates are denominated in U.S. dollars and, therefore, are not subject to exchange rate fluctuations. Both the revenues and expenses of our majority-owned subsidiary in Japan are denominated in Japanese yen. This serves as a natural hedge because although an unfavorable change in the exchange rate of the Japanese yen against the U.S. dollar will result in lower revenues when translated to U.S. dollars, operating expenses will also be lower in these circumstances. Because of our minimal exposure to foreign currencies, we have not engaged in any hedging transactions to date. 33

ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTAL DATA Financial Statements VeriSign's financial statements required by this item are submitted as a separate section of this Form 10-K. See Item 14.(a)1. for a listing of financial statements provided in the section titled "FINANCIAL STATEMENTS." Supplemental Data The following tables set forth quarterly supplementary data for each of the years in the two-year period ended December 31, 1998 and reflect VeriSign's results as restated to reflect our acquisition of SecureIT, Inc. in 1998, which was accounted for as a pooling of interests. See Note 2 of Notes to Consolidated Financial Statements. 1998 --------------------------------------------- Quarter Ended ----------------------------------- Year Sept. Ended March 31 June 30 30 Dec. 31 Dec. 31 -------- ------- ------- ------- -------- (In thousands, except per share data) Revenues...................... $ 6,662 $ 8,552 $10,505 $13,211 $ 38,930 Total costs and expenses...... 12,146 14,322 19,087 16,520 62,075 Operating loss................ (5,484) (5,770) (8,582) (3,309) (23,145) Minority interest in net loss of subsidiary................ 389 324 237 332 1,282 Net loss...................... (4,703) (4,789) (7,717) (2,534) (19,743) Basic and diluted net loss per share........................ (.27) (.22) (.34) (.11) (.95) 1997 --------------------------------------------- Quarter Ended ----------------------------------- Year Sept. Ended March 31 June 30 30 Dec. 31 Dec. 31 -------- ------- ------- ------- -------- (In thousands, except per share data) Revenues...................... $ 1,590 $ 2,931 $ 3,839 $ 4,996 $ 13,356 Total costs and expenses...... 5,910 7,088 9,696 11,963 34,657 Operating loss................ (4,320) (4,157) (5,857) (6,967) (21,301) Minority interest in net loss of subsidiary................ 305 482 407 344 1,538 Net loss...................... (3,546) (3,508) (5,214) (6,321) (18,589) Basic and diluted net loss per share........................ (.53) (.51) (.64) (.82) (2.61) Our quarterly operating results have varied and may fluctuate significantly in the future as a result of a variety of factors, many of which are outside our control. These factors include the following: . continued market acceptance of our Internet-based trust services; . the long sales and implementation cycles for, and potentially large order sizes of, certain of our Internet-based trust services; . the timing and execution of individual contracts; . customer renewal rates for our Internet-based trust services; . the timing of releases of new versions of Internet browsers or other third-party software products and networking equipment which include our digital certificate service interface technology; . the mix of our services sold during a quarter; . our success in marketing other Internet-based trust services to our existing customers and to new customers; 34

. continued development of our direct and indirect distribution channels, both in the U.S. and abroad; . market acceptance of our Internet-based trust services or our competitors' products and services; . our ability to attract, integrate, train, retain and motivate a substantial number of sales and marketing, research and development and technical support personnel; . our ability to expand our operations; . our success in assimilating the operations and personnel of SecureIT and any other acquired businesses; . the amount and timing of expenditures related to expansion of our operations; . the impact of price changes in our Internet-based trust services or our competitors' products and services; and . general global economic conditions and economic conditions specific to IP network industries. Our limited operating history and the emerging nature of our market make it difficult to predict future revenues. Our expenses are based, in part, on our expectations regarding future revenues, and are largely fixed in nature, particularly in the short term. We may be unable to predict our future revenues accurately or to adjust spending in a timely manner to compensate for any unexpected revenue shortfall. Accordingly, any significant shortfall of revenues in relation to our expectations could cause significant declines in our quarterly operating results. Due to all of the foregoing factors, our quarterly revenues and operating results are difficult to forecast. Therefore, we believe that period-to-period comparisons of our operating results will not necessarily be meaningful, and you should not rely upon them as an indication of our future performance. Also, it is likely that our operating results will fall below our expectations and the expectations of securities analysts or investors in some future quarter. In such event, the market price of our common stock could be materially adversely affected. In January 1998, VeriSign completed the initial public offering of its common stock. The managing underwriters in the offering were Morgan Stanley & Co. Incorporated, Hambrecht & Quist LLC and Wessels, Arnold & Henderson L.L.C. We realized net proceeds from the offering of approximately $43.7 million after deducting the underwriting discounts and commissions and expenses of the offering. During the year ended December 31, 1998, we used approximately $11.6 million of the net proceeds from the offering to fund operating expenses, the transaction charges related to the acquisition of SecureIT and increase working capital and $4.4 million to purchase and install computers and peripheral equipment. The remaining $27.7 million has been invested in short-term, interest-bearing, investment grade securities. ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE There were no disagreements on any matter of accounting principles, financial statement disclosure, or auditing scope or procedure to be reported under this item. 35

PART III ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT Information with respect to this item may be found in the section captioned "Directors and Executive Officers of the Registrant" appearing in the definitive Proxy Statement to be delivered to stockholders in connection with the Annual Meeting of Stockholders to be held on May 27, 1999. Such information is incorporated herein by reference. ITEM 11. EXECUTIVE COMPENSATION Information with respect to this item may be found in the section captioned "Executive Compensation" appearing in the definitive Proxy Statement to be delivered to stockholders in connection with the Annual Meeting of Stockholders to be held on May 27, 1999. Such information is incorporated herein by reference. ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT Information with respect to this item may be found in the section captioned "Security Ownership of Certain Beneficial Owners and Management" appearing in the definitive Proxy Statement to be delivered to stockholders in connection with the Annual Meeting of Stockholders to be held May 27, 1999. Such information is incorporated herein by reference. ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS Information with respect to this item may be found in the section captioned "Certain Transactions" appearing in the definitive Proxy Statement to be delivered to stockholders in connection with the Annual Meeting of Stockholders to be held May 27, 1999. Such information is incorporated herein by reference. 36

PART IV ITEM 14. EXHIBITS, FINANCIAL STATEMENTS SCHEDULE AND REPORTS ON FORM 8-K (a) Documents filed as part of this report 1. Financial statements .Management's Report .Independent Auditors' Report .Consolidated Balance Sheets As of December 31, 1998 and 1997 .Consolidated Statements of Operations For the Years Ended December 31, 1998, 1997 and 1996 .Consolidated Statements of Stockholders' Equity For the Years Ended December 31, 1998, 1997 and 1996 .Consolidated Statements of Cash Flows For the Years Ended December 31, 1998, 1997 and 1996 .Notes to Consolidated Financial Statements 2. Financial statement schedule . Financial statement schedules are omitted because the information called for is not required or is shown in either in the consolidated financial statements or the notes thereto. 3. Exhibits (a) Index to Exhibits Incorporated by Reference Exhibit ------------------- Filed Number Exhibit Description Form Date Number Herewith ------- --------------------------------------- ---- ------- ------ -------- 2.01 Agreement and Plan of Reorganization dated as of July 6, 1998 by and between the Registrant, VeriSign Merger Corp., SecureIT and the shareholders of SecureIT 8-K 7/6/98 2.01 3.02 Third Amended and Restated Certificate of Incorporation of the Registrant S-1 1/29/98 3.02 3.04 Amended and Restated Bylaws of the Registrant S-1 1/29/98 3.04 4.01 Investors' Rights Agreement, dated November 15, 1996, among the Registrant and the parties indicated therein S-1 1/29/98 4.01 4.04 First Amendment to Amended and Restated Investors' Rights Agreement dated as of July 7, 1998 by and between the Registrant and certain stockholders of the Registrant 8-K 7/6/98 4.01 4.05 Registration Rights Agreement dated as of July 6, 1998 by and between the Registrant and the former shareholders of SecureIT S-8 7/7/98 4.09 10.05 Form of Indemnification Agreement entered into by the Registrant with each of its directors and executive officers S-1 1/29/98 10.05 10.06 Registrant's 1995 Stock Option Plan and related documents S-1 1/29/98 10.06 10.07 Registrant's 1997 Stock Option Plan S-1 1/29/98 10.07 10.08 Registrant's 1998 Directors' Stock Option Plan and related documents S-1 1/29/98 10.08 37

Incorporated by Reference Exhibit ------------------- Filed Number Exhibit Description Form Date Number Herewith ------- --------------------------------------- ---- ------- ------ -------- 10.09 Registrant's 1998 Equity Incentive Plan and related documents S-1 1/29/98 10.09 10.10 Registrant's 1998 Employee Stock Purchase Plan and related documents S-1 1/29/98 10.10 10.11 Registrant's Executive Loan Program of 1996 S-1 1/29/98 10.11 10.14 Form of Full Recourse Secured Promissory Note and Form of Pledge and Security Agreement entered into between the Registrant and certain executive officers S-1 1/29/98 10.14 10.15 Assignment Agreement, dated April 19, 1995 between the Registrant and RSA Data Security, Inc. S-1 1/29/98 10.15 10.16 BSAFE/TIPEM OEM Master License Agreement, dated April 18, 1995, between the Registrant and RSA Data Security, Inc., as amended S-1 1/29/98 10.16 10.17 Non-Compete and Non-Solicitation Agreement, dated April 18, 1995, between the Registrant and RSA Security, Inc. S-1 1/29/98 10.17 10.18 Microsoft/VeriSign Certificate Technology Preferred Provider Agreement, effective as of May 1, 1997, between the Registrant and Microsoft Corporation S-1 1/29/98 10.18 10.19 Master Development and License Agreement, dated September 30, 1997, between the Registrant and Security Dynamics Technologies, Inc. S-1 1/29/98 10.19 10.20 License Agreement, dated December 16, 1996, between the Registrant and VeriSign Japan K.K. S-1 1/29/98 10.20 10.21 Loan Agreement, dated January 30, 1997, between the Registrant and Venture Lending & Leasing, Inc. S-1 1/29/98 10.21 10.22 Security Agreement, dated January 30, 1997, between the Registrant and Venture Lending & Leasing, Inc. S-1 1/29/98 10.22 10.23 VeriSign Private Label Agreement, dated April 2, 1996, between the Registrant and VISA International Service Association S-1 1/29/98 10.23 10.24 VeriSign Private Label Agreement dated October 3, 1996, between the Registrant and VISA International Service Association S-1 1/29/98 10.24 10.25 Lease Agreement, dated August 15, 1996, between the Registrant and Shoreline Investments VII S-1 1/29/98 10.25 10.26 Lease Agreement, dated September 18, 1996, between the Registrant and Shore line Investments VII S-1 1/29/98 10.26 10.27 Sublease Agreement, dated September 5, 1996, between the Registrant and Security Dynamics Technologies, Inc. S-1 1/29/98 10.27 10.28 Employment Offer Letter Agreement, between the Registrant and Stratton Sclavos, dated June 12, 1995, as amended October 4, 1995 S-1 1/29/98 10.28 38

Incorporated by Reference Exhibit ------------------ Filed Number Exhibit Description Form Date Number Herewith ------- ---------------------------------------- ---- ------ ------ -------- 10.29 Employment and NonCompetition Agreement between SecureIT and Jagtar Chaudhry S-1 1/5/99 10.29 10.30 Amendment Number One to Master Development and License Agreement dated as of December 31, 1998 between the Registrant and Security Dynamics Technologies, Inc. S-1 1/5/99 10.30 10.31 Amendment Number Two to BSAFE/TIPEM OEM Master License Agreement dated as of December 31, 1998 between the Registrant and RSA Data Security, Inc. S-1 1/5/99 10.31 10.32 Sublease dated as of September 25, 1998 between the Registrant and Silicon Graphics, Inc. S-1 1/5/99 10.32 21.01 Subsidiaries of the Registrant X 23.01 Consent of KPMG LLP X 27.01 Financial Data Schedule (in EDGAR version only) X - -------- * Confidential treatment was received with respect to certain portions of this agreement. Such portions were omitted and filed separately with the Securities and Exchange Commission. (b) Reports on Form 8-K No reports on Form 8-K were filed in the quarter ended December 31, 1998. 39

SIGNATURES Pursuant to the requirements of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized, in the City of Mountain View, State of California, on the 19th day of February, 1999. VERISIGN, INC. By /s/ Stratton D. Sclavos --------------------------------- Stratton D. Sclavos, President and Chief Executive Officer KNOW ALL PERSONS BY THESE PRESENTS that each individual whose signature appears below constitutes and appoints Stratton D. Sclavos, Dana L. Evan and Timothy Tomlinson, and each of them, his or her true lawful attorneys-in-fact and agents, with full power of substitution, for him or her and in his or her name, place and stead, in any and all capacities, to sign any and all amendments to this Annual Report on Form 10-K and to file the same, with all exhibits thereto and all documents in connection therewith, with the Securities and Exchange Commission, granted unto said attorneys-in-fact and agents, and each of them, full power and authority to do and perform each and every act and thing requisite and necessary to be done in and about the premises, as fully to all intends and purposes as he or she might or could do in person, hereby ratifying and confirming all that said attorneys-in-fact and agents or any of them, or his, her or their substitute or substitutes, may lawfully do or cause to be done by virtue hereof. In accordance with the requirements of the Securities Exchange Act of 1934, this report has been signed by the following persons on behalf of the registrant and in the capacities indicated on the 19th day of February, 1999. Signature Title --------- ----- /s/ Stratton D. Sclavos President, Chief Executive Officer and Director ____________________________________ Stratton D. Sclavos /s/ Dana L. Evan Vice President of Finance and Administration and Chief ____________________________________ Financial Officer Dana L. Evan /s/ D. James Bidzos Chairman of the Board ____________________________________ D. James Bidzos /s/ William Chenevich Director ____________________________________ William Chenevich /s/ Kevin R. Compton Director ____________________________________ Kevin R. Compton /s/ David J. Cowan Director ____________________________________ David J. Cowan /s/ Timothy Tomlinson Director and Secretary ____________________________________ Timothy Tomlinson 40

SUMMARY OF TRADEMARKS The following trademarks and service marks of VeriSign, Inc., which may be registered in certain jurisdictions, may be referenced in this Form 10-K: Trademarks SecureITTM VeriSign Logo VeriSign is a registered trademark exclusively licensed to VeriSign, Inc. Service Marks VeriSign OnSiteSM VeriSign Trust NetworkSM WorldTrustSM All other brand or product names are trademarks or registered trademarks of their respective holders. 41

FINANCIAL STATEMENTS As required under Item 8. Financial Statements and Supplementary Data, the consolidated financial statements of the Company are provided in this separate section. The consolidated financial statements included in this section are as follows: Financial Statement Description Page ------------------------------- ---- Management's Report..................................................... 43 Independent Auditors' Report............................................ 44 Consolidated Balance Sheets............................................. 45 As of December 31, 1998 and 1997 Consolidated Statements of Operations................................... 46 For the Years Ended December 31, 1998, 1997 and 1996 Consolidated Statements of Stockholders' Equity......................... 47 For the Years Ended December 31, 1998, 1997 and 1996 Consolidated Statements of Cash Flows................................... 49 For the Years Ended December 31, 1998, 1997 and 1996 Notes to Consolidated Financial Statements.............................. 50 42

MANAGEMENT'S REPORT VeriSign's management is responsible for the preparation, integrity and objectivity of the consolidated financial statements and other financial information presented in this report. The accompanying consolidated financial statements have been prepared in conformity with generally accepted accounting principles and reflect the effects of certain estimates and judgments made by management. VeriSign's management maintains an effective system of internal control that is designed to provide reasonable assurance that assets are safeguarded and transactions are properly recorded and executed in accordance with management's authorization. The system is continuously monitored by direct management review. VeriSign selects and trains qualified people who are provided with and expected to adhere to our standards of business conduct. These standards, which set forth the highest principles of business ethics and conduct, are a key element of our control system. VeriSign's consolidated financial statements have been audited by KPMG LLP, independent auditors. Their audits were conducted in accordance with generally accepted auditing standards, and included a review of financial controls and tests of accounting records and procedures as they considered necessary in the circumstances. The Audit Committee of the Board of Directors, which consists of outside directors, meets regularly with management and the independent auditors to review accounting, reporting, auditing and internal control matters. The committee has direct and private access to both internal and external auditors. /s/ Stratton D. Sclavos /s/ Dana L. Evan - ----------------------- ------------------ Stratton D. Sclavos Dana L. Evan, President and Vice President of Finance Chief Executive Officer and Administration and Chief Financial Officer January 15, 1999 43

INDEPENDENT AUDITORS' REPORT To the Board of Directors and Stockholders of VeriSign, Inc.: We have audited the accompanying consolidated balance sheets of VeriSign, Inc. and subsidiaries as of December 31, 1998 and 1997, and the related consolidated statements of operations, stockholders' equity, and cash flows for each of the years in the three-year period ended December 31, 1998. These consolidated financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on these consolidated financial statements based on our audits. We conducted our audits in accordance with generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion. In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of VeriSign, Inc. and subsidiaries as of December 31, 1998 and 1997, and the results of their operations and their cash flows for each of the years in the three-year period ended December 31, 1998, in conformity with generally accepted accounting principles. KPMG LLP Mountain View, California January 15, 1999 44

VERISIGN, INC. AND SUBSIDIARIES CONSOLIDATED BALANCE SHEETS (In thousands, except share data) December 31, ------------------ 1998 1997 -------- -------- Assets Current assets: Cash and cash equivalents................................ $ 22,786 $ 4,942 Short-term investments................................... 18,959 7,951 Accounts receivable, net of allowance for doubtful accounts of $517 and $286, respectively................. 9,769 3,390 Prepaid expenses and other current assets................ 2,174 994 -------- -------- Total current assets................................... 53,688 17,277 Property and equipment, net................................ 9,234 8,756 Other assets, net.......................................... 1,373 871 -------- -------- $ 64,295 $ 26,904 ======== ======== Liabilities and Stockholders' Equity Current liabilities: Accounts payable......................................... $ 5,472 $ 3,504 Accrued liabilities...................................... 4,035 2,346 Deferred revenue......................................... 13,096 5,267 -------- -------- Total current liabilities.............................. 22,603 11,117 -------- -------- Minority interest in subsidiary............................ 964 2,246 -------- -------- Commitments Stockholders' equity: Preferred stock, $.001 par value; 5,000,000 shares authorized; none issued................................. -- -- Convertible preferred stock, $.001 par value; 10,282,883 shares authorized in 1997; 10,031,006 shares issued and outstanding in 1997........ -- 10 Common stock, $.001 par value; 50,000,000 and 21,592,117 shares authorized, respectively; 23,086,692 and 8,786,426 shares issued and outstanding, respectively............................................ 23 9 Additional paid-in capital............................... 92,797 45,417 Notes receivable from stockholders....................... (409) (644) Deferred compensation.................................... (276) (380) Accumulated deficit...................................... (51,407) (30,871) -------- -------- Total stockholders' equity............................. 40,728 13,541 -------- -------- $ 64,295 $ 26,904 ======== ======== See accompanying Notes to Consolidated Financial Statements. 45

VERISIGN, INC. AND SUBSIDIARIES CONSOLIDATED STATEMENTS OF OPERATIONS (In thousands, except per share data) Year Ended December 31, ---------------------------- 1998 1997 1996 -------- -------- -------- Revenues......................................... $ 38,930 $ 13,356 $ 1,356 -------- -------- -------- Costs and expenses: Cost of revenues............................... 19,454 9,689 2,791 Sales and marketing............................ 22,943 11,826 4,885 Research and development....................... 8,435 5,303 2,058 General and administrative..................... 7,688 5,039 2,681 Special charges................................ 3,555 2,800 -- -------- -------- -------- Total costs and expenses..................... 62,075 34,657 12,415 -------- -------- -------- Operating loss................................. (23,145) (21,301) (11,059) Other income (expense)........................... 2,120 1,174 (67) -------- -------- -------- Loss before minority interest.................. (21,025) (20,127) (11,126) Minority interest in net loss of subsidiary...... 1,282 1,538 838 -------- -------- -------- Net loss....................................... $(19,743) $(18,589) $(10,288) ======== ======== ======== Basic and diluted net loss per share............. $ (.95) $ (2.61) $ (2.07) ======== ======== ======== Shares used in per share computation............. 20,873 7,121 4,960 ======== ======== ======== See accompanying Notes to Consolidated Financial Statements. 46

VERISIGN, INC. AND SUBSIDIARIES CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY (In thousands, except share data) Convertible Notes Preferred Stock Common Stock Additional Receivable Total ----------------- ----------------- Paid-in from Deferred Accumulated Stockholders' Shares Amount Shares Amount Capital Stockholders Compensation Deficit Equity ---------- ------ --------- ------ ---------- ------------ ------------ ----------- ------------- Balances as of December 31, 1995... 4,306,883 $ 4 4,692,833 $ 5 $ 5,361 $ -- $ -- $ (1,994) $ 3,376 Issuance of Series B convertible preferred stock..... 2,099,123 2 -- -- 5,141 -- -- -- 5,143 Issuance of Series C convertible preferred stock..... 3,625,000 4 -- -- 28,192 -- -- -- 28,196 Exercise of common stock options....... -- -- 1,637,375 2 559 (543) -- -- 18 Issuance of common stock............... -- -- 1,529,754 1 11 -- -- -- 12 Issuance of capital stock by subsidiary to minority interest............ -- -- -- -- 2,063 -- -- -- 2,063 Net loss............. -- -- -- -- -- -- -- (10,288) (10,288) ---------- --- --------- --- ------- ----- ----- -------- -------- Balances as of December 31, 1996... 10,031,006 10 7,859,962 8 41,327 (543) -- (12,282) 28,520 Deferred compensation related to common stock options, net of amortization of $34................. -- -- -- -- 414 -- (380) -- 34 Exercise of common stock options and advance to stockholder......... -- -- 532,781 1 244 (116) -- -- 129 Issuance of common stock............... -- -- 121,808 -- 642 -- -- -- 642 Issuance of common stock for litigation settlement.......... -- -- 250,000 -- 2,000 -- -- -- 2,000 Issuance of common stock for preferred provider agreement.. -- -- 100,000 -- 800 -- -- -- 800 Repurchase of common stock............... -- -- (78,125) -- (10) 10 -- -- -- Payments on notes receivable from stockholders........ -- -- -- -- -- 5 -- -- 5 Net loss............. -- -- -- -- -- -- -- (18,589) (18,589) ---------- --- --------- --- ------- ----- ----- -------- -------- Balances as of December 31, 1997... 10,031,006 10 8,786,426 9 45,417 (644) (380) (30,871) 13,541 (Continued) See accompanying Notes to Consolidated Financial Statements. 47

VERISIGN, INC. AND SUBSIDIARIES CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY--(Continued) (In thousands, except share data) Convertible Notes Preferred Stock Common Stock Additional Receivable Total ------------------- ----------------- Paid-in from Deferred Accumulated Stockholders' Shares Amount Shares Amount Capital Stockholders Compensation Deficit Equity ----------- ------ ---------- ------ ---------- ------------ ------------ ----------- ------------- Balances as of December 31, 1997............. 10,031,006 $ 10 8,786,426 $ 9 $45,417 $(644) $(380) $(30,871) $ 13,541 Amortization of deferred compensation related to common stock options.... -- -- -- -- -- -- 104 -- 104 Compensation charge related to acceleration of performance-based stock options.... -- -- -- -- 1,176 -- -- -- 1,176 Exercise of common stock options.... -- -- 740,635 -- 1,702 -- -- -- 1,702 Issuance of common stock............ -- -- 20,400 -- 70 -- -- -- 70 Issuance of common stock for initial public offering, net of expenses of $4,561........ -- -- 3,450,000 4 43,739 -- -- -- 43,743 Issuance of common stock under employee stock purchase plan.... -- -- 58,225 -- 693 -- -- -- 693 Conversion of preferred stock to common stock.. (10,031,006) (10) 10,031,006 10 -- -- -- -- -- Subchapter S distributions of SecureIT, Inc.... -- -- -- -- -- -- -- (793) (793) Payments on notes receivable from stockholders..... -- -- -- -- -- 235 -- -- 235 Net loss.......... -- -- -- -- -- -- -- (19,743) (19,743) ----------- ---- ---------- --- ------- ----- ----- -------- -------- Balances as of December 31, 1998............. -- $-- 23,086,692 $23 $92,797 $(409) $(276) $(51,407) $ 40,728 =========== ==== ========== === ======= ===== ===== ======== ======== See accompanying Notes to Consolidated Financial Statements. 48

VERISIGN, INC. AND SUBSIDIARIES CONSOLIDATED STATEMENTS OF CASH FLOWS (In thousands) Year Ended December 31, ---------------------------- 1998 1997 1996 -------- -------- -------- Cash flows from operating activities: Net loss....................................... $(19,743) $(18,589) $(10,288) Adjustments to reconcile net loss to net cash provided by operating activities: Special charges.............................. -- 2,800 -- Depreciation and amortization................ 3,946 2,621 559 Minority interest in net loss of subsidiary.. (1,282) (1,538) (838) Stock-based compensation..................... 1,280 34 -- Loss on disposal of property and equipment... 42 63 -- Changes in operating assets and liabilities: Accounts receivable........................ (6,379) (2,628) (567) Prepaid expenses and other current assets.. (1,180) (208) (708) Accounts payable........................... 1,968 1,036 2,054 Accrued liabilities........................ 1,689 250 1,880 Deferred revenue........................... 7,829 3,323 1,898 -------- -------- -------- Net cash used in operating activities.... (11,830) (12,836) (6,010) -------- -------- -------- Cash flows from investing activities: Purchases of short-term investments............ (63,383) (11,209) -- Maturities and sales of short-term investments. 52,375 3,258 -- Purchases of property and equipment............ (4,413) (6,823) (4,168) Other assets................................... (555) (505) (281) -------- -------- -------- Net cash used for investing activities... (15,976) (15,279) (4,449) -------- -------- -------- Cash flows from financing activities: Proceeds from bank borrowings.................. -- 2,420 258 Repayment of bank borrowings................... -- (2,678) -- Proceeds from issuance of convertible preferred stock......................................... -- -- 33,339 Proceeds from issuance of common stock, net of repurchases................................... 46,208 771 30 Collections on notes receivable from stockholders.................................. 235 5 -- Subchapter S distributions by SecureIT, Inc.... (793) -- -- Issuance of capital stock by subsidiary to minority interest............................. -- 2,533 4,151 -------- -------- -------- Net cash provided by financing activities........ 45,650 3,051 37,778 -------- -------- -------- Net increase (decrease) in cash and cash equivalents..................................... 17,844 (25,064) 27,319 Cash and cash equivalents at beginning of year... 4,942 30,006 2,687 -------- -------- -------- Cash and cash equivalents at end of year......... $ 22,786 $ 4,942 $ 30,006 ======== ======== ======== Noncash investing and financing activities: Issuance of notes receivable collateralized by common stock.................................. $ -- $ 116 $ 543 ======== ======== ======== See accompanying Notes to Consolidated Financial Statements. 49

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS December 31, 1998, 1997 and 1996 (1) Description of Business and Summary of Significant Accounting Policies VeriSign, Inc. (the "Company") was incorporated in Delaware in April 1995 when RSA Data Security, Inc. ("RSA") contributed equipment, other assets and technology for common stock. This transfer of nonmonetary assets was recorded at the founder's historical cost basis. The Company provides Internet-based trust services needed by websites, enterprises and individuals to conduct trusted and secure electronic commerce and communications over the Internet, intranets and extranets ("IP Networks"). The Company provides both public and private certificate authority services to organizations needing digital certificates for website authentication, intranet and extranet access control, electronic commerce services and virtual private network connections. Consolidation The accompanying consolidated financial statements include the accounts of the Company and its subsidiaries after elimination of intercompany accounts and transactions. As of December 31, 1998, the Company owned approximately 50.5% of the outstanding shares of capital stock of its subsidiary, VeriSign Japan K.K. The Company accounts for changes in its proportionate share of the net assets of VeriSign Japan resulting from sales of capital stock by the subsidiary as equity transactions. Foreign Currency Translation The functional currency for the Company's international subsidiaries is the U.S. dollar; however, the subsidiaries books of record are maintained in local currency. As a result, the subsidiaries' financial statements are remeasured into U.S. dollars using a combination of current and historical exchange rates and any transaction gains and losses are included in net loss. Cash, Cash Equivalents and Short-Term Investments The Company considers all highly liquid investments with maturities of three months or less at the date of acquisition to be cash equivalents. Cash and cash equivalents include money market funds, commercial paper, market auction securities and various deposit accounts. Investments held by the Company are classified as "available-for-sale" and are carried at fair value based on quoted market prices. Such investments consist of commercial paper, medium term notes and corporate bonds and notes with original maturities beyond 3 months and less than 12 months. Unrealized gains and losses as of December 31, 1998 and 1997 and realized gains and losses for the periods presented were not material. Property and Equipment Property and equipment are stated at cost less accumulated depreciation. Depreciation is calculated using the straight-line method over the estimated useful lives of the assets, generally three to five years. Revenue Recognition Revenues from the sale or renewal of digital certificates are deferred and recognized ratably over the life of the digital certificate, generally 12 months. Revenues from the sale of digital certificate software modules to distributors and affiliates are recognized upon delivery of the software and signing of an agreement, provided the fee is fixed and determinable, collectibility is probable and the arrangement does not require significant 50

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 production, modification or customization of the software. Revenues from consulting and training services are recognized using the percentage-of- completion method, based on the ratio of costs incurred to total estimated costs for fixed-fee development arrangements or as the services are provided for time-and-materials arrangements. Revenues are recognized ratably over the term of the agreement for support and maintenance services. To the extent costs incurred and anticipated costs to complete fixed-fee contracts in progress exceed anticipated billings, a loss is accrued for the excess. To date, the Company has not experienced such losses. Deferred revenue principally consists of payments for unexpired digital certificates. For software transactions entered into after January 1, 1998, the Company adopted the American Institute of Certified Public Accountants' ("AICPA") Statement of Position ("SOP") No. 97-2, "Software Revenue Recognition." SOP No. 97-2 generally requires revenue earned on software arrangements involving multiple elements to be allocated to each element based on its relative fair value. The fair value of the element must be based on objective evidence that is specific to the vendor. If a vendor does not have objective evidence of the fair value of all elements in a multiple-element arrangement, all revenue from the arrangement must be deferred until such evidence exists or until all elements have been delivered. The adoption of SOP No. 97-2 did not have a material effect on the Company's operating results. Research and Development Costs Research and development costs are expensed as incurred. Costs incurred subsequent to establishing technological feasibility, in the form of a working model, are capitalized and amortized over their estimated useful lives. To date, software development costs incurred after technological feasibility has been established have not been material. Income Taxes The Company uses the asset and liability method to account for income taxes. Deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the financial statement carrying amounts of existing assets and liabilities and their respective tax bases. Deferred tax assets and liabilities are measured using enacted tax rates expected to apply to taxable income in the years in which those temporary differences are expected to be recovered or settled. The effect on deferred tax assets and liabilities of a change in tax rates is recognized in income in the period that includes the enactment date. A valuation allowance is recorded for deferred tax assets whose realization is not sufficiently likely. Stock-Based Compensation The Company accounts for its equity-based compensation plan using the intrinsic value method. Net Loss Per Share Basic and diluted net loss per share has been computed using the weighted- average number of common shares outstanding during the period. The Company has excluded all convertible preferred stock and outstanding stock options from the calculation of diluted net loss per share because such securities would have been anti-dilutive for all periods presented. For the years ended December 31, 1997 and 1996, 10,031,006 shares of convertible preferred stock were excluded from the calculation of diluted net loss per share. There were no shares of convertible preferred stock outstanding at December 31, 1998. For the years ended December 31, 1998, 1997 and 1996, 4,129,092 shares, 2,592,789 shares and 1,608,075 shares, respectively, related to outstanding stock options were excluded from the calculation of diluted net loss per share. 51

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 Other Comprehensive Income (Loss) The Company has no material components of other comprehensive income (loss). Concentration of Credit Risk, Related Party Transactions and Significant Customers Financial instruments that potentially subject the Company to significant concentrations of credit risk consist principally of cash, cash equivalents, short-term investments and accounts receivable. The Company maintains its cash, cash equivalents and short-term investments with high quality financial institutions and, as part of its cash management process, performs periodic evaluations of the relative credit standing of these financial institutions. The Company also performs ongoing credit evaluations of its customers and, generally, requires no collateral from its customers. The Company maintains an allowance for potential credit losses, but to date has not experienced significant write-offs. For the years ended December 31, 1998, 1997 and 1996, the Company added approximately $590,000, $387,000 and $22,000, respectively, to its allowance for doubtful accounts through charges to bad debt expense. Write-offs of uncollectible amounts totaled $359,000, $136,000 and $17,000 in these periods, respectively. The Company provided services to VISA International Services Association ("VISA"), a 3% stockholder of the Company at December 31, 1998, under an agreement that included development and ongoing operations of a digital certificate system for VISA's member banks. VISA accounted for approximately 4%, 10% and 21% of the Company's revenues for the years ended December 31, 1998, 1997 and 1996, respectively, and less than 1% and 7% of accounts receivable as of December 31, 1998 and 1997, respectively. The Company entered into a development agreement in September 1997 with Security Dynamics Technologies, Inc. ("Security Dynamics"), the parent company of RSA, a 16% stockholder of the Company at December 31, 1998, to develop a customized certificate authority product in order to enable Security Dynamics to offer a product with encryption and digital certificate authority functionality. In December 1998, the Company and Security Dynamics amended the development agreement to grant Security Dynamics an exclusive license to incorporate the developed technology into original equipment manufacturers' ("OEM") products in order to create products incorporating the technology and to sublicense the technology to licensees of the OEMs. The development agreement provides that Security Dynamics pay the Company an aggregate of $2.7 million as an initial license fee, $900,000 of which was paid in October 1997, $1.4 million of which was paid during 1998 and the remainder of which is payable upon the achievement of certain milestones. At the time of the execution of the amendment in December 1998, Security Dynamics paid the Company $500,000. Once Security Dynamics has received net revenues of $2.8 million from OEMs, it will pay the Company a royalty equal to the greater of 18% of net revenues from the sale to OEMs or 18% of 60% of the current list price for the product. Security Dynamics will not be obligated to pay any royalties to the Company with respect to sales to value-added resellers. In order for Security Dynamics to maintain its exclusivity rights, it must make certain minimum aggregate annual payments to the Company, which are payable on a quarterly basis. In addition, the Company will be obligated to pay Security Dynamics an amount equal to 8% of net revenue recognized the Company during a VeriSign OnSite customers' first year using VeriSign OnSite if the customer had previously purchase products from Security Dynamics that incorporate the developed technology. Beginning in March 1998, Security Dynamics is required to pay the Company a monthly product support fee for a three-year period and thereafter for successive annual terms. For a yearly fee, Security Dynamics can 52

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 purchase product maintenance services. During 1998 Security Dynamics paid both support and maintenance fees aggregating $105,000. Revenue from the development agreement accounted for approximately 6% and 4% of the Company's revenues for the years ended December 31, 1998 and 1997, respectively. At December 31, 1998, the Company had one customer, a South African systems integrator, that accounted for 18% of accounts receivable. The Company had no other customers that accounted for more than 10% of accounts receivable or more than 10% of revenues for any of the dates or years presented. Impairment of Long-Lived Assets The Company reviews property and equipment for impairment whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable. Recoverability of property and equipment is measured by comparison of its carrying amount to future net cash flows the property and equipment are expected to generate. If such assets are considered to be impaired, the impairment to be recognized is measured by the amount by which the carrying amount of the property and equipment exceeds its fair market value. To date, no adjustments to the carrying value of the Company's long- lived assets have been required. Use of Estimates The preparation of consolidated financial statements in conformity with generally accepted accounting principles requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the consolidated financial statements and reported amounts of revenues and expenses during the reporting period. Actual results could differ from those estimates. Recent Accounting Pronouncements In March 1998, the American Institute of Certified Public Accountants ("AICPA") issued Statement of Position ("SOP") No. 98-1, "Accounting for the Costs of Computer Software Developed or Obtained for Internal Use." SOP No. 98- 1 requires that entities capitalize certain costs related to internal-use software once certain criteria have been met. The Company expects that the adoption of SOP No. 98-1 will have no material impact on its financial position, results of operations or cash flows. The Company will be required to implement SOP No. 98-1 for the year ending December 31, 1999. In April 1998, the AICPA issued SOP No. 98-5, "Reporting on the Costs of Start-Up Activities." SOP No. 98-5 requires that all start-up costs related to new operations must be expenses as incurred. In addition, all start-up costs that were capitalized in the past must be written off when SOP No. 98-5 is adopted. The Company expects that the adoption of SOP No. 98-5 will have no material impact on its financial position, results of operations or cash flows. The Company will be required to implement SOP No. 98-5 for the year ending December 31, 1999. In June 1998 the Financial Accounting Standards Board issued Statement of Financial Accounting Standards ("SFAS") No. 133, "Accounting for Derivative Instruments and Hedging Activities." SFAS No. 133 established methods of accounting for derivative financial instruments and hedging activities related to those instruments as well as other hedging activities. Because the Company currently holds no derivative 53

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 instruments and does not engage in hedging activities, the Company expects that the adoption of SFAS No. 133 will have no material impact on its financial position, results of operations or cash flows. The Company will be required to implement SFAS No. 133 for the year ending December 31, 2000. In December 1998, the AICPA issued SOP No. 98-9, "Modification of SOP 97-2, Software Revenue Recognition, with Respect to Certain Transactions." SOP No. 98-9 requires recognition of revenue using the "residual method" in a multiple- element software arrangement when fair value does not exist for one or more of the delivered elements in the arrangement. Under the "residual method," the total fair value of the undelivered elements is deferred and recognized in accordance with SOP No. 97-2. The Company will be required to implement SOP No. 98-9 for the year ending December 31, 2000. SOP No. 98-9 also extends the deferral of the application of SOP No. 97-2 to certain other multiple-element software arrangements through the Company's year ending December 31, 1999. The Company is evaluating the provisions of SOP No. 98-9 and has not yet determined what impact, if any, SOP No. 98-9 will have on its financial position, results of operations or cash flows. (2) Business Combination In July 1998, VeriSign completed a merger with SecureIT, Inc. ("SecureIT") (hereafter collectively referred to as the "Company"). SecureIT is a provider of Internet and enterprise security solutions comprising a full range of products and services to assist clients with assessing, designing and implementing security solutions. The merger was effected by exchanging approximately 1,666,000 shares of VeriSign common stock for all of the outstanding common stock of SecureIT. Each share of SecureIT was exchanged for 0.164806 of one share of VeriSign common stock. In addition, outstanding SecureIT employee stock options were converted at the same exchange ratio into options to purchase approximately 190,000 shares of VeriSign common stock. The merger constituted a tax-free reorganization and has been accounted for as a pooling-of-interests. Accordingly, all prior period financial statements have been restated to include the combined results of operations, financial position and cash flows of SecureIT as if it had always been a part of VeriSign. There were no intercompany transactions between VeriSign and SecureIT prior to the combination that required elimination and there were no material adjustments required to conform SecureIT's accounting policies to those of VeriSign. The Company incurred direct costs and other related merger costs of approximately $3.6 million in connection with the acquisition (see Note 11). The results of operations previously reported by the separate companies and the combined amounts presented in the consolidated financial statements are summarized below. Year Ended December 31, Six Months Ended ------------------------ June 30, 1998 1997 1996 ---------------- ----------- ----------- (In thousands) Revenues: VeriSign, Inc................... $ 9,303 $ 9,382 $ 1,351 SecureIT, Inc................... 5,911 3,974 5 -------- ----------- ----------- Combined...................... $ 15,214 $ 13,356 $ 1,356 ======== =========== =========== Net income/(loss): VeriSign, Inc................... $(10,092) $ (19,195) $ (10,243) SecureIT, Inc................... 600 606 (45) -------- ----------- ----------- Combined...................... $ (9,492) $ (18,589) $ (10,288) ======== =========== =========== 54

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 (3) Cash, Cash Equivalents and Short-Term Investments Available-for-sale securities included in cash, cash equivalents and short- term investments are as follows: December 31, -------------- 1998 1997 ------- ------ (In thousands) Commercial paper............................................. $21,451 $1,060 Corporate bonds and notes.................................... 5,031 3,244 Money market funds........................................... 4,600 4,300 Medium term notes............................................ 4,049 -- Market auction securities.................................... 3,000 -- U.S. government and agency securities........................ -- 1,000 ------- ------ $38,131 $9,604 ======= ====== Included in cash and cash equivalents........................ $19,172 $1,653 ======= ====== Included in short-term investments........................... $18,959 $7,951 ======= ====== (4) Property and Equipment Property and equipment are as follows: December 31, --------------- 1998 1997 ------- ------- (In thousands) Computer equipment and purchased software................... $11,402 $ 8,107 Office equipment, furniture and fixtures.................... 1,774 1,444 Leasehold improvements...................................... 3,136 2,425 ------- ------- 16,312 11,976 Less accumulated depreciation and amortization.............. 7,078 3,220 ------- ------- $ 9,234 $ 8,756 ======= ======= (5) Accrued Liabilities Accrued liabilities are as follows: December 31, --------------- 1998 1997 ------- ------- (In thousands) Employee compensation........................................ $ 2,255 $ 1,443 Professional fees............................................ 288 95 Other........................................................ 1,492 808 ------- ------- $ 4,035 $ 2,346 ======= ======= (6) Notes Payable In January 1997, the Company entered into an agreement for a non-revolving equipment line of credit with a financing company that provides up to $3,000,000, bears interest at 7.50% per annum and expires in March 1999. The line of credit is secured by the Company's fixed assets. The Company is obligated to grant a warrant 55

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 to purchase up to 17,500 shares of common stock at $8.00 per share in the event the Company borrows funds under the equipment line of credit. In addition, the Company is prohibited from paying cash dividends on its capital stock under the terms of this arrangement. There were no borrowings under this arrangement as of December 31, 1998. (7) Stockholders' Equity Initial Public Offering On January 30, 1998, the Company completed its initial public offering ("IPO") by issuing 3,450,000 shares of its common stock (including 450,000 shares issued upon the exercise of the underwriters' over-allotment option) at an initial public offering price of $14 per share. The net proceeds to the Company from the offering, after deducting underwriting discounts and commissions and offering expenses incurred by the Company, were approximately $43.7 million. Concurrently with the IPO, each outstanding share of the Company's convertible preferred stock was automatically converted into one share of common stock. Preferred Stock The Company is authorized to issue up to 5,000,000 shares of preferred stock. As of December 31, 1998, no shares of preferred stock had been issued. Notes Receivable From Stockholders In November 1996, the Company loaned several officers an aggregate of $543,000, due December 31, 2005, bearing interest at a rate per annum of 6.95%, payable quarterly. In August 1997, the Company loaned an officer an aggregate of $116,000, due December 31, 2006, bearing interest at a rate per annum of 6.87%, payable quarterly. The loans are full recourse, are collateralized by pledges of shares of common stock of the Company that were purchased and may be prepaid in part or in full without notice or penalty. (8) Stock Compensation Plans Stock Option Plans As of December 31, 1998, a total of 7,278,809 shares of common stock were reserved for issuance under the Company's equity incentive plans (the "Plans"), including 4,145,000 shares authorized under the 1995 Stock Option Plan, 800,000 shares authorized under the 1997 Stock Option Plan, an additional 2,000,000 shares authorized under the 1998 Equity Incentive Plan, 125,000 shares authorized under the 1998 Directors Plan and 208,809 shares authorized under SecureIT's 1997 Stock Option Plan. Concurrent with the Company's IPO, the 1995 Stock Option Plan and the 1997 Stock Option Plan (the "1995 and 1997 Plans") were terminated. Options to purchase common stock granted under the 1995 and 1997 Plans remain outstanding and subject to the vesting and exercise terms of the original grant. All shares that remained available for future issuance under the 1995 and 1997 Plans at the time of their termination were transferred to the 1998 Equity Incentive Plan. No further options can be granted under the 1995 and 1997 Plans. Options granted under the 1995 and 1997 Plans are subject to terms substantially similar to those described below with respect to options granted under the 1998 Equity Incentive Plan. In October 1997 the Board of Directors (the "Board") adopted, and in January 1998 the stockholders approved, the 1998 Equity Incentive Plan (the "1998 Plan"). The 1998 Plan authorizes the award of options, 56

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 restricted stock awards and stock bonuses. As of December 31, 1998, no restricted stock awards or stock bonus awards have been made under the 1998 Plan. Convertible Preferred Stock In April 1995, the Company issued 4,306,883 shares of Series A convertible preferred stock to previously unrelated third parties, except for 425,000 shares issued to Security Dynamics. In February 1996, the Company issued 2,099,123 shares of Series B convertible preferred stock. A majority of the shares were issued to a previously unrelated third party venture capitalist and the remainder were issued to existing investors, including Security Dynamics and VISA. In November and December 1996, the Company issued 3,625,000 shares of Series C convertible preferred stock to previously unrelated third parties. As of December 31, 1997, convertible preferred stock consisted of the following: Shares Shares Issued and Liquidation Series Authorized Outstanding Preference ------ ---------- ----------- ----------- A....................................... 4,306,883 4,306,883 $ 5,168,260 B....................................... 2,101,000 2,099,123 $ 5,037,895 C....................................... 3,875,000 3,625,000 $29,000,000 ---------- ---------- ----------- 10,282,883 10,031,006 $39,206,155 ========== ========== =========== The rights preferences and privileges of the holders of convertible preferred stock were as follows: . The holders of Series A, B and C preferred stock were entitled to noncumulative dividends, if and when declared by the Board of Directors, of $.10, $.20 and $.64 per share, respectively. . Shares of preferred stock were convertible to common stock at any time at the rate of one share of common stock for each share of convertible preferred stock. The convertible preferred stock automatically converted to common stock upon the closing of the IPO. . The holders of convertible preferred stock were protected by certain antidilutive provisions. . The shares of Series A, B and C convertible preferred stock had a liquidation preference of $1.20, $2.40 and $8.00 per share, respectively, plus any declared and unpaid dividends. . The convertible preferred stock generally voted equally with shares of common stock on an "as if converted" basis. No dividends have been declared or paid on the convertible preferred stock or common stock since inception of the Company. SecureIT paid Subchapter S distributions of $793,000 to its stockholders for minimum tax obligations during the year ended December 31, 1998. Options may be granted at an exercise price not less than 100% of the fair market value of the Company's common stock on the date of grant for incentive stock options and 85% of such fair market value for nonqualified stock options. All options are granted at the discretion of the Company's Board and have a term not greater than 7 years from the date of grant. Options issued generally vest 25% on the first anniversary date and ratably over the following 12 quarters. At December 31, 1998, 268,221 shares remain available for future awards under the 1998 Plan. In October 1997 the Board adopted, and in January 1998 the stockholders approved the 1998 Directors Stock Option Plan (the "Directors Plan"). Members of the Board who are not employees of the Company, or 57

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 any parent, subsidiary or affiliate of the Company, are eligible to participate in the Directors Plan. The option grants under the Directors Plan are automatic and nondiscretionary, and the exercise price of the options is 100% of the fair market value of the common stock on the date of the grant. Each eligible director who becomes a director on or after January 28, 1998 will initially be granted an option to purchase 15,000 shares on the date such director first becomes a director (the "Initial Grant"). On each anniversary of a director's Initial Grant or most recent grant if such director was ineligible to receive an Initial Grant, each eligible director will automatically be granted an additional option to purchase 7,500 shares of common stock if the director has served continuously as a director since the date of his Initial Grant or most recent grant. The term of the options under the Directors Plan is ten years and options vest as to 6.25% of the shares each quarter after the date of the grant, provided the optionee remains a director of the Company. At December 31, 1998, 87,500 shares remain available for future grant under the Directors Plan. In connection with the acquisition of SecureIT, the Company assumed SecureIT's 1997 Stock Option Plan (the "SecureIT Plan"). The SecureIT Plan provided for the grant of both fixed and performance-based stock options. Options granted under the SecureIT Plan generally have a term of seven years and vest over a four-year period, 25% on each anniversary of the grant date. No further options can be granted under the SecureIT Plan. A summary of stock option activity under the Plans follows: Year Ended December 31, ------------------------------------------------------------ 1998 1997 1996 ------------------- ------------------- -------------------- Weighted Weighted Weighted Average Average Average Exercise Exercise Exercise Shares Price Shares Price Shares Price --------- -------- --------- -------- ---------- -------- Outstanding at beginning of year................ 2,592,789 $ 3.00 1,608,075 $ .80 1,274,750 $.12 Granted................. 2,433,756 30.76 1,601,652 4.23 2,022,700 .83 Exercised............... (740,637) 2.30 (532,781) .46 (1,637,375) .34 Canceled................ (156,816) 11.36 (84,157) .93 (52,000) .13 --------- --------- ---------- Outstanding at end of year................... 4,129,092 19.17 2,592,789 3.00 1,608,075 .80 ========= ========= ========== Exercisable at end of year................... 418,465 3.26 258,088 .80 152,167 .12 ========= ========= ========== Weighted average fair value of options granted during the year................... 16.02 1.03 .17 58

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 The following table summarizes information about stock options outstanding as of December 31, 1998: Weighted- Average Weighted- Weighted- Remaining Average Average Shares Contractual Exercise Shares Exercise Range of Exercise Prices Outstanding Life Price Exercisable Price ------------------------ ----------- ----------- --------- ----------- --------- $ .01 - $ .75 *....... 558,201 4.61 years $ .57 176,342 $ .47 $ 1.50 - $ 2.25 *....... 473,403 5.27 years 2.13 91,333 2.12 $ 4.00 - $ 6.00 *....... 445,700 5.76 years 5.64 64,356 5.66 $ 6.07 - $12.14 *....... 476,955 5.83 years 8.14 84,089 7.49 $25.75 - $29.13......... 1,077,935 6.63 years 27.54 -- -- $30.00 - $39.25......... 720,798 6.91 years 32.29 2,345 39.25 $42.38 - $51.13......... 376,100 6.86 years 49.29 -- -- --------- ------- $ .01 - $51.13......... 4,129,092 6.09 years 19.17 418,465 3.26 ========= ======= - -------- * Options in these price ranges were granted by the Company prior to its IPO and by SecureIT prior to its acquisition by the Company. 1998 Employee Stock Purchase Plan In December 1997, the Board adopted, and in January 1998, the stockholders approved, the 1998 Employee Stock Purchase Plan ("Purchase Plan"), for which 500,000 shares of the Company's common stock have been reserved. Eligible employees may purchase the Company's common stock through payroll deductions by electing to have between 2% and 10% of their compensation withheld. Each participant is granted an option to purchase the Company's common stock on the first day of each 24 month offering period and such option is automatically exercised on the last day of each six month purchase period during the offering period. The purchase price for the Company's common stock under the Purchase Plan is 85% of the lesser of the fair market value of the Company's common stock on the first day of the applicable offering period and the last day of the applicable purchase period. The first offering period began on January 30, 1998. Offering periods thereafter will begin on February 1 and August 1 of each year. In 1998, 58,225 shares of common stock were issued under the Purchase Plan and 441,775 shares remain available for future issuance. For the year ended December 31, 1998, the weighted-average fair value of the options granted under the Purchase Plan was $7.18. Pro Forma Information The Company applies the intrinsic value method in accounting for its equity- based compensation plan. Had compensation cost for the Company's equity-based compensation plans been determined consistent with the fair value approach set forth in SFAS No. 123, "Accounting for Stock-Based Compensation," the Company's net loss would have been as follows: Year Ended December 31, ------------------------------- 1998 1997 1996 --------- --------- --------- (In thousands, except per share data) Net loss as reported....................... $ (19,743) $ (18,589) $ (10,288) Pro forma net loss under SFAS No. 123...... (24,117) (18,904) (10,332) Basic and diluted net loss per share as reported.................................. (.95) (2.61) (2.07) Pro forma basic and diluted net loss per share under SFAS No. 123................................... (1.16) (2.65) (2.08) 59

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 The fair value of stock options and Purchase Plan options granted subsequent to the Company's IPO on January 30, 1998 was estimated on the date of grant using the Black-Scholes model. The fair value of stock options granted prior to the Company's IPO and for stock options granted by SecureIT prior to its acquisition was estimated on the date of grant using the minimum value method. The following table sets forth the weighted-average assumptions used to calculate the fair value of the stock options and Purchase Plan options for each period presented. Year Ended December 31, ------------------------------- 1998 1997 1996 ----------- --------- --------- Stock options: Volatility................................. 70%* 0% 0% Risk-free interest rate.................... 4.95% 6.14% 6.21% Expected life.............................. 3.5 years 5 years 5 years Dividend yield............................. zero zero zero Purchase Plan options: Volatility................................. 70% -- -- Risk-free interest rate.................... 5.35% -- -- Expected life.............................. 1.25 years -- -- Dividend yield............................. zero -- -- * Volatility was zero under the minimum value method for grants prior to January 30, 1998 and for all grants made by SecureIT prior to its acquisition by VeriSign. The provisions of SFAS No. 123 are effective for options granted beginning January 1, 1996. Options vest over several years and new options are generally granted each year. Because of these factors, the pro forma effect shown above may not be representative of the pro forma effect of SFAS No. 123 in future years. (9) Income Taxes The tax effects of temporary differences that give rise to significant portions of the Company's deferred tax assets are as follows: December 31, ------------------ 1998 1997 -------- -------- (In thousands) Deferred tax assets: Net operating loss carryforwards and deferred start-up costs................................................ $ 22,188 $ 11,579 Tax credit carryforwards.............................. 1,521 839 Property and equipment................................ 1,135 36 Other................................................. 1,331 471 -------- -------- 26,175 12,925 Valuation allowance..................................... (26,175) (12,925) -------- -------- Net deferred tax assets................................. $ -- $ -- ======== ======== 60

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 Management has established a valuation allowance equal to 100% of the net deferred tax assets because the realization of the deferred tax assets is uncertain. The total valuation allowance increased $13,250,000 and $8,570,000 in the years ended December 31, 1998 and 1997, respectively. Gross deferred tax assets as of December 31, 1998 include approximately $6,386,000 relating to the exercise of stock options, which will be credited to equity when realized. As of December 31, 1998, the Company has available net operating loss carryforwards for federal and California income tax purposes of approximately $52,250,000 and $46,522,000, respectively. The federal net operating loss carryforwards will expire, if not utilized, in 2010 through 2018. The California net operating loss carryforwards will expire, if not utilized, in 2003. As of December 31, 1998, the Company has available for carryover research and experimental tax credits for federal and California income tax purposes of approximately $851,000 and $490,000, respectively. The federal research and experimental tax credits will expire, if not utilized, in 2010 through 2014. California research and experimental tax credits carry forward indefinitely until utilized. The Company also has federal foreign tax credits of approximately $180,000, which expire, if not utilized, in 2001 through 2002. To date, foreign income taxes have not been significant. The Tax Reform Act of 1986 imposed substantial restrictions on the utilization of net operating losses and tax credits in the event of an "ownership change" of a corporation. Accordingly, the Company's ability to utilize net operating loss and credit carryforwards may be limited as a result of such an "ownership change" as defined in the Internal Revenue Code. (10) Commitments Leases The Company leases its facilities under operating leases that extend through 2005. Future minimum lease payments under the Company's noncancelable operating leases as of December 31, 1998, are as follows: (In thousands) 1999........................................................ $ 4,032 2000........................................................ 3,968 2001........................................................ 3,553 2002........................................................ 2,119 2003........................................................ 2,047 Thereafter.................................................. 3,113 ------- Total minimum lease payments................................ $18,832 ======= Net rental expense under operating leases for the years ended December 31, 1998, 1997 and 1996, was $1,936,000, $1,722,000 and $621,000, respectively. (11) Special Charges Merger-related expenses In connection with the acquisition of SecureIT in July 1998 (see Note 2), the Company recorded a special charge of $3.6 million for direct and other merger- related costs pertaining to the merger transaction and certain 61

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 stock-based compensation charges. Merger transaction costs totaled $2.4 million and consisted primarily of fees for investment bankers, attorneys and accountants, filing fees and other related charges. The stock-based compensation charges of $1.2 million related to certain performance stock options held by SecureIT employees, the vesting of which either automatically accelerated upon change of control or were accelerated by VeriSign's Board of Directors subsequent to the merger. VeriFone In September 1996, VeriFone, Inc., which subsequently became a wholly-owned subsidiary of Hewlett-Packard Company, filed a lawsuit against the Company alleging, among other things, trademark infringement. In November 1997, both parties executed a definitive agreement under which, among other things, the Company issued an aggregate of 250,000 shares of common stock, which were transferred to Hewlett-Packard, and the Company and VeriFone settled such claims. The settlement amount was recorded during the year ended December 31, 1997 as a $2.0 million charge to operations. Microsoft In November 1997, the Company entered into a preferred provider agreement with Microsoft Corporation ("Microsoft") whereby the companies will develop, promote and distribute a variety of client-based and server-based digital certificate solutions and the Company will be designated as the premier provider of digital certificates for Microsoft customers. In connection with the agreement, the Company issued 100,000 shares of common stock to Microsoft resulting in an $800,000 charge to operations. (12) Segment Information The Company operates in the United States, Europe and Japan and derives substantially all of its revenues from sales of Internet-based trust services. Geographic information Year Ended December 31, ---------------------- 1998 1997 1996 ------- ------- ------ (In thousands) Revenues: United States....................................... $33,650 $12,122 $1,301 All other countries................................. 5,280 1,234 55 ------- ------- ------ Total............................................... $38,930 $13,356 $1,356 ======= ======= ====== In general, revenues are attributed to the country in which the contract originated. However, revenues from all digital certificates issued from the Mountain View, California facility are attributed to the United States because it is impracticable to determine the country of origin. December 31, ---------------------- 1998 1997 1996 ------- ------- ------ (In thousands) Long-lived assets: United States....................................... $ 8,655 $ 7,619 $4,424 All other countries................................. 1,952 2,008 559 ------- ------- ------ Total............................................... $10,607 $ 9,627 $4,983 ======= ======= ====== 62

VERISIGN, INC. AND SUBSIDIARIES NOTES TO CONSOLIDATED FINANCIAL STATEMENTS--(Continued) December 31, 1998, 1997 and 1996 Major customers The Company had one customer that accounted for 10% and 21% of consolidated revenues for the years ended December 31, 1997 and 1996, respectively (see Note 1). (13) Subsequent Event (Unaudited) In January 1999, the Company sold an additional 1,597,500 shares of its common stock to the public for net proceeds, after underwriting discounts and commissions and expenses of the offering, of approximately $121.5 million. 63

EXHIBITS As required under Item 14. Exhibits, Financial Statement Schedules and Reports on Form 8-K, the exhibits filed as part of this report are provided in this separate section. The exhibits included in this section are as follows: Exhibit Number Exhibit Description ------- ------------------- 21.1 Subsidiaries of the Registrant 23.1 Consent of Independent Auditors 27.1 Financial Data Schedule 64

EXHIBIT 21.1 VERISIGN, INC. SUBSIDIARIES OF THE REGISTRANT Subsidiary Legal Percentage of Name Jurisdiction of Incorporation Ownership ---------------- ----------------------------- ------------- VeriSign Japan K.K. Japan 50.5% SecureIT, Inc. Georgia 100% VeriSign AB Sweden 100%

EXHIBIT 23.1 VERISIGN, INC. CONSENT OF INDEPENDENT AUDITORS To the Board of Directors and Stockholders of VeriSign, Inc.: We consent to the incorporation by reference in the Registration Statements (No. 333-45237, 333-46803 and 333-58583) on Form S-8 of VeriSign, Inc. of our report dated January 15, 1999, relating to the consolidated balance sheets of VeriSign, Inc. and subsidiaries as of December 31, 1998 and 1997, and the related consolidated statements of operations, stockholders' equity, and cash flows for each of the years in the three-year period ended December 31, 1998, appearing on page 44 of this Form 10-K. /s/ KPMG LLP Mountain View, California February 17, 1999

5 THIS SCHEDULE CONTAINS SUMMARY FINANCIAL INFORMATION EXTRACTED FROM THE CONSOLIDATED BALANCE SHEET AT DECEMBER 31, 1998 AND THE CONSOLIDATED STATEMENT OF OPERATIONS FOR THE YEAR ENDED DECEMBER 31, 1998 AND IS QUALIFIED IN ITS ENTIRETY BY REFERENCE TO SUCH FINANCIAL STATEMENTS. 1,000 12-MOS DEC-31-1998 JAN-01-1998 DEC-31-1998 22,786 18,959 10,286 517 0 53,688 16,312 7,078 64,295 22,603 0 0 0 23 40,705 64,295 0 38,930 0 19,454 42,031 590 0 (19,743) 0 (19,743) 0 0 0 (19,743) (.95) (.95)