Back to GetFilings.com

Table of Contents

Index to Financial Statements

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 10-K

For the Fiscal Year Ended January 31, 2004

For the transition period from              to             

001-15715

(Commission File Number)

TIPPINGPOINT TECHNOLOGIES, INC.

(Exact name of Registrant as specified in its charter)

7501B N. Capital of Texas Highway

Austin, Texas 78731

(Address of principal executive offices)

(512) 681-8000

(Registrant’s telephone number, including area code)

Securities registered pursuant to Section 12(b) of the Act: None

Securities registered pursuant to Section 12(g) of the Act:

Common Stock, $0.01 par value

(Title of Class)

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    Yes  x    No  ¨

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K:  ¨

Indicate by check whether the registrant is an accelerated filer (as defined in Rule 12b-2 of the Act).    Yes  ¨    No  x

The aggregate market value of the registrant’s voting and non-voting common equity held by non-affiliates at July 31, 2003, based on the $7.75 per share closing price for our common stock on the Nasdaq National Market, was approximately $14,770,849.

The number of shares of the registrant’s common stock outstanding as of March 31, 2004 was 7,351,933.

DOCUMENTS INCORPORATED BY REFERENCE

Certain information from the definitive Proxy Statement for the registrant’s 2004 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission pursuant to Regulation 14A not later than May 30, 2004, is incorporated by reference into Part II and Part III of this Form 10-K.

Table of Contents

Index to Financial Statements

TABLE OF CONTENTS

i

Table of Contents

Index to Financial Statements

This report contains “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934, both as amended. All statements other than statements of historical fact are “forward-looking statements” for purposes of federal and state securities laws, including: any projections of earnings, revenues or other financial items; any statements of the plans, strategies and objectives of management for future operations; any statements concerning proposed new products, services or developments; any statements regarding future economic conditions or performance; any statements of belief; and any statements of assumptions underlying any of the foregoing. Forward-looking statements may include the words “may,” “will,” “estimate,” “intend,” “continue,” “believe,” “expect,” “plan” or “anticipate” and other similar words. Such forward-looking statements may be contained in the sections “Risk Factors,” “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and “Business,” among other places in this report. Although we believe that the expectations reflected in our forward-looking statements are reasonable, actual results could differ materially from those projected or assumed. Our future financial condition and results of operations, as well as any forward-looking statements, are subject to change and to inherent risks and uncertainties, such as those disclosed in this report. We do not intend, and undertake no obligation, to update any forward-looking statement.

PART I

ITEM 1. BUSINESS

OVERVIEW

TippingPoint Technologies, Inc., referred to in this Form 10-K as the “Company”, “TippingPoint”, “we”, “us”, and “our”, is a leading provider of network-based intrusion prevention systems that deliver in-depth Application Protection, Infrastructure Protection, and Performance Protection for corporate enterprises, government agencies, service providers and academic institutions. Our innovative approach offers customers unmatched network-based security with unrivaled economics, ultra-high performance, scalability and reliability.

In January 2002, TippingPoint announced the industry’s first Intrusion Prevention System (IPS), represented by our UnityOne line of products, the result of the development effort we initiated in 2001. In September 2002, we announced the general availability of our UnityOne product line and management system and have continued to add to the product line since that time. See The Solution section below for more information.

Our UnityOne line of intrusion prevention systems is hardware-based products utilizing high-speed, security-optimized processors and custom ASICs (Application Specific Integrated Circuits) that can operate at multi-gigabit speeds. Our hardware platform is complemented by a robust security-oriented operating system and suite of filters, signatures, and traffic analysis modules that can be dynamically updated after deployment.

Our solutions protect applications and operating systems by continually analyzing network traffic and proactively blocking application-targeting attacks, commonly referred to as viruses, worms, Trojans and denial-of-service attacks, generally before damage occurs and without compromising network operating performance.

TippingPoint’s solutions also protect infrastructure such as firewalls, servers, routers and voice over IP (VoIP) gateways by continually analyzing network traffic and proactively blocking infrastructure-targeting attacks generally before damage occurs and without compromising network operating performance.

Our solutions protect network performance by continually analyzing and deeply classifying network traffic and proactively rate shaping and limiting bandwidth utilization for applications such as peer-to-peer (P2P) file sharing, instant messaging, and others. Furthermore, our solution protects the performance of routers, switches, e-mail servers, file servers, and web servers by eliminating the load on IT assets associated with processing invalid and malicious traffic.

TippingPoint’s solutions are able to be deployed and managed using a scalable, tiered Security Management System (SMS) that is sold as a separate product. Using TippingPoint’s SMS, customers are able to implement and manage coherent, enterprise-wide security policies based on rules, thresholds, and segmentation set within the SMS. The SMS offers a rich reporting system, allowing customized reports to be generated and distributed automatically on a scheduled basis. Support for multiple user profiles allows a range of users, such as administrators and executives, access to this management system.

TippingPoint provides a real-time update service, called Digital Vaccine^™, which delivers automatic, on-line inoculation of our products against emerging threats and updates of evolving identification intelligence. To facilitate the creation of Digital Vaccines, our Threat Management Center monitors and collects security intelligence from around the world. Based on this intelligence, we perform investigations of new software vulnerabilities and create antidotes that are delivered directly to our products.

1

Table of Contents

Index to Financial Statements

The Problem

Today’s businesses operate upon an infrastructure foundation comprising IT assets such as servers, storage, and internal networks. Increasingly, business reach and capability is extended through connectivity to the Internet and connectivity between internal IT assets, the Internet, and even other businesses. Often, this connected infrastructure is business-critical in that the business will not operate effectively – or perhaps at all – in its absence. Any disruption to business-critical IT infrastructure directly translates to a costly disruption of the business itself.

Historically, businesses have employed a heterogeneous combination of firewalls, intrusion detection systems (IDS), virus protection applications, and vulnerability assessment scanners in an attempt to cast a wide net over security breaches. The first generation of these security products predominantly focused on the network edge where the business was connected to the Internet over a relatively low bandwidth connection. The low-performance and low-capability of these first-generation products was appropriate for the time. However, this heterogeneous environment hinders businesses from implementing and managing a coherent, enterprise-wide security and usage policy. All too often, ineffective security products create more work and complexity than they mitigate.

Intrusion Detection Systems (“IDS”), by definition, only detect and do not block or prevent unwanted traffic. One common challenge is that an IDS is only as good as the security analyst or IT administrator who is sorting through the vast log files in an attempt to cull out useful data about security breaches and threats. For this reason, intrusion detection systems have been widely criticized for not providing any real security and, in fact, creating additional complexity and work for IT and security staff. An IDS system sits “beside” the network, as opposed to in-line, and buffers network traffic for later analysis. This tap-mode deployment architecture and lack of real-time analysis enables a fundamentally lower-performance architecture for IDS products. Industry analyst groups such as Gartner have made claims that the market for IDS products is “dead.”

In contrast, TippingPoint’s UnityOne Intrusion Prevention Systems (“IPS”) have been architected in a purpose-built manner to operate proactively, in-line in the network, blocking malicious and unwanted traffic, while allowing good traffic to pass unimpeded. This notion of automatic, preventative security delivers vastly more value to businesses than the information-only value of an IDS. TippingPoint’s ASIC-based IPS hardware required to perform real-time detection and prevention at gigabit speeds is fundamentally different from that needed to implement the historic notion of intrusion detection. In fact, the UnityOne IPS makes good traffic run even faster by continually cleansing the network and prioritizing applications that are mission critical. UnityOne’s high performance and intrusion prevention accuracy have redefined network security, and fundamentally changed the way people protect their organization.

Today’s businesses face new challenges. Network transport speeds and traffic levels have been increasing with little sign of abatement. Challenged by this increased load, many early security products create significant performance bottlenecks and negatively impact business efficiency and agility. Infrastructure performance concerns will likely remain a key issue because the overall volume of traffic that rides over the Internet appears likely to continue to grow along two vectors — the increase in global Internet adoption and the increase in access speed at which consumers and businesses are connecting to the Internet. Effective security must accommodate this rate of growth.

However, network transport speed and traffic load are not the only growth vectors that influence the security industry. Unfortunately, the Internet has seen a dramatic escalation in the number and sophistication of cyber attacks (Viruses, Trojans, worms, denial of service attacks) and the number of individual attackers. According to Carnegie-Mellon University’s Software Engineering Institute, the number of new cyber-attack vulnerabilities (i.e., the ways in which IT assets are susceptible to attack) reported increased from 1,090 in 2000 to 3,784 in 2003. Consequently, we’ve seen an order of magnitude increase in the number of attack incidents over the past decade, from 1,334 in 1993 to over 137,000 in 2003.

Because the Internet, networking technology, and most business-critical IT assets are based on open standards and shared access, these systems are susceptible to security threats, malicious eavesdropping, and resource hijacking. In short, the risk to business-critical IT infrastructure is growing exponentially. Looking back, a lone firewall protecting a business at its perimeter now seems inadequate given the business risk associated with ubiquitous remote access, pervasive wi-fi networks, socially engineered e-mail attacks, the threat of walk-in worms and uncontrolled peer-to-peer file sharing.

Today’s challenge is to effectively and seamlessly protect business-critical IT infrastructure while keeping pace with dramatic increases in traffic load, vulnerabilities and exploits, and resource hijacking applications. We believe that first

2

Table of Contents

Index to Financial Statements

generation security products and policy management systems will not be able to keep pace with security requirements. Security products will evolve in much the same way that routers evolved from general-purpose PCs to purpose-built, high-performance router hardware. As this evolution unfolds, we believe that performance-challenged, first-generation products will be replaced by performance-protecting, purpose-built solutions with exponentially more capability.

To effectively protect business-critical IT infrastructure, security must function seamlessly within the foundational infrastructure itself. Complex and interdependent performance and security requirements suggest that first-generation security products are becoming increasingly ineffective. Security solutions must dynamically scale their protection faster and more efficiently than overall IT complexity and the security threat environment or they will not offer businesses sufficient problem-solving leverage. For example, solving security problems at the network infrastructure level enables the protection of many end-point IT assets with a single network-based solution. Disruptions to connected, business-critical infrastructure can be costly for the business itself, and we believe that only next-generation security solutions will be capable of offering true protection in today’s environments against today’s growing challenges.

The Solution

The increasing challenges facing connected businesses are forcing the evolution of security products and services. TippingPoint’s intrusion prevention systems and related services represent an evolving approach to protecting enterprises, service providers, government agencies, and universities. TippingPoint’s differentiated approach is based on a high-performance architecture that has been purpose built for security. We believe that TippingPoint’s products seamlessly and proactively protect businesses in the most challenging connected environments.

TippingPoint’s solutions protect companies that depend on business-critical IT infrastructure to operate. In order to more fully protect such businesses, TippingPoint’s product line encompasses a wide range of intrusion prevention systems and security policy management systems.

Our systems support from two to twenty network segments depending on model and configuration, providing protection against both external and internal attacks. TippingPoint’s UnityOne intrusion prevention product line includes the UnityOne-2400, a two gigabit system for the core network of large businesses; UnityOne-2000, a two gigabit system for high-density, multi-segment environments; UnityOne-1200, a one gigabit system for enterprise applications; UnityOne-400 for small to medium sized enterprises; and UnityOne-200 for remote locations. In February 2004, TippingPoint announced plans to extend our product line with two new intrusion prevention systems: UnityOne-5000, a five gigabit system for large enterprises and service providers, and UnityOne-50, a 50 megabit system for remote office locations.

The UnityOne line of intrusion prevention systems is hardware-based products utilizing high-speed, security-optimized processors and custom ASICs (Application Specific Integrated Circuits) that can operate to multi-gigabit network speeds. Our hardware platform is complemented by a robust security-oriented operating system and suite of filters, signatures, and traffic analysis modules that can be dynamically updated after deployment. Most importantly, we designed our UnityOne systems to have “switch-like” performance. Our UnityOne IPS products exhibit extremely low latencies, or delays in sending a message over the network, and support over 2,000,000 concurrent sessions and 250,000 new connections per second, regardless of traffic profile or attack conditions.

TippingPoint’s intrusion prevention systems focus on three forms of protection simultaneously: Application Protection, Infrastructure Protection, and Performance Protection. In each case, protection is proactive and automatic – preventing abuse and misuse generally before damage occurs and without compromising performance.

Our solutions protect applications and operating systems by continually analyzing network traffic and proactively blocking application-targeting attacks, commonly referred to as viruses, worms, Trojans and denial-of-service attacks. Infrastructure protection of firewalls, servers, routers, voice over IP (VoIP) gateways is performed by continually analyzing network traffic and proactively blocking infrastructure-targeting threats and denial-of-service attacks. Performance protection requires continually analyzing and deeply classifying network traffic and proactively rate shaping and limiting bandwidth utilization for applications such as peer-to-peer (P2P) file sharing, instant messaging, and others. Furthermore, our solution protects the performance of routers, switches, e-mail servers, file servers, and web servers by reducing the load on IT assets associated with processing invalid and malicious traffic.

UnityOne’s Performance Protection capability was announced and became generally available in May 2003 and enables enterprises to control the use of a variety of resource-demanding applications such as peer-to-peer file sharing and instant messaging applications. Peer-to-peer file sharing applications like Kazaa, Morpheus, Grokster, Limewire, WinMX, and Bearshare are often used to share music and videos. TippingPoint’s solutions enable businesses to implement, manage, and enforce policy associated with such applications.

3

Table of Contents

Index to Financial Statements

Our out-of-the-box accuracy and a focus on ease of use means that TippingPoint’s unique combination of application, infrastructure and performance protection greatly reduces the management complexity and the cost of security. Management and configuration overhead as well as time and labor waste are further reduced by TippingPoint’s SMS multi-tiered management system, robust dynamic security tuning, and automated digital vaccine update delivery.

TippingPoint’s solutions are able to be deployed and managed using a scalable, tiered Security Management System (SMS) that is sold as a separate product. Using TippingPoint’s SMS, customers are able to implement and manage coherent, enterprise-wide security policies based on rules, thresholds, and segmentation set within the SMS. The SMS offers a rich reporting system, allowing customized reports to be generated and distributed automatically on a scheduled basis. Support for multiple user profiles allows a range of users, such as administrators and executives, access to this management system.

TippingPoint’s real-time automatic update service, called Digital Vaccine^™, delivers automatic inoculation of our products against emerging threats and updates of evolving identification intelligence. To facilitate the creation of Digital Vaccines, our Threat Management Center monitors and collects security intelligence from around the world. Based on this intelligence, we perform investigations of new software vulnerabilities and create antidotes that are delivered to customers in the form of an automatic, on-line update, or Digital Vaccine^™, directly to our products. Our ability to deliver evergreen attack coverage generates savings for our customers by eliminating the costs associated with the emergency patching triage of hundreds or thousands of servers and/or client systems during or following an actual attack.

Additionally, as a public service, TippingPoint partners with SANS (SysAdmin, Audit, Network, Security) Institute, a cooperative research and education organization, to evaluate, assess and rate (based on greatest threat) new vulnerabilities every week. TippingPoint is the primary contributing author of the SANS @RISK newsletter, containing the latest information on new and existing network security vulnerabilities, with a subscriber base of nearly 200,000 network security professionals worldwide. Coordinated by the SANS Institute and delivered every Thursday, the SANS @RISK newsletter summarizes newly discovered vulnerabilities, details their impact and informs of actions large organizations have taken to protect their users.

Our products are currently complementary to firewalls, improving protection against malicious attacks. Even with firewalls, organizations are still plagued by dangerous attacks such as MyDoom, Nachi, Blaster, Sobig, Code Red, Nimda and Sapphire, which can penetrate through firewalls. Accordingly, prevention products are increasingly seen as a critical tier of any multi-tier security strategy. Firewalls offer security mechanisms for limited layers of network communications. Our UnityOne IPS protects information technology infrastructures from attacks that firewalls miss, and prevent intrusions from intra-network communications that firewalls typically cannot prevent. Firewalls are also typically positioned at the network perimeter. UnityOne products have the ability to be located either at the core of the network or at the perimeter, enabling protection from external and internal attacks and abuses. UnityOne IPS can also protect business infrastructure such as a firewall by deploying a UnityOne between the Internet connection and the firewall.

Our systems have built-in capabilities designed to ensure that business continuity and network traffic is not disrupted and that intrusion prevention operates non-stop. In the event of an internal failure of its security processors, software or hardware, every UnityOne system will automatically revert to traffic pass-through. Our systems support redundant network configuration with two appliances, which helps to ensure security at all times. Depending on how they are configured, the UnityOne systems can both operate actively or one can operate passively as a back-up system in the event the active system fails.

We believe that our intrusion prevention systems and related services significantly reduce the cost of securing a network and increase business productivity for enterprises, service providers, government entities, and academic institutions. TippingPoint’s differentiated approach is based on a high-performance, next-generation architecture that has been purpose built for security. TippingPoint products are designed to seamlessly and proactively protect businesses in the most challenging connected environments. In January 2004, the Company received the first and only NSS Gold award in the IPS space. The NSS Group is an independent security testing facility based in the United Kingdom.

SALES AND MARKETING

We market our products primarily to corporate enterprises, government entities and academic institutions indirectly through resellers and distributors primarily throughout North America and EMEA. Certain verticals such as large service providers are handled via a direct sales model. Our arrangements with resellers are non-exclusive, territory specific, generally cover all of our products and provide for appropriate discounts based on a variety of factors including volume purchases.

4

Table of Contents

Index to Financial Statements

In fiscal 2004, revenue from customers within the United States totaled $5.6 million and revenue from customers outside of the United States totaled approximately $144,000 or 2.5% of total revenue. Prior to fiscal 2004, we recorded no revenue.

We have a dedicated sales force with experience in selling network security products both directly to our end user customer and through resellers. Our sales organization supports resellers in creating demand by potential end users. The sales organization is supported by a team of experienced sales engineers who are responsible for providing pre-sale technical support and technical training for the sales team and for resellers. All of our salespeople are responsible for lead follow-up and account management.

Our marketing activities include advertising, our Web site, trade shows, direct marketing and public relations. Our marketing programs are designed to support the sale of our products through new channels and to new markets, to build the TippingPoint and UnityOne brands, increase customer awareness, generate leads and communicate our product advantages.

We plan to pursue opportunities for Original Equipment Manufacture (OEM) relationships with larger companies to bundle our products into their product and service solutions. In addition, we have developed relationships with system integrators, who will market our products to their clients in connection with their services and solutions.

Our backlog consists of orders that are placed by customers on credit hold, orders awaiting shipment or orders that are subject to other constraints. However, orders may be cancelled by the customer prior to shipment. For these reasons, we believe that our backlog at any given date is not material to an understanding of our business.

We introduced our UnityOne line of products in January 2002, conducted beta trials during the spring of 2002, and began marketing these in September 2002. We announced our new line of systems in February 2003. Sales through distributors and value-added resellers represented 85.3% of our total revenues in the fiscal year ended January 31, 2004. In fiscal 2004, the University of Dayton and the University of California at Los Angeles accounted for 12.6% and 9.6%, respectively, of revenues. In fiscal 2005, if we begin to sell more products to government agencies, we may experience seasonality in our sales as a result of purchases at the beginning and at the end of governmental fiscal years.

RESEARCH AND DEVELOPMENT

We believe that strong product development capabilities are essential to our strategy of developing and improving our product and service offerings. We will continue to invest significant time and resources in creating a structured process for undertaking all product development projects. We have actively recruited and hired engineers and software developers with expertise in the areas of hardware design, software and system implementation, and supported this effort with individuals and additional management with extensive backgrounds in the network security and infrastructure, enterprise software and telecommunications industries. We intend to continue focusing ongoing research and development efforts on our suite of network security products.

Our research and development expenses totaled $9.3 million and $16.2 million for the fiscal years ended January 31, 2004 and 2003, respectively, $1.4 million for the month ended January 31, 2002, and $12.7 million for the fiscal year ended December 31, 2001.

MANUFACTURING

We currently use several manufacturers to create prototypes and currently use Suntron Corporation, a contract manufacturer (“CM”), to procure materials and manufacture and assemble the components of our UnityOne line of products. Final quality testing is performed at our Austin, Texas headquarters where systems are then shipped to our customers. We design, specify and monitor all tests necessary to ensure that systems meet internal and external quality standards. Our arrangement with Suntron Corporation does not have a specified termination date. The Company is currently evaluating additional CM’s to increase production capabilities and to avoid any dependencies on a single CM.

5

Table of Contents

Index to Financial Statements

COMPETITION

The market for our network security line of products is intensely competitive, fragmented and rapidly changing. We expect competition in the market for network security products to intensify in the future. We expect to encounter strong competition from current and potential competitors in our target markets. Many of our competitors are bringing new solutions to market, focusing on specific segments of our target markets and establishing alliances and OEM relationships with larger companies, some of which are the same resellers we intend to use. We believe that the principal competitive factors affecting the market for network security include network accuracy at switching speeds, security effectiveness, technical features, ease-of-use, price, scope of offering and customer service and support. Although we believe that our products generally compete favorably with respect to such factors, we cannot guarantee that we will compete successfully against current and potential competitors, especially those with greater financial resources or brand name recognition.

Current and potential competitors in our market include the following:

INTELLECTUAL PROPERTY

We rely on a combination of trademark, trade secret and copyright law and contractual restrictions to protect the proprietary aspects of our technology. We have filed eleven patent applications for inventions related to the core technology for our network security products and have applied to register various trademarks relating to our business. We anticipate filing additional patent applications for other inventions that we determine will be key to our network security business. We can give no assurance that we will obtain any such patents, or that any patents we obtain will be useful in our business. If we are not successful in obtaining the patent protection we seek, our competitors may be able to replicate our technology and more effectively compete with us.

EMPLOYEES

We had 105 full-time employees as of March 31, 2004.

DISCONTINUED OPERATIONS

From our inception in 1999 through January 2001, our operations consisted primarily of developing and offering Internet-based content, applications and services to consumers through Internet appliances, which we also marketed and sold. That business model required a great deal of capital since we sold the Internet appliance at a loss to try to attract customers to our Internet access service. Shortly after the initial public offering of our common stock in March 2000, the U.S. equity markets entered a period of increased volatility in which the stocks of many technology companies, including ours, were negatively impacted. As a result, it became apparent to us that it would be very difficult to raise the additional financing required to sustain and grow our consumer Internet offering to a point at which we could achieve profitability. In November 2000, we began shifting our business model away from our Internet appliance offering. In connection with this shift in focus,

6

Table of Contents

Index to Financial Statements

we restructured our operations. In January 2001, we announced our decision to discontinue our Internet appliance and service business and terminated all marketing and sales efforts in that area. We completely exited this business by December 2001. We experienced operating losses while trying to build, support and, ultimately, wind this business down.

AVAILABILITY OF INFORMATION

We maintain an Internet website under the name “www.tippingpoint.com.” We provide access on our website to our annual report in Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports.

ITEM 2. PROPERTIES

Our principal property consists of our headquarters located in a leased facility (40,000 square feet) at 7501B North Capital of Texas Highway in Austin, Texas.

ITEM 3. LEGAL PROCEEDINGS

On July 11, 2001, a purported class action lawsuit was filed against us in Texas state court in Travis County, Texas on behalf of all persons who purchased an Internet appliance from us and subscribed to the related Internet service. The complaint alleges that, among other things, we disseminated false and misleading advertisements, engaged in unauthorized billing practices and failed to provide adequate technical and customer support and service with respect to our Internet appliance and service business. The complaint seeks an unspecified amount of damages. We believe that the action is without merit, that the action is not proper for class action treatment and that we have meritorious defenses available. We intend to defend this action vigorously.

On December 5, 2001, we and two of our current and former officers and directors, as well as the managing underwriters in our initial public offering were named as defendants in a purported class action lawsuit filed in the United States District Court for the Southern District of New York. The lawsuit, which is part of a consolidated action that includes over 300 similar actions, is captioned In re Initial Public Offering Securities Litigation, Brian Levey vs. TippingPoint Technologies, Inc., et al., No. 01 CV 10976. The principal allegation in the lawsuit is that the defendants participated in a scheme to manipulate the initial public offering and subsequent market price of our stock, by knowingly assisting the underwriters’ requirement that certain of their customers had to purchase stock in a specific initial public offering as a condition to being allocated shares in the initial public offerings of other companies. The purported plaintiff class for the lawsuit is comprised of all persons who purchased our stock from March 17, 2000 through December 6, 2000. The suit seeks rescission of the purchase prices paid by purchasers of shares of our common stock. On September 10, 2002, our counsel and counsel for plaintiffs entered into an agreement pursuant to which the plaintiffs dismissed, without prejudice, our former and current officers and directors from the lawsuit. In May 2003, a Memorandum of Understanding was executed by counsel for plaintiffs, issuer-defendants, and their insurers setting forth terms of a settlement that would result in the termination of all claims brought by plaintiffs against the issuer-defendants and individual defendants named in the lawsuit. Any direct financial impact of the settlement is expected to be borne by our insurers. In August 2003, our Board of Directors approved the settlement terms described in the Memorandum of Understanding. The settlement is subject to numerous conditions, including approval by the court. There can be no assurance that such conditions will be met or that the court will approve the final terms of the settlement. If the settlement does not occur, and the litigation against us continues, we intend to defend it vigorously, and to the extent necessary, to seek indemnification and/or contribution from the underwriters in our initial public offering pursuant to our underwriting agreement with them. However, there can be no assurance that indemnification or contribution will be available to us or enforceable against the underwriters.

At this time, we are not involved in any other legal proceedings that our management currently believes would be material to our business, financial condition or results of operations. We could be forced to incur material expenses with respect to these legal proceedings, and in the event there is an outcome in any proceeding that is adverse to us, our financial position and prospects could be harmed.

ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS

The voting results of the special meeting of stockholders held on November 20, 2003 are contained in our quarterly report for the period ended October 31, 2003.

7

Table of Contents

Index to Financial Statements

PART II

ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY AND RELATED STOCKHOLDER MATTERS

Since August 20, 2001, our common stock has been quoted on the Nasdaq National Market under the symbol “TPTI”. Effective August 20, 2001, we implemented a one-for-fifteen reverse stock split and, on that date, every fifteen shares of common stock outstanding were converted into one share of common stock.

The following table shows the high and low daily closing sale prices per share of our common stock on the Nasdaq National Market for each quarterly period within the two most recent fiscal years. All price information has been adjusted to reflect the reverse stock split as if it had taken place on March 17, 2000.

As of March 31, 2004, there were approximately 358 holders of record of our common stock, and the closing price on the Nasdaq National Market was $26.93.

We have never declared cash dividends on our common stock. Our board of directors currently intends to retain our earnings to support operations and to finance expansion and does not currently intend to pay cash dividends on our common stock in the foreseeable future. In addition, our loan agreement prohibits us from paying any cash dividends during the term of the agreement.

8

Table of Contents

Index to Financial Statements

EQUITY COMPENSATION PLAN INFORMATION

The following table provides information, as of January 31, 2004, with respect to our shares of common stock that may be issued under equity compensation plans, including the TippingPoint Technologies, Inc. Fourth Amended and Restated 1999 Stock Option and Restricted Stock Plan (the “1999 Plan”) and the TippingPoint Technologies, Inc. Amended and Restated 2000 Employee Stock Purchase Plan (the “2000 Plan”). Both the 1999 Plan and the 2000 Plan were approved by our stockholders.

In September 2003, we granted 150,000 shares of restricted common stock to our President and Chief Operating Officer. The grant was made outside of the 1999 Plan. The entire 150,000 shares are subject to forfeiture under certain circumstances. The forfeiture restrictions lapse as to portions of the 150,000 shares over a period of four years. To the extent forfeiture restrictions have not lapsed as to portions of the 150,000 shares, one-half of such shares will immediately vest upon certain change of control events. We recorded approximately $1.9 million of deferred stock compensation as a result of this grant which will be recognized over four years.

9

Table of Contents

Index to Financial Statements

ITEM 6. SELECTED FINANCIAL DATA

The selected financial data set forth below should be read in conjunction with “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our audited financial statements and the notes thereto included elsewhere in this report. The statements of operations data for the fiscal years ended January 31, 2004, 2003 and December 31, 2001 and the balance sheet data as of January 31, 2004 and 2003 have been derived from the audited financial statements included elsewhere in this report. The statements of operations data for the fiscal year ended December 31, 2000 and for the period from January 12, 1999 (inception) through December 31, 1999 and the balance sheet data as of December 31, 2001, 2000 and 1999 has been derived from our audited financials, which have not been included within this report.

10

Table of Contents

Index to Financial Statements