Open Source Security Player Sourcefire Going Public

Sourcefire, provider of open source security software Snort and other intrusion detection and prevention solutions, filed this week with the U.S. Securities and Exchange Commission for an initial public offering (IPO).

The IPO is a rarity in that it involves a security company, as well as a company that relies on open source development and software for its security, which is a proven commodity in the field, IT-Harvest Chief Research Analyst Richard Stiennon told LinuxInsider.

"Open source tends to create diversity," he said. "You don't have the same hidden, unknown vulnerabilities; all of them are discovered quickly."

While Sourcefire's open source IPO likely won't be as big as that of Linux vendor Red Hat (NYSE: RHT), the company does represent the prominent player in the open source security space.

Public Focus

Five-year-old Sourcefire -- which came close to being acquired by Israeli vendor Check Point Software last year, but got swept up in political and approval red tape -- is now back on track to go public, which was its direction before the entire Checkpoint matter, 451 Group Senior Analyst Nick Selby told LinuxInsider.

"It was expected," he said. "We knew it was coming for some time."

Sourcefire indicated it had not yet determined the number of shares to be offered or a price range, but it was preparing for the IPO, to be managed by Morgan Stanley & Co., Lehman Brothers, UBS Securities and Jeffries and Company.

The company said in its SEC filing that its 2005 revenues were up nearly 100 percent, mostly from the North American market, and the company garnered US$20 million from investors last May, according to Selby.

While Sourcefire claims to be on track to top $50 million in revenue for 2006, Selby highlighted that Checkpoint lowered the figure to $40 million with its estimates earlier this year.

Open Source Evidence

Although he also questioned the limitations of intrusion detection systems (IDS) and related security solutions offered by Sourcefire in the face of increasingly encrypted and sophisticated attacks, Selby said the Maryland-based organization should continue to do well as a public company.

While Red Hat is the original open source IPO, Sourcefire's plans are further evidence of the winning combination of open source software and the commercial business model, he added.

"Sourcefire's success has been with a platform built entirely around open technology," Selby explained. "This is further evidence open source is a viable model that can be the foundation for some truly great businesses."

Apprehension and Acquisition

Open source security tools such as Sourcefire's Snort and Nessus, an open source vulnerability scanner, have proven their worth in the industry, claimed Stiennon.

"Open source development of tools like Snort and Nessus has done more to harden our defenses than a lot of commercial products combined," he said.

Still, the security analyst doubted whether a Sourcefire IPO could garner as much excitement as Red Hat's move to go public.

"Their business model is converting open source to a commercial product, like Red Hat, and I don't think Snort has the business value that Linux does," Stiennon predicted.

Sourcefire, one of the few security software vendors left selling a single type of solution, may be going public so that it can use proceeds to acquire other companies and add to its portfolio, he opined.

"This is a perfect opportunity for them to stand on their own two feet," Stiennon concluded.