By Ellen McCarthy
Washington Post Staff Writer
March 3, 2006
Executives of Sourcefire Inc., the Columbia company whose sale to an
Israeli firm has been delayed pending a national security review, said
yesterday that they believe the concerns surrounding the deal can be
In early October the information security firm announced an agreement
to be acquired for $225 million by Check Point Software Technologies
Ltd., the firm run by Israeli tech pioneer Gil Schwed. Though based in
Ramat Gan, Israel, the firm has a U.S. headquarters in Redwood City,
Calif., and is publicly traded on the Nasdaq Stock Market.
The Sourcefire deal nevertheless has come under scrutiny, apparently
because of the company's contracts with sensitive government clients,
and is being investigated by the Committee on Foreign Investments in
the United States.
"I'm pretty stunned. Who would've figured 140 people in Columbia,
Maryland, would be embroiled in a world controversy?" said Wayne
Jackson, Sourcefire's chief executive.
CFIUS is the interagency panel that is reviewing the potential
purchase by a company from the United Arab Emirates of a British firm
that operates U.S. ports.
Five-year-old Sourcefire sells software that monitors computer
networks for potential threats. About 13 percent of its revenue comes
from federal clients, including civilian and defense agencies, Jackson
Tony Fratto, a spokesman for the Treasury Department, which leads
CFIUS, said, "Certain members of the committee have outstanding
concerns that there's potential risks to national security were the
transaction to proceed."
Sourcefire is something of a darling of the local tech sector, in part
because of its roots in the open-source community. The company was
founded in 2001 by Martin Roesch, a programmer who started working on
the basic product, "Snort," in an open-source forum that allows anyone
to see the programming code and contribute to it. Though the product
was eventually commercialized and Sourcefire brought in more than $30
million in revenue last year, the basic code remains freely available
to anyone with an Internet connection.
"What nobody's talking about is the fact that Snort, which is at the
center of all this hubbub, is open source. . . . China could be using
it. Iran could be using it. North Korea could be using it," Jackson
said. "Nothing's being transferred except control, and those are
issues that could certainly be addressed with the committee."
Because such investigations are often kept secret, even from the
parties involved, executives of Sourcefire and CheckPoint may not know
which aspects of the deal are raising red flags for regulators. The
companies would not comment on the details of the investigation or on
their discussions with government officials.
Still, Jackson said he is "confident that measures can be put in place
to mitigate whatever risks the federal government believes might
exist." He also said the firm will continue to serve its federal
customers throughout the investigation, which is expected to conclude
this month with a report to the president.
Check Point, the Israeli firm, manufactures a widely used firewall
program and has a separate federal sales office to market to the U.S.
government. It has acquired U.S. firms in the past, including San
Francisco-based Zone Labs Inc. in 2004.
The Sourcefire deal is being closely watched regionally because it has
a number of local investors, including Core Capital Partners LP of the
District, New Enterprise Associates of Baltimore, and the Maryland
Department of Business and Economic Development. Inflection Point
Ventures of Newark, Del., and Sierra Ventures and Sequoia Capital,
both of Menlo Park, Calif., also have invested in the firm.
None of the venture capitalists would comment publicly on the
investigation. Ray Rice, a limited partner in Core Capital, said he is
confident that Sourcefire will have a number of other suitors if the
Check Point deal is killed.
"Frankly, I can wait six more months," Rice said.
Jackson said the company is committed to seeing the Check Point
acquisition through and is cooperating with the committee.
=A9 2006 The Washington Post Company
InfoSec News v2.0 - Coming Soon!