Nubeva Technologies : MD&A - Six Months Ended October 31, 2021

Nubeva Technologies Ltd.

MANAGEMENT DISCUSSION AND ANALYSIS

This Management Discussion and Analysis (this "MD&A") is dated December 29, 2021 and is intended to assist the reader in understanding the results of operations and financial condition of Nubeva Technologies Ltd., ("Nubeva" or the "Company"). This MD&A should be read in conjunction with the following information that can be obtained from www.sedar.com :

1. the Company's unaudited condensed interim consolidated financial statements for the six months ended October 31, 2021 and accompanying notes; and
2. the Company's management discussion and analysis for the year ended April 30, 2021.

The condensed consolidated interim financial statements of Nubeva have been prepared in accordance with IFRS as issued by the International Accounting Standards Board ("IASB") and interpretations of the International Financial Reporting Interpretation Committee ("IFRIC").

Nubeva's reporting currency is United States Dollars and its functional currency is Canadian Dollars. The functional currency of each entity is measured using the currency of the primary economic environment in which that entity operates. The Company has the following wholly owned operating subsidiaries:

Subsidiary	Operating location	Functional currency
Nubeva, Inc.	San Jose, California	United States Dollars
Nubeva PTY Ltd.	Sydney, NSW Australia	Australian Dollars

CAUTION ON FORWARD-LOOKING INFORMATION

This MD&A contains certain "forward-looking information" and "forward-looking statements" (collectively "forward-lookingstatements") within the meaning of applicable Canadian securities legislation. When we discuss our strategy, plans, outlook, future financial and operating performance, financing plans, growth in cash flow and other events and developments that have not yet happened, we are making forward-looking statements. All statements in this MD&A that address events or developments that we expect to occur in the future are forward-looking statements, including the following:

• the development and capabilities of Nubeva (as defined herein) to provide the security platform and services;
• our plan to expand operations by adding additional customers;
• our expectations in relation to working capital;
• our expectations in relation to our future financial needs;

Forward-looking statements are statements that are not historical facts and are generally, although not always, identified by words such as "expect", "plan", "anticipate", "project", "target", "potential", "schedule", "forecast", "budget", "estimate", "intend" or "believe" and similar expressions or their negative connotations, or that events or conditions "will", "would", "may", "could", "should" or "might" occur. All such forward-looking statements are based on the opinions and estimates of management as of the date such statements are made. Forward-looking statements necessarily involve assumptions, risks and uncertainties, certain of which are beyond the Company's control, including the following:

• our dependence on suppliers and customers;
• our untested business model;

1

• our ability to attract customers;
• the competitive nature of the cloud-based security market;
• our ability to manage our growth;
• exchange rate risks;
• regulatory risks;
• our future operations;
• our dependence on key personnel;
• dilution to present and prospective shareholders;
• the lack of a market for our securities; and
• our share price.

The Company assumes no responsibility to revise forward looking statements to reflect new information, subsequent events or changes in circumstances, except as required by applicable securities laws.

1. History of the Business

The Company's registered and records office is located at 789 West Pender Street, Suite 1080, Vancouver, BC Canada V6C 1H2.

Nubeva Technologies Ltd. (formerly Sherpa Holdings Corp.) was incorporated on February 3, 2017 under the Business Corporation Act of British Columbia as a capital pool company ("CPC"). The Capital Pool System was set up by the TSX to provide private companies with an alternative method to go public.

Nubeva, Inc. was incorporated under the laws of the State of Delaware on March 30, 2016. Nubeva Inc.'s wholly owned subsidiary, Nubeva Pty Ltd. was incorporated under the laws of New South Wales, Australia on April 20, 2016. Nubeva is based in San Jose, California and its principal activity is the development and commercialization of software to enable organizations to extend and run their visibility and security controls inside public and private clouds.

2. Core Business

Nubeva develops and licenses software that broadens network traffic security and visibility. The patent pending Session Key Intercept ("SKI") technology enables cybersecurity and application assurance solutions with a modern, high-speed, easy to integrate decryption capability to enhance existing monitoring and inspection products.

Further, Nubeva recently discovered that the SKI technology can be adapted and applied to ransomware, one of the most significant problems facing the world today. Early development and testing has shown that Nubeva can successfully restore ransomed files quickly and easily from some of the most advanced variants known. Today there are no systemic solutions for ransomware and management believes that the Company may have produced a universal solution. This project is in active and late development stages.

Deep and Thorough Inspection of Network Traffic is Mission Critical

Enterprises and service providers must inspect and monitor their network traffic between applications, data centers, clouds, the internet, and end-users and their devices. The drivers are cybersecurity and application performance monitoring and assurance. They need to look at the flows of connections and the actual data transmitted to detect and defend from cyber threats as well as to diagnose and resolve application issues to keep their businesses and services up and running.

2

Nearly All Network Traffic is Encrypted With TLS

At the same time, security and regulatory requirements have led the world to a point where nearly all traffic is encrypted end-to-end, using the industry standard protocol known as TLS. (Transport Layer Security, the successor to SSL, is a cryptographic protocol designed to provide communications security over a computer network.) While TLS provides essential security and privacy, it also hides the actual data and details of these communications from view. This includes malicious software such as ransomware and viruses as well as application performance details such as database and API (Application Programming Interface) calls and their responses. In fact, it has been well reported that over 46% of malware now hides inside standard encrypted traffic flows. Up over 100% in just 12 months. The implication is that IT and Security teams must decrypt traffic in order to inspect it or take on significant risks, cyber and operational. More recently the industry standard bodies released TLS version 1.3, a new version that provides much needed security enhancements but at the same time, makes it much more difficult to lawfully decrypt for inspection of that traffic. TLS 1.3 adoption is beginning to take off and is expected to be universally employed by 2025.

Traditional Decryption Solutions are Falling Short

Traditionally, solution providers of security and application inspection services relied on three decryption methods. However, one, Passive Intercept, the simplest and least disruptive, is obsolete with TLS 1.3. The other two, Man-in-the-Middle and Reverse-Proxy based decryption, have a growing list of traffic that cannot be decrypted and have rising performance and operational challenges due to modern computer, network and security architectures. The result?

• For the enterprises: Reduced product visibility equals increased risk and the need for compensating controls and systems. Existing investments and their supporting policies, procedures and staff are facing end of life.
• For the solution providers and manufacturers: These limitations lead to reduced product capability and solution value which directly impacts sales, increases friction, reduces deal size and ultimately reduces market opportunity.

Nubeva Has a Breakthrough Technology Solution

In June 2019, Nubeva launched the Session Key Intercept ("SKI") technology as a modern decryption solution to address this problem. At its core, SKI is patent pending software that has perfected the ability to get individual TLS session encryption keys out of computer systems in real-time and allow authorized systems to use those keys to decrypt TLS to enable full network traffic inspection. Nubeva SKI, unlike all previous decryption methods, does so without manipulating the traffic, modifying protocols or the connection itself, or using the ultra-secret, master server security keys and certificates. SKI is more reliable, less disruptive, requires lower resources, is better performing, and more secure than legacy methods. Unlike legacy options, SKI works universally on all TLS traffic for all use cases and in nearly any computing environment including private datacenter, public clouds such as AWS, Google and Azure, and on the internet.

3. Overall Performance

During the six months ended October 31, 2021 and to the date of this MD&A, in addition to continuing to provide critical updates for existing applications, Nubeva focused on its next major development with the introduction of SKI for ransomware. Set to be launched in the second quarter of F2022, this development is expected to be a groundbreaking solution to the ever expanding problem of ransomware and present Nubeva and the OEM's that license its products and services with a leading market opportunity.

3

Also during the quarter, as R&D efforts on ransomware continued to yield very positive results, management continued to shift and invest more resources into that opportunity. The Company also halted negotiations on substantial contracts who's terms would have put the ransomware technology and future potentials in jeopardy. As a result, the investment in the ransomware opportunity is materially affecting financial performance and pipeline qrowth for TLS.

Product Development

• In September 2021 the Company accounced the successful completion of initial testing of a new universal solution for ransomwhare recovery. based on early positive indications from research in fiscal Q4, the company increased investments into ransomware solutions using SKI technology. During fiscal Q1, the Company succeeded in producing working software that could successfully restore and recover systems that have been ransomed. The Company conducted numerous successful test on live, active and advanced ransomware forms.
• In July 2021 Nubeva announced support for Windows 11 which is set to be released later in 2021.
• In June 2021 Nubeva announced its initial support for Windows Server 2022. Nubeva plans to release support at the time of Microsoft's system general availability. The public preview of Microsoft Windows Server 2022 was recently announced and will be delivered later this year. Security is the headline priority of Microsoft Systems, including the default use of TLS 1.3 encryption. The Company believes that as mission-criticalapplications will be run on Microsoft's newest platform, the ability to inspect this traffic will be paramount.
• In May 2021 the Company launched its comprehensive developer license program for Nubeva's patented Session Key Intercept (SKI) technology. The for-fee program provides developer-level access to Nubeva's state-of-the-art technology. This program allows cybersecurity and application assurance companies the ability to execute seamless proof of concepts and external demos of SKI's decryption capability to their customer base before deeper OEM implementations. Program delivery model is customer-driven, requires no change to Nubeva's support model, and is validated as an easy on-ramp for SKI adoption.

Relationships

• In July 2021 Nubeva announced that Trend Micro, a global leader in cybersecurity, has completed initial integrations and is set to release product to market, deploying it into multiple product sets.
• In June 2021 Nubeva announced its first customer win with a "tier-1" network operator and service provider to enable advanced network monitoring of core communications infrastructure.

Financing

• In December 2021 232,257 stock options were exercised at a price of CAD $0.05 per common share for gross proceeds of $9,085 (CAD$11,613).

4

• On December 3, 2021, Nubeva completed a non-brokered private placement of units for gross proceeds of $780,518 (CAD $1,000,000). The Company issued 1,250,000 units at a price of CAD $0.80 per unit. Each unit is comprised of one common share and one half of one common share purchase warrant ("Warrant"), each whole Warrant entitling the holder to acquire one common share at a price of CAD $1.05 per common share for a period of up to three years. If at any time subsequent to the date which is four months and a day from the closing date, the closing price of the Common Shares as quoted on TSX Venture Exchange for any ten consecutive trading days is equal to or exceeds CAD $2.10 per common share, the Company may accelerate the expiry date of the Warrants to the 30th day after notice is provided to the holders.
• In November 2021 594,565 stock options were exercised at a weighted average price of CAD$0.11 per common share for gross proceeds of $52,553 (CAD$67,226).
• On November 29, 2021, Nubeva completed a non-brokered private placement of units for gross proceeds of $361,927 (CAD $462,000). The Company issued 550,000 common shares at a price of CAD $0.84 per unit.
• On October 5, 2021, the Company issued 56,391 shares to settle debt in the amount of CAD $52,500.
• On September 16, 2021, Nubeva completed a non-brokered private placement of units for gross proceeds of $413,444 (CAD $524,000). The Company issued 655,000 units at a price of CAD $0.80 per unit. Each unit is comprised of one common share and one half of one common share purchase warrant ("Warrant"), each whole Warrant entitling the holder to acquire one common share at a price of CAD $1.25 per common share for a period of up to three years. If at any time subsequent to the date which is four months and a day from the closing date, the closing price of the Common Shares as quoted on TSX Venture Exchange for any ten consecutive trading days is equal to or exceeds CAD $2.50 per common share, the Company may accelerate the expiry date of the Warrants to the 30th day after notice is provided to the holders.
• In September 2021, 1,016,610 share purchase warrants were exercised at a price of $0.65 per common share for gross proceeds of $520,312 (CAD$660,796) and 100,000 share purchase warrants were exercised at a price of $0.80 per common share for gross proceeds of $62,992 (CAD$80,000).
• On September 2, 2021, the Company received forgiveness from the U.S. government of its second PPP loan in the amount of $240,652.
• On August 11, 2021, Nubeva announced that it has elected to trigger acceleration of the expiry date of 1,111,110 share purchase warrants issued on March 26, 2021 in connection with its March 2021 private placement. As of the date of this MD&A, all of the Warrants in connection to its March 2021 private placement have been exercised for proceeds of CAD $722,220. Pursuant to the terms of the acceleration clause, any warrants that have not been exercised as of September 10, 2021 will automatically be cancelled. Each Warrant entitles the holder to purchase one Common Share at a price of CAD $0.65.
• On June 25, 2021, the Company issued 46,052 shares to settle debt in the amount of CAD $42,703.

5