I was arranging for some a custom software package to be written for my organization, and someone asked if I'd arranged for "software escrow". What is that, and why would I want it? Getting someone to write software for you can result in a wonderful, custom solution to your problem. It can also incur a significant amount of risk if things go wrong. Software escrow is one way of protecting you in certain types of projects when certain things go wrong. When you contract out for software to be written for you, there are several decisions that are part of the process. One that's often overlooked is whether or not you get a copy of the source code when the project is done. The source code is the collection of written instructions that the programmer actually writes to create a program. For many types of programs, the source code is then transformed into the "executable" that you actually run. For example "notepad.exe" is a executable program that comes with Windows. Somewhere back at Microsoft they keep the written instructions, or source code, that the programmers used to create it. Open source software projects make the source code publicly accessible. Anyone with enough knowledge can create the software executable using the source code. Closed source, or "proprietary" software is just the opposite ... the source code is not available publicly, only the executable. Companies use this approach to retain their intellectual property, and trade secrets. When you contract with someone to write software for you one decision, implied or explicit, is whether the source code belongs exclusively to the developer, or whether you get a copy. If you do, you have the safety of being able to have someone else make changes or fix bugs in the future, but the developer is giving up some of his or her potential control of that software. If the developer retains the source code and you don't have access to it, then you are dependant on the developer for all future updates. Typically developers will charge more if you get the source code. It's common to opt for the cheaper option, or to have the developer simply not give you the option. So what happens if your developer goes out of business? What if all of the source code simply disappears? That's where software or source code escrow comes into play. As part of arranging for your software to be written, you and the developer can agree that a copy of the source code will be given to a neutral third party - an escrow agent. The agreement would then specify under which conditions that agent would be allowed to release the source code to you. For example one of the conditions might be the developer's bankruptcy or going out of business for other reasons. By using software escrow, the developer is protected as long as it makes sense for them to retain control, and you are protected should the developer disappear. (Naturally other conditions might trigger the release, but the developer's going out of business is a clear example.) Software escrow is not fool proof. For example, what happens if the escrow agent goes away? And escrow typically adds some cost to your transaction. But I think of it as an insurance policy. Related:
Article 9008 | Posted August 10, 2005 |
Archives Advertisers |
•
From experience, make certain that all parties involved agree when a bug fix or very minor upgrade needs to go into escrow. For example, a minor bug fix, say a situation after actions 1,2,3 and 6 the F12 key no long functions as it is supposed to function. As fix like this can usually be documented by email and the fixed source code does not need to be reescrowed (with another possible charge). However, after many small fixes the code should be rolled up again and placed in escrow.
Posted by: Daniel Ullman at August 11, 2005 09:27 AMIn the ever growing business world, there is a definite need for software escrow and source code escrow. And, there is even more of a need for the source code to be verified by a neutral third-party. NCC Group is the worldwide leader in providing independent Escrow Solutions - including Software Escrow, Source Code Escrow and Verification Testing to over 15,000 organizations worldwide across all industry sectors. For more information on how NCC Group can assist your organization, go to http://www.nccgroup.us for all of your needs both in North America, as well as in Europe.
Posted by: Dean at May 20, 2008 03:42 PMMany of my business critical applications rely on software that has been developed and is maintained by a third party developer. For any bespoke software we commission it is now standard procedure that we enter into a Software Escrow agreement with the supplier.
I'm constantly amazed by how many SMEs are still unaware of the concept of Software Escrow - especially given the role IT plays in todays office.
When I was first introduced to the concept of Software Escrow and the role it could play in my business continuity there were two articles I found particularly helpful. Written in plain English and easy to understand!
The first http://www.totalescrowsolutions.com/how-software-escrow-works provides a great intro and follows with a typical scenario and solution. This helped place the concept of Software Escrow in context for me.
The second http://www.sitepoint.com/article/legalities-2-software-escrow/ provided a more detailed explanation and was extremely helpful.
I hope any readers new to the subject find these links useful too?
Posted by: David Logan at September 4, 2008 01:09 PM