Helping people with computers... one answer at a time.

I was arranging for some a custom software package to be written for my organization, and someone asked if I'd arranged for "software escrow". What is that, and why would I want it?

Getting someone to write software for you can result in a wonderful, custom solution to your problem. It can also incur a significant amount of risk if things go wrong.

Software escrow is one way of protecting you in certain types of projects when certain things go wrong.

When you contract out for software to be written for you, there are several decisions that are part of the process. One that's often overlooked is whether or not you get a copy of the source code when the project is done.

The source code is the collection of written instructions that the programmer actually writes to create a program. For many types of programs, the source code is then transformed into the "executable" that you actually run. For example "notepad.exe" is a executable program that comes with Windows. Somewhere back at Microsoft they keep the written instructions, or source code, that the programmers used to create it.

Open source software projects make the source code publicly accessible. Anyone with enough knowledge can create the software executable using the source code. Closed source, or "proprietary" software is just the opposite ... the source code is not available publicly, only the executable. Companies use this approach to retain their intellectual property, and trade secrets.

When you contract with someone to write software for you one decision, implied or explicit, is whether the source code belongs exclusively to the developer, or whether you get a copy. If you do, you have the safety of being able to have someone else make changes or fix bugs in the future, but the developer is giving up some of his or her potential control of that software. If the developer retains the source code and you don't have access to it, then you are dependant on the developer for all future updates. Typically developers will charge more if you get the source code.

It's common to opt for the cheaper option, or to have the developer simply not give you the option.

So what happens if your developer goes out of business? What if all of the source code simply disappears?

That's where software or source code escrow comes into play.

As part of arranging for your software to be written, you and the developer can agree that a copy of the source code will be given to a neutral third party - an escrow agent. The agreement would then specify under which conditions that agent would be allowed to release the source code to you. For example one of the conditions might be the developer's bankruptcy or going out of business for other reasons. By using software escrow, the developer is protected as long as it makes sense for them to retain control, and you are protected should the developer disappear. (Naturally other conditions might trigger the release, but the developer's going out of business is a clear example.)

Software escrow is not fool proof. For example, what happens if the escrow agent goes away? And escrow typically adds some cost to your transaction.

But I think of it as an insurance policy.

Article C2402 - August 10, 2005 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

9 Comments
Daniel Ullman
August 11, 2005 9:27 AM

From experience, make certain that all parties involved agree when a bug fix or very minor upgrade needs to go into escrow. For example, a minor bug fix, say a situation after actions 1,2,3 and 6 the F12 key no long functions as it is supposed to function. As fix like this can usually be documented by email and the fixed source code does not need to be reescrowed (with another possible charge). However, after many small fixes the code should be rolled up again and placed in escrow.

Dean
May 20, 2008 3:42 PM

In the ever growing business world, there is a definite need for software escrow and source code escrow. And, there is even more of a need for the source code to be verified by a neutral third-party. NCC Group is the worldwide leader in providing independent Escrow Solutions - including Software Escrow, Source Code Escrow and Verification Testing to over 15,000 organizations worldwide across all industry sectors. For more information on how NCC Group can assist your organization, go to http://www.nccgroup.us for all of your needs both in North America, as well as in Europe.

David Logan
September 4, 2008 1:09 PM

Many of my business critical applications rely on software that has been developed and is maintained by a third party developer. For any bespoke software we commission it is now standard procedure that we enter into a Software Escrow agreement with the supplier.

I'm constantly amazed by how many SMEs are still unaware of the concept of Software Escrow - especially given the role IT plays in todays office.

When I was first introduced to the concept of Software Escrow and the role it could play in my business continuity there were two articles I found particularly helpful. Written in plain English and easy to understand!

The first http://www.totalescrowsolutions.com/how-software-escrow-works provides a great intro and follows with a typical scenario and solution. This helped place the concept of Software Escrow in context for me.

The second http://www.sitepoint.com/article/legalities-2-software-escrow/ provided a more detailed explanation and was extremely helpful.

I hope any readers new to the subject find these links useful too?

John Morrissey
September 15, 2008 2:10 AM

With the credit crunch hitting home I think it is essential to have the protection of having access to the source code. The credit crunch may result in a lot of web development agencies going out of business so make sure your protected. Bit of a no brainer. There is more specific information here - http://www.nccgroup.us/services/escrow-solutions/software-escrow-services.aspx.

Rick Archer
September 25, 2008 12:11 PM

Right now, during these extraordinary times, as we see the money supply dry up, we're going to more and more software supplies stop operating. A verified software escrow is the insurance that is needed. More detailed information located at http://www.innovasafe.com.

Logan Smith
October 8, 2008 11:55 AM

Because of the uncertainty in the economy and recent Wall Street meltdown, the stability of software companies is increasingly volatile. There is great concern about software companies being able to maintain important and Mission Critical software. For more Frequently Asked Questions about Software Escrows visit http://www.escrowtech.com/software_escrow_FAQ.php

mandy
February 3, 2009 3:20 PM

i would recommend reading http://www.escrow101.net/source-code-escrow-are-you-just-following-the-herd.php to read about the bad sides of software escrow - it's not all white.

Frank Vipond
May 16, 2009 8:18 AM

My background is 25 years in IT. I recently did a site http://www.SoftwareEscrowGuide.com/ that business users might find useful. Cheers. Frank Vipond [email address removed]
I'm neutral - not in the escrow business myself.

bhavna
July 27, 2009 6:02 AM

I think one of the most important things is to consider references and testimonials. Ask around business networks you will soon get an idea of who is good and who is poor within your local area.
[link removed]

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.