Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What is Software Escrow?

I was arranging for some a custom software package to be
written for my organization, and someone asked if I’d arranged for “software
escrow”. What is that, and why would I want it?

Getting someone to write software for you can result in a wonderful, custom
solution to your problem. It can also incur a significant amount of risk if
things go wrong.

Software escrow is one way of protecting you in certain types of projects
when certain things go wrong.

Become a Patron of Ask Leo! and go ad-free!

When you contract out for software to be written for you, there are several
decisions that are part of the process. One that’s often overlooked is whether
or not you get a copy of the source code when the project is done.

The source code is the collection of written instructions that the
programmer actually writes to create a program. For many types of programs, the
source code is then transformed into the “executable” that you actually run.
For example “notepad.exe” is a executable program that comes with Windows.
Somewhere back at Microsoft they keep the written instructions, or source code,
that the programmers used to create it.

Open source software projects make the source code publicly accessible.
Anyone with enough knowledge can create the software executable using the
source code. Closed source, or “proprietary” software is just the opposite …
the source code is not available publicly, only the executable. Companies use
this approach to retain their intellectual property, and trade secrets.

When you contract with someone to write software for you one decision,
implied or explicit, is whether the source code belongs exclusively to the
developer, or whether you get a copy. If you do, you have the safety of being
able to have someone else make changes or fix bugs in the future, but the
developer is giving up some of his or her potential control of that software.
If the developer retains the source code and you don’t have access to it, then
you are dependant on the developer for all future updates. Typically developers
will charge more if you get the source code.

It’s common to opt for the cheaper option, or to have the developer simply
not give you the option.

So what happens if your developer goes out of business? What if all of the
source code simply disappears?

That’s where software or source code escrow comes into play.

As part of arranging for your software to be written, you and the developer
can agree that a copy of the source code will be given to a neutral third party
– an escrow agent. The agreement would then specify under which conditions that
agent would be allowed to release the source code to you. For example one of
the conditions might be the developer’s bankruptcy or going out of business for
other reasons. By using software escrow, the developer is protected as long as
it makes sense for them to retain control, and you are protected should the
developer disappear. (Naturally other conditions might trigger the release, but
the developer’s going out of business is a clear example.)

Software escrow is not fool proof. For example, what happens if the escrow
agent goes away? And escrow typically adds some cost to your transaction.

But I think of it as an insurance policy.

Subscribe to Confident Computing! Tech problem solving & safety tips & a weekly confidence boost in your inbox every week.

I'll see you there!

10 Reasons Your Computer is Slow

Slow Computer?

Speed up with my special report: 10 Reasons Your Computer is Slow, now updated for Windows 10.

NOW: name your own price! You decide how much to pay -- and yes, that means you can get this report completely free if you so choose. Get your copy now!

9 comments on “What is Software Escrow?”

  1. From experience, make certain that all parties involved agree when a bug fix or very minor upgrade needs to go into escrow. For example, a minor bug fix, say a situation after actions 1,2,3 and 6 the F12 key no long functions as it is supposed to function. As fix like this can usually be documented by email and the fixed source code does not need to be reescrowed (with another possible charge). However, after many small fixes the code should be rolled up again and placed in escrow.

  2. In the ever growing business world, there is a definite need for software escrow and source code escrow. And, there is even more of a need for the source code to be verified by a neutral third-party. NCC Group is the worldwide leader in providing independent Escrow Solutions – including Software Escrow, Source Code Escrow and Verification Testing to over 15,000 organizations worldwide across all industry sectors. For more information on how NCC Group can assist your organization, go to for all of your needs both in North America, as well as in Europe.

  3. Many of my business critical applications rely on software that has been developed and is maintained by a third party developer. For any bespoke software we commission it is now standard procedure that we enter into a Software Escrow agreement with the supplier.

    I’m constantly amazed by how many SMEs are still unaware of the concept of Software Escrow – especially given the role IT plays in todays office.

    When I was first introduced to the concept of Software Escrow and the role it could play in my business continuity there were two articles I found particularly helpful. Written in plain English and easy to understand!

    The first provides a great intro and follows with a typical scenario and solution. This helped place the concept of Software Escrow in context for me.

    The second provided a more detailed explanation and was extremely helpful.

    I hope any readers new to the subject find these links useful too?

  4. Right now, during these extraordinary times, as we see the money supply dry up, we’re going to more and more software supplies stop operating. A verified software escrow is the insurance that is needed. More detailed information located at

  5. I think one of the most important things is to consider references and testimonials. Ask around business networks you will soon get an idea of who is good and who is poor within your local area.
    [link removed]


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.