Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What is Software Escrow?

Question: I was arranging for some a custom software package to be written for my organization, and someone asked if I’d arranged for “software escrow”. What is that, and why would I want it?

Getting someone to write software for you can result in a wonderful, custom solution to your problem. It can also incur a significant amount of risk if things go wrong.

Software escrow is one way of protecting you in certain types of projects when certain things go wrong.

Become a Patron of Ask Leo! and go ad-free!

When you contract out for software to be written for you, there are several decisions that are part of the process. One that’s often overlooked is whether or not you get a copy of the source code when the project is done.

The source code is the collection of written instructions that the programmer actually writes to create a program. For many types of programs, the source code is then transformed into the “executable” that you actually run. For example “notepad.exe” is a executable program that comes with Windows. Somewhere back at Microsoft they keep the written instructions, or source code,
that the programmers used to create it.

Open source software projects make the source code publicly accessible. Anyone with enough knowledge can create the software executable using the source code. Closed source, or “proprietary” software is just the opposite … the source code is not available publicly, only the executable. Companies use this approach to retain their intellectual property, and trade secrets.

When you contract with someone to write software for you one decision, implied or explicit, is whether the source code belongs exclusively to the developer, or whether you get a copy. If you do, you have the safety of being able to have someone else make changes or fix bugs in the future, but the developer is giving up some of his or her potential control of that software. If the developer retains the source code and you don’t have access to it, then you are dependent on the developer for all future updates. Typically developers will charge more if you get the source code.

It’s common to opt for the cheaper option, or to have the developer simply not give you the option.

So what happens if your developer goes out of business? What if all of the source code simply disappears?

That’s where software or source code escrow comes into play.

As part of arranging for your software to be written, you and the developer can agree that a copy of the source code will be given to a neutral third party – an escrow agent. The agreement would then specify under which conditions that agent would be allowed to release the source code to you. For example one of the conditions might be the developer’s bankruptcy or going out of business for other reasons. By using software escrow, the developer is protected as long as it makes sense for them to retain control, and you are protected should the developer disappear. (Naturally other conditions might trigger the release, but the developer’s going out of business is a clear example.)

Software escrow is not fool proof. For example, what happens if the escrow agent goes away? And escrow typically adds some cost to your transaction.

 

But I think of it as an insurance policy.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

9 comments on “What is Software Escrow?”

  1. From experience, make certain that all parties involved agree when a bug fix or very minor upgrade needs to go into escrow. For example, a minor bug fix, say a situation after actions 1,2,3 and 6 the F12 key no long functions as it is supposed to function. As fix like this can usually be documented by email and the fixed source code does not need to be reescrowed (with another possible charge). However, after many small fixes the code should be rolled up again and placed in escrow.

    Reply
  2. In the ever growing business world, there is a definite need for software escrow and source code escrow. And, there is even more of a need for the source code to be verified by a neutral third-party. NCC Group is the worldwide leader in providing independent Escrow Solutions – including Software Escrow, Source Code Escrow and Verification Testing to over 15,000 organizations worldwide across all industry sectors. For more information on how NCC Group can assist your organization, go to http://www.nccgroup.us for all of your needs both in North America, as well as in Europe.

    Reply
  3. Many of my business critical applications rely on software that has been developed and is maintained by a third party developer. For any bespoke software we commission it is now standard procedure that we enter into a Software Escrow agreement with the supplier.

    I’m constantly amazed by how many SMEs are still unaware of the concept of Software Escrow – especially given the role IT plays in todays office.

    When I was first introduced to the concept of Software Escrow and the role it could play in my business continuity there were two articles I found particularly helpful. Written in plain English and easy to understand!

    The first http://www.totalescrowsolutions.com/how-software-escrow-works provides a great intro and follows with a typical scenario and solution. This helped place the concept of Software Escrow in context for me.

    The second http://www.sitepoint.com/article/legalities-2-software-escrow/ provided a more detailed explanation and was extremely helpful.

    I hope any readers new to the subject find these links useful too?

    Reply
  4. Right now, during these extraordinary times, as we see the money supply dry up, we’re going to more and more software supplies stop operating. A verified software escrow is the insurance that is needed. More detailed information located at http://www.innovasafe.com.

    Reply
  5. I think one of the most important things is to consider references and testimonials. Ask around business networks you will soon get an idea of who is good and who is poor within your local area.
    [link removed]

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.