Almost half of the 350 most valuable listed companies in the UK do not have software escrow agreements in place to give them access to technology if a supplier goes bust, according to an escrow services company. NCC Group has said that just 189 of the FTSE-350 group of listed firms have escrow agreements in place, meaning that …
The only companies who want to pay the (often exorbitant) fees for escrow are large multinationals.
When they get an escrow agreement in place they sometimes decide to do thier damndest to wreck the supplier (including withholding of payment for no reason in some cases over a year).
Once the supplier goes out of business, they get access to the source code for free.
Esrow can a good move but is often lethal for a small supplier with valuable technology.
I have just bought a copy of Windows 7© and I am a little concerned that if your business collapses you will not be in a position to fix any bugs I might find. Therefore, would you mind awfully putting a copy of your complete source code base, development tools, test suites and documentation into safe keeping with "Dodgy Dave's Software Suppository and DVD Copiers" He promises not to look at it, or accidentally release it into the interweb thingy - and it almost never happens that anyone breaks into his office and steals anything (well, not anything valuable, anyway).
Pete 2 xx
Microsoft could never agree
"Software escrow agreements place the source code of software with a secure third party. A list is drawn up of events that will trigger the release of that code. That list usually includes...failures to adequately support the software..."
The release would be instant!
Open source but not free?
If your business depends on something, so much so you would have serious problems without it, you need to have that under your control for the worst case situation.
Being open from the start for any custom code or special system should be prerequisite if you build a major business on it. That is not the same as being free - you can impose license terms and support costs, but still making the system supportable no matter what.
" software programming is not necessarily clear, consistent and reliable."
And when it is not you have big problems even if the supplier is still around. Problems of numerous bugs and difficult (i.e. costly) effort to implement any changes and improvements.
This is not to say open is automatically good, but you can at least gauge the quality of your supplier from having some of your own folk try to understand & build the system from scratch. Otherwise you have to believe the sales folk...
I'm surprised it's that high
I thought software escrow was fairly exotic and infrequently used.
I know it's too easy, but I have to say it anyway: just use Open Source.
I'm talking about those applications built under the direction and specifically for that company.
No way these would be Open Source since they're automatically considered Trade Secrets.
Only applicable in certain cases
There are many businesses looking for solutions to very complex, narrow problems. It is *very* expensive to develop software for this purpose, in part because the problems require extensive consultation, design, and prototyping, but also because there are few customers to spread the cost across. No business could survive investing the time and money required to develop this software and then give away the source. The first project would push you into bankruptcy.
If you are asking for a custom application, one where there is no one else really interested, then it is all the more important you have access to the code!
Also why would the contractor loose out in this case, you are paying them for their work *just for you* so you should expect the code (but not necessarily all rights).
I would imagine a fair arrangement is where by my company gets code and demonstrations of building it on a clean machine, and the rights to make use of that if the contractor is unwilling/unable to support it under reasonable terms, but the contractor retains the right to re-use the code for other projects (assuming it did not incorporate any of my "trade secrets" in development).
Whether it is 'open source' to the world is less important, all that matters is that my company can make use of it as required.
The article I replied was referring to "Open Source" (including the caps): implying "Free" (also in caps) software and open to the world. I pointed out that custom apps, by definition, are proprietary and considered Trade Secrets and therefore would probably not completely employ FOSS.
I agree that companies with custom applications should also own the means to rebuild the code themselves, and Code Escrow achieves at least part of that goal in situations where the developer contracted for the job may not be willing to let the company gain ownership of the source (I understand these Custom App contracts can have lots of terms and conditions, so this is simply accounting for various possibilities).
Depends what you pay
Some companies will charge more for the source code. If your business doesn't include any code writers, its not much use to you and not worth the extra cost (could be double the price, could be more)
Some places won't part with the source. eg there are companies specialising in predicting marked growth. They wont let you anywhere near their algorithms. You'd have to buy the company first.
Oracle go bust and suddenly their databases stop working? OK, if you've got an open ticket with them you're stuck but having the source code isn't going to help either :-)
A lot of companies that large with specially written software (just for them) will likely have the source code outside of Escrow as part of the development. Best of luck to all those utterly reliant on Windows and Office. It's likely they don't use Escrow because it's not that big an issue for them.
From personal experience code Escrow only normally gets used for small software company selling to big company. Outside of that you generally get told to f*ck off and the vendor can do so as they likely are the market leader in their segment or big enough (MS, Oracle) to just smirk and tell you to sign the contract.
Now there's a surprise
So let me get this straight, a company providing escrow services releases a study to promote the service it provides? Colour me shocked.
What good is the source code
as often is chaotic jumble only really useful if you have someone who knows how it goes together
Fortuantely last time I was involved in such a thing - a main customer paid up just before we went under and was willing to employ a few of the developers to sort it all for them :)
Open source eliminates this risk...
All of the problems which are poorly worked around by an escrow service, simply don't exist if you use open source. You not only have the source code, but can also collaborate with other users of the software. Open code can never die so long as it has active users.
Many years ago, I was working for a large subsidiary of a very large bank. My boss, the systems accountant, had ensured that an escrow arrangement was in place for the multi-currency accounts system we were using. This turned out to be very useful when the group which owned the software house went into liquidation. The software ended up in the hands of a software vendor who then attempted to extract new license fees for our continued use of the software and substantial sums for maintenance. Once my boss had indicated we had already obtained the source code via the escrow agreement and would invite other companies to offer software support, the maintenance costs were reduced to normal levels and the need for new licenses evaporated.
Not much use
Being currently gainfully employed picking up the aftermath from failed software companies, I have received source archives from escrow several times. Its never happened yet that a working product can be actually be rebuilt from archive without the technical expertise of members of the original team (and sometimes it's not possible at all). Either components in the tool chain used are obsolete, or rely on software from other failed companies, or else the archive is plain incomplete. Perhaps some vital build instructions are missing.
It's one thing for a company to insist on escrow, but the diligence required to ensure that what goes into escrow will actually work away from its home environment is quite another and possibly not all that rigorously audited. It does makes you appreciate the merits of a good open source project. Mind you, I only see failed ones!
Use a good auditor then
Their escrow auditors haven't done a particularly good job then. When we had our product escrowed, a guy sat down at a machine with one of our developers, and over the course of a couple of days watched him like a hawk as he installed XP onto a clean machine, then all our build tools (recording each step and ensuring the install file for each was included in the escrow too), then the source code from a cd he provided, and watched us run through a set of build instructions to produce a working version. Wouldn't have put it past him to have camped overnight next to the machine to ensure no-one fiddled with it after we'd gone home either :P
Why pay for bespoke without source ?
A close relative who used to work for a large computer firm which employed coding contractors demanded one of the contractors change the copyright stated in the source code to comply with the contract, which gave copyright to the customer. The contractor had (perhaps habitually) put his own company name as the source copyright. The contract would have superceded the source code comments in law anyway, but if a couple of years later knowledge of the contract terms was absent during a code review for purposes involving onwards distribution it was clearly important to get the source comments right. He now owns a small software firm which maintains source for what isn't open source (e.g. his testsuite) with one escrow firm.
Cases requiring escrow are marginal and will apply to few software purchases. In most cases the customer either gets all the rights over the software or very few. If you are buying technology you need which the supplier is not willing to provide on better terms it makes sense to be able to purchase the source if the supplier goes bust from the receiver at a price agreed in advance. But this is a marginal case, typically where buyer and seller negotiate from positions of having similar influence over the fate of the other.
Silly article, sensible businesses.
If you don't have competent developers who are up to speed with the code, then escrow is a waste of time, because you will either discover the source is out-of-date, unusable, or you have to wait a long time for developers to get up to speed! This only gets worse the more complex, or specialist the code is.
I've seen customers want source to maintain product source code themselves (at higher initial cost), then later ask for the code to be supported by the developer(s); escrow can be much worse than this!
I've even seen this mess from products, in a software house, where the original developer has gone years ago, but did not leave a usable source snapshot, even in the dedicated source repository! The result, the product was canned and no longer supported!
Escrow agreements have downsides
What about if you put your code in Escrow and then a rogue customer or partner tries to run you into the ground to obtain your code and patents?
Who remembers Sendo? they claimed Microsoft had a deal that if Sendo went bust Microsoft would get their patents and IP.
NCC Scareware Tactics
Oh look it's the annual 'scareware marketing' from NCC - doesn't this come round on el reg about as often as the DFS sale and equally thinly dressed up as news. So what if lots of % of FTSE350 companies don't use escrow - it's probably because
a) it's all open source
b) It's closed source but too big to fail (Bill / Steve / Larry's Mob)
c) It's closed source and provider might fail - but if the product is any good then someone else will buy the business on the cheep and re-employ the developers
d) Even if they had the source (as rightly pointed out above) if the supplier fails without some of the original code monkeys it'll be next to impossible to put humpty dumpty back again. Having escrow would be as much use a choccie fireguard without those guys
So what's the problem?
Oh yeah and I've been a customer's of NCC's in the past for a relatively small company (customer not vendor)
The definition of "source code" is doubtful
A company I worked for sub contracted a development project to a bug house which used a CASE tool.
Project leader on our side was quoted 2 wrap prices, 1 for "source code" (generated automatically by the CASE tool 2nd for *model* used *by* CASE tool which is what the house was altering to generate the code.
The latter was *much* more expensive but completely flexible.
He bought the code..
We maintained the resulting code in house for years.
It was horrible.
Code escrow in this case would have given us rubbish code. The *model* was the critical item.
"source code is the underlying material which constitutes a software program"
Geez. Are you the IT press or not ? Because we don't need this sorta thing spelling out, ta.
Re: "source code is the underlying material which constitutes a software program"
This article is syndicated from a legal site, see.
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- Driverless car SQUADRONS to hit Britain in 2015