Economic uncertainty and an increase in IT-related businesses announcing insolvency are spreading globally in our news headlines at the moment. With the recent shockwave relating to Silicon Valley Bank’s announcement of bankruptcy, the quick demise of Credit Suisse due to a string of scandals, top management changes and multi-billion dollar losses resulting in a huge slump in its shares and bonds, to new regulations relating to the management of third-party supplier risks, many businesses are left questioning their operational resiliency and what they can do to protect themselves from the potential risks of their IT service provider going bust. Source code escrow provides this assurance to businesses, helping them to protect their IT investments and maintain their software in the event of software supply-chain disruption.
In this article, we look at the most frequently asked questions we receive about source code escrow, covering what it means, how it works and the various solutions available to you. Look out for part 2 of this article coming next month.
What does it mean to put source code in escrow?
Source code escrow, also known as software escrow or code escrow, is available for businesses of all sizes to ensure the source code or their technology investments are always available and protected. For the client or beneficiary (end user) of the software, ensuring such protection is vital in the event of the software vendor or developer not being able to support the software anymore. Source code escrow is also sought by software developers when their clients such as banks, insurance companies and multi-nationals request protection of the source code or data within the software license agreement.
How does source code escrow work?
During the agreement setup, the depositor (software vendor/developer) will deposit, with the source code escrow company, the latest version of the source code which is normally through an automated deposit system directly from GitHub, Bitbucket, GitLab and many other popular version control apps or via SFTP/S3 buckets.
To ensure the files are accessible and free of viruses, some source code escrow companies will perform a file integrity test as part of the source code escrow deposit. This source code escrow deposit would only be released to the beneficiary if the depositor can no longer support or maintain the software. The requirements for deposit and release of the source code are all clearly defined and negotiated upon in the source code escrow agreement.
Who should pay for source code escrow?
When it comes down to who should pay for the source code escrow agreement, there is no definitive answer. However, there are certain cases depending on the situation where the source code escrow fees may be borne solely by the software developer, the beneficiary, or even split equally between both parties.
If the software developer is a young start-up company and the beneficiary is an enterprise organisation, the annual costs of the source code escrow arrangement will often be absorbed by the developer as they are willing to do whatever it takes to get the software license agreement completed.
In the circumstance where the software developer is more established and the beneficiary has made a request for the inclusion of source code escrow, the costs will often fall on the beneficiary.
In a situation where verification and testing of the source code is requested to ensure accessibility and usability, the beneficiary usually always pays for this service. However, there are situations where both the software developer and beneficiary agree to split the fees in an amicable way to proceed with implementing a source code escrow solution.
It is recommended that all payment terms are decided upon at the beginning of the agreement by all parties to ensure the source code escrow process is as efficient as possible for all involved.
What source code escrow service do you need?
Single Beneficiary Source Code Escrow Agreement
A single beneficiary source code escrow agreement is usually used when a client is licensing software from a software company. It is made up of the depositor, beneficiary and the source code escrow company as the independent third party.
Multi Beneficiary Source Code Escrow Agreement
Multi beneficiary source code escrow agreements are often used by software companies to provide comfort to their clients that they have a standing source code escrow agreement in place. This type of agreement allows the software company to add an unlimited number of beneficiaries to the master agreement.
