Code escrow. Have you been involved?


  • Discourse touched me in a no-no place

    From our recent christmas party I learn that we will be required to put our code into escrow, and (in one case) ensure it's compilable. I'm the likely candidate for sorting this out our side.



    We deal with bespoke systems (at the moment - we're working on making the software, at least, common across projects (differing hardware requirements are the issue here,) with the intention that different projects differ only in configuration) and the compilation includes the OS (Linux.) Not all projects are requied to be placed into escrow, just two (at the moment, I think.)



    Anyone out there actually dealt with escrow? Pikiweedia seems light on details, and a cursory search on 'software escrow' otherwise throws up lots of companies offering to hold the escrow.



    I'm basically asking for the real-life effects of doing this, and pointers to some sites that give detail from our side, rather than the "you really need this" from the POV of the client (which, it appears two of ours have.)



    The whole source is stored in Subversion if it matters/helps. Cross compilation is also heavily involved. (I understand that one of our remote team compiles projects, largely successfully, under Windows. The rest of us use Linux.)




  • @PJH said:

    Anyone out there actually dealt with escrow?

    Strangely enough, I've had 2 projects recently where it was asked/demanded by the customer, but in neither case did it actually happen. So I'm curious too :)



  • Spitting distance from four years since the Original Post and none of the great and mighty members of these forums can explain or comment on "Code Escrow"?
    I had never even conceived of the concept until seeing this post, however it seems like it's just another way for a middle-man to grab money from a business transaction without having to actually do anything constructive.  There are other methods of obtaining the same results.

    I am certain that the information below is of no benefit to anyone.


    Code Escrow most often involves using a (paid) third party to host the source code and release it to the customer/licensee under certain conditions.  Example: Company A asks Company B to develop software for them.  Company A wants to be certain that if Company B goes belly up or some other condition arises where Company B can no longer support the software, they can still get updates and maintenance on said software.  So Company A asks Company B to pay a third party (Company C) to hold the source code "in escrow".

    Points of Failure:
    Company C could go belly up.
    Company C could release the source code, or parts thereof, to Company D
    Company C could steal and modify the Source Code and release a competing product.
    Company B could fail to keep the escrowed code up to date.
    Company A could falsify information and obtain the source code without contractual failures having occured, thus cutting Company B out of the equation.
    Company C's floppy drive could fail.
    etc.

     



  • @PJH said:

    Tue, Dec 21 2010 3:04 PM

    Code escrow. Have you been involved?

     

    @Medezark said:

    Spitting distance from four years since the Original Post

    What timezone are you in?

    Also, he asked "I'm basically asking for the real-life effects of doing this". Your company C doesn't sound like a real life example; as far as I know, they usually have some independent, notary controlled structure to handle with all of the above scenario's.


  • Discourse touched me in a no-no place

    @Medezark said:

    Spitting distance from four years since the Original Post and none of the great and mighty members of these forums can explain or comment on "Code Escrow"?
    More like which planet? The date you're looking at is when I joined, not when I posted that.

    @Medezark said:
    I am certain that the information below is of no benefit to anyone.
    You're not wrong. You've basically repeated what I found on my google search. I was after pointers to real-life experiences of your example company B. How it's set up, how to ensure compilation, how it's updated etc.



  • @PJH said:

    @Medezark said:
    Spitting distance from four years since the Original Post and none of the great and mighty members of these forums can explain or comment on "Code Escrow"?
    More like which planet? The date you're looking at is when I joined, not when I posted that.

    He has that disease that made Spock move so fast that he was invisible and made buzzing sounds everywhere.



  • We use escrow4all (Dutch) as software vendor (Dutch/Spanish) with international clients (mainly US). Not sure if they do business in the UK. They prepare the legalese for a reasonable price and have various levels of source code verification. It takes about 10 minutes of time every few months to make a source code deposit (zip up project directory and upload it via secure FTP)



  • @blakeyrat said:

    @PJH said:
    @Medezark said:
    Spitting distance from four years since the Original Post and none of the great and mighty members of these forums can explain or comment on "Code Escrow"?
    More like which planet? The date you're looking at is when I joined, not when I posted that.
    He has that disease that made Spock move so fast that he was invisible and made buzzing sounds everywhere.

    I have a mild cognitive disorder which makes me always look at the wrong date.  My apologies.


  • Discourse touched me in a no-no place

    @Medezark said:

    I have a mild cognitive disorder which makes me always look at the wrong
    date.
    You might consider tidying up that sig as well. Your quote tags are showing.


  • 🚽 Regular

    @PJH said:

    You might consider tidying up that sig as well. Your quote tags are showing.
     

    How embarrassing. I had nightmares about that happening to me at school when I was 14.


  • Discourse touched me in a no-no place

    Update: after an idea I had last night, and discussion today, we're going with a machine set up in VirtualBox that is able to do the compilation, and will upload the image (and pointers to VirtualBox) to the escrow agent.


Log in to reply