Source Code Escrow

Makarand writes "According to this article in The Economic Times (India) Software companies in India are embracing the trend where source code for the software being bought or sold is kept safe with an escrow agent with carefully drafted agreements. This allows the buyer to get hold of the source code in cases where software was licensed from a start-up which has now folded or a breach of contract regarding the maintenance services that were agreed upon can be proven. The source code is automatically released upon the occurrence of any of the events mentioned in the escrow agreement and the buyer will be able to study the source code and continue to provide support services for the software bought without relying on the employees of the software supplier."

source code escrow not very useful

[penguin7of9]

If the developer goes out of business, getting the source code by itself is almost always useless: almost no single customer will have the resources to maintain and extend it. Source code is only cost effective if there is a community of users and developers, and that requires releasing the code under an open source license ahead of time.

(For the same reason, Microsoft source code isn't their crown jewels, as they always claim: even if people got access to it, they couldn't develop and maintain it anyway. The main reason Microsoft doesn't want their sources released is probably marketing--the "Coca Cola Secret Formula" gimmick--and the probably embarrassing state of it.)

Another problem with source code escrow agreements is that people don't know whether the code deposited with the agent will even compile or be complete. And the agents themselves disappear or misplace code.

Re:source code escrow not very useful

[Apreche]

You're right, except for one thing. The reason microsoft doesn't want its source code disclosed is to protect its proprietary properties. For example, NTFS. Right now we only have NTFS read only, and we can write ntfs by actually using microsofts ntfs.sys file. With the source code there would probably be an NTFS kernel patch inside a week that worked perfectly.
Other things that microsoft would like to protect are:

a) obvious security holes that anyone who looked at the code could pick out
b) the source code to IE, so people don't release a patched version that doesn't suck.
c) DirectX, so windows will always remain the system to play games on. Imagine if we had the directx source. Within a couple months there could be a stable linux fork of directx and all windows games would work perfectly in linux.
d) Secrets. There are all kinds of things that windows could be doing that nobody knows about exept for one guy at MS who coded it in. If the source was open ./ers would comb it over with the finest comb and uncover all of ms dirty secrets if any. Maybe there's an algorithm that is patented by someone else. Maybe there's some hidden precursor to some spyware or some DRM. If the source stays secret they can't get in trouble for what is or isn't in it.
e) The #1 reason is really money. If the source for windows was open it would be just that much easier to get free copies of windows. Even better than that, they would get Windows Lite. Just like everyone uses Kazaa Lite. If the source for windows was open there would be a no IE no Media Player stable version roaming the net. People would switch to it so fast. MS would lose all its revenue from desktop OS licenses.
f) File formats. If we had the source to office the doc file format would be wide open among others. Presently doc files are supported for importing/exporting in non MSOffice word processors, but it never goes quite right. Justification is missing, or fonts break. With the file formats open nobody would have a reason to use office.
g) Driver database. This kind of goes with the NTFS thing I talked about, but windows has a huge database of device drivers in it. With access to the source for all these drivers linux or any other OS (SkyOS or BSD) would have equivalent hardware support to windows.

If you get the games (directx) and the hardware support, there just wont be a reason for people like me to dual boot anymore. If MS opens its source people will look at it and fork it and pieces of it. They wont maintain and develop it. They will chop it to bits and turn lead into gold. Thus being the end of Microsoft's monopoly.

Their source code isn't some secret ingredient. It's the only thing seperating them from certain doom.

More popular in the 1980s.

[Animats]

Source code escrow was quite common in the early days of microcomputer software. Back then, the software companies were little and their customers were big, and they had to keep the big companies happy. Now, it's the other way round.

Some of the early source code escrow companies themselves went bust. You need a software escrow agent that's likely to be around for decades. There are still companies offering software escrow services, but it's a minor business.

Iron Mountain has a software escrow business, and they offer some stories of software released from escrow. The most common situation is bankruptcy of a supplier.

My escrow experience

[jp93023]

I had the lead for my former company's purchase of a customized Learning Management System. My employer was a privately held retail chain which could barely keep the configuration straight on our POS, and had already replayed the whole custom software development death march several times. But the lawers insisted that we obtain a "Source Code Escrow" for our $250k LMS purchase. I asked them under what conceivable circumstances they thought we would actually put together a team to take the code back into development, or even to create the build environment for debugging (and recursion testing, rinse, wash, repeat). I escalated to VPs, who basically said "Gotta have Source Code Escrow" while having no clue what would really be involved. So we paid for and got it. The LMS company indeed went belly up during the dotcom bust and we abandoned their product for an off the shelf system from a more stable vendor. But they still have the right to dig that old code out of escrow should they desire!

No, Escrow can be complete and accurate

[AHumbleOpinion]

Another problem with source code escrow agreements is that people don't know whether the code deposited with the agent will even compile or be complete

Escrow is just like software, its goodness or badness varies with the people involved. Nearly two decades ago I worked at a medium sized company that sold equipment to the phone company. Everything went into version control. Source code, documentation, compilers, libraries, tools, config files, etc. Developers produced a release candidate, passed along CRCs of all files to QA. QA wiped a PC's hard drive, grabbed the candidate from version control, built it for themselves, and verified the CRCs matched. QA only tested what they built for themselves. When a candidate was approved and released to the phone company that release was also sent to the escrow company designated by the phone company. And of course checklists documented the process above.