Slashdot Mirror
Source Code Escrow
Makarand writes "According to this article in The Economic Times (India) Software companies in India
are embracing the trend where source code for the software being bought or sold
is
kept safe with an escrow agent
with carefully drafted agreements. This allows
the buyer to get hold of the source code in cases where software was licensed from a
start-up which has now folded or a breach of contract regarding the maintenance services
that were agreed upon can be proven. The source code is automatically released
upon the occurrence of any of the events mentioned in the escrow agreement and the
buyer will be able to study the source code and continue to provide support services
for the software bought without relying on the employees of the software supplier."
not just something that happens in India ... I put source into escrow as part, of a contract at least 15 years ago, and it certainly wasn;t a new idea then
Source code escrow is a very old idea. I used it at my last job when in a situation where the two parties had not had a great relationship.
The trouble with the code escrow is that, of course, if the relationship (or the programmers' company) goes to hell then the buyer of the code will have a big lump of code that may or may not be obfuscated. It's questionable whether the code can be completed at all, let alone brought to market in a reasonable time period.
Another problem is that the escrow company we used charged fees for receiving the source code discs in the mail, additional fees if you actually wanted them to insert them in a computer and report what files existed, and exorbitant fees if you had the nerve to want them to compile and link the files. I don't know if they even offered the ability to run the resulting application to see what happened (i.e. to see whether the developer sent you the source for your project, or sent you the source for gcc running on a Sun 3).
It seems like a market opportunity for an IT-oriented company that has spare cycles, if any of those exist. Could be a nice sideline business. Advertising should be pretty easy; we had a hard time even finding the one (not very good) escrow service that we used.
You're right, except for one thing. The reason microsoft doesn't want its source code disclosed is to protect its proprietary properties. For example, NTFS. Right now we only have NTFS read only, and we can write ntfs by actually using microsofts ntfs.sys file. With the source code there would probably be an NTFS kernel patch inside a week that worked perfectly.
./ers would comb it over with the finest comb and uncover all of ms dirty secrets if any. Maybe there's an algorithm that is patented by someone else. Maybe there's some hidden precursor to some spyware or some DRM. If the source stays secret they can't get in trouble for what is or isn't in it.
Other things that microsoft would like to protect are:
a) obvious security holes that anyone who looked at the code could pick out
b) the source code to IE, so people don't release a patched version that doesn't suck.
c) DirectX, so windows will always remain the system to play games on. Imagine if we had the directx source. Within a couple months there could be a stable linux fork of directx and all windows games would work perfectly in linux.
d) Secrets. There are all kinds of things that windows could be doing that nobody knows about exept for one guy at MS who coded it in. If the source was open
e) The #1 reason is really money. If the source for windows was open it would be just that much easier to get free copies of windows. Even better than that, they would get Windows Lite. Just like everyone uses Kazaa Lite. If the source for windows was open there would be a no IE no Media Player stable version roaming the net. People would switch to it so fast. MS would lose all its revenue from desktop OS licenses.
f) File formats. If we had the source to office the doc file format would be wide open among others. Presently doc files are supported for importing/exporting in non MSOffice word processors, but it never goes quite right. Justification is missing, or fonts break. With the file formats open nobody would have a reason to use office.
g) Driver database. This kind of goes with the NTFS thing I talked about, but windows has a huge database of device drivers in it. With access to the source for all these drivers linux or any other OS (SkyOS or BSD) would have equivalent hardware support to windows.
If you get the games (directx) and the hardware support, there just wont be a reason for people like me to dual boot anymore. If MS opens its source people will look at it and fork it and pieces of it. They wont maintain and develop it. They will chop it to bits and turn lead into gold. Thus being the end of Microsoft's monopoly.
Their source code isn't some secret ingredient. It's the only thing seperating them from certain doom.
The GeekNights podcast is going strong. Listen!
Bzzzzt! Wrong. Code is usually put in escrow after a team of developers, either from the client or a third party, examines it (under an NDA) and comes to a conclusion that if the vendor goes bust they would be able to maintain it. This gives the client the option that their own people or a third party could take over if need arises.
Microsoft source code isn't their crown jewels, as they always claim: even if people got access to it, they couldn't develop and maintain it anyway.
Microsoft code will not be put under escrow any time soon, I suspect. The arrangement usually fits the situation where a small software vendor (e.g. a startup) delivers a software product to a bigger company. The bigger company is concerned that the small vendor may go under, but they have some assurance that they - or another software company - can pick maintenance up with the escrow code. Since they are big compared to the vendor the additional resources will not be prohibitive. They were paying the vendor for support, too. Now they will be paying someone else, or allocate a few people of their own.
What is put in escrow is negotiated - this would normally include everything that is needed to maintain the product, including a working build system, older revisions and logs, documentation, etc. Again, the package is examined before put in escrow, and someone whom the client trusts says, in a pinch I will be able to do it.
Normally the client would still prefer the vendor to stay afloat and provide the service though. Escrow is the second line of defense, and as such it is useful. From the clients point of view it is open source, but they are not in a rush to modify or redistribute it.
I have. Several times.
Even non-compiling source code is very useful, for at least two reasons, and likely many more.
Interoperability/data extraction
Chances are if your software is abandoned, you're migrating to something else. Getting that data out of your old system is a lot easier if you can see the code that put it in there, as is writing a compatible system.
Maintenance by Reverse Engineering
Just seeing how things works allows you to extend the life of software by working around and fixing new problems. A good example is some abandonware we had that was locked by license key to a fixed hostid. A trawl through the source code would have allowed us to reverse engineer a license key generator and easily move the system to a new host. (In the end we had to fix this with judicious use of LD_PRELOAD and fake gethostid() and hostname() calls, but making a new license key would have been much nicer.)
From a business point of view, I'd like all software to be licensed under a source escrow arrangement.
- mib