SOURCE CODE ESCROW

Source code escrow
From Wikipedia, the free encyclopedia
Jump to: navigation, search
Source code escrow means deposit of the source code of the software into an account held by a third party escrow agent. Escrow is typically requested by a party licensing software (the licensee), to ensure maintenance of the software. The software source code is released to the licensee if the licensor files for bankruptcy or otherwise fails to maintain and update the software as promised in the software license agreement.

Source code escrow services may be very limited, such as verifying that media is readable, or very comprehensive, such as doing a complete build of the software based on the source code and verifying features match the binary version.

How it started ...In 1981, a young mathematician named Dwight Olson saw an opportunity in the infant software product industry. Software companies often were unpredictable and difficult-to-understand let alone invest in. They were formed and dissolved, merged or acquired with quite regularity. If you wanted to use one of their software products, you had to accept the substantial risk that the software company would be gone before the software product's useful life was over and had to be replaced. When the software company was gone, the licensees were on their own: no more support, no more enhancements, and no more future product releases.

This risk, sometimes called “software intellectual property investment risk,” proved a deterrent to the adoption of innovative software from smaller vendors. In the early eighties there were only small software companies. Olson wanted to find a way to control this software investment risk. If software source code could be stored in a safe place — a place where only a neutral third party could access it, and the developer still in control of it, then users could obtain it in the event that the owner-originator went bankrupt!

The source code could be released to those who had an escrow agreement and a license for it in the event that the software company simply no longer existed and in some instances for mission critical software when the software provider materially breached a support agreement.

Such an idea would work only if a neutral third party held the software for the benefit of both the software developer and user. Thus, “Software escrow” was born.

Olson’s business, Data Securities International, started in 1982 and grew slowly and steadily for over 20 years, and he and the investors eventually sold it to Iron Mountain. Today, it is the largest of several software and technology escrow providers in the marketplace.

An entirely different use of source code escrow was made by the State of North Carolina in 2005, when it enacted an election integrity law. This law was put in place, in part, to avoid glitches in electronic voting machines as seen in the North Carolina 2004 elections. The law required the source code escrow for the original purpose of protecting the licensee in the event of the bankruptcy of the licensor. However, it went further and took the unprecedented step of allowing, and in fact requiring, review of the code in escrow. It allowed review by the State Board of Elections, Office of Information Technology Services, the State chairs of each political party, the purchasing county, and up to three designated agents of same. It required review by the State Board of Elections prior to certifying any voting system. While previous use of source code escrow had the intent of concealing the code from the user (while still assuring access in the event the supplier could not support the code), the North Carolina law used source code escrow to allow the user to inspect the code.