Why should Software Developers embrace Source Code Escrow?

Are trying to weigh up the pros and cons of why you should offer source code escrow agreements to your clients? Do you have frustrations with your current source code escrow vendor and are looking to ensure your overall source code escrow experience is a painless one? If the answer is yes then you’ve come to the right place! Learn about what source code escrow is, what agreements are available to you and how choosing the right source code escrow vendor and agreement can benefit you now and in the future.

What is a Source Code Escrow?

Also known as Software escrow, source code escrow is a three-party agreement between a software developer (the depositor), the end user (beneficiary) and the source code escrow vendor. The objective of a source code escrow agreement is to provide comfort to the end user that if the software developer is unable or unwilling to support the software, the code can be released to them. For software developers, the source code escrow agreement would be set up to ensure the ongoing maintenance and continuity of the software while protecting the intellectual property (IP) of the software developer.

What source code escrow agreement do I need?

There are a few source code escrow agreements available to suit every type of licensing contract:

  1. SaaS Escrow Agreement
    A SaaS Escrow agreement is used for SaaS hosted applications within AWS, Microsoft Azure, Google Cloud or a private hosting vendor. Solutions typically include replicated environments with 90 days of live continuity, the deposit of all the components that are required to spin up a SaaS environment (i.e. source code, deployment scripts, databases, containers) or the deposit of the access credentials to the production environment account.

  2. Single Beneficiary Agreement
    A Single Beneficiary agreement is made up of the depositor, beneficiary and the source code escrow vendor as an independent 3rd party. A source code escrow service agreement of this type is usually used when a client is licensing software from a developer. The agreement clearly outlines the release events and a guideline for the process should a release occur. Under a Single Beneficiary Agreement usually the source code and documentation are deposited on a regular basis.

  3. Multi Beneficiary Agreement
    Multi Beneficiary agreements are used by a developer to provide comfort to their clients that they have a standing source code escrow agreement in place. By having a Multi Beneficiary agreement in place, under a single agreement, the developer is able to add an unlimited number of beneficiaries to the master agreement. Under a Multi Beneficiary Agreement usually the source code and documentation required for each Beneficiary are deposited on a regular basis.

  4. Data Holding Agreements
    Data Holding agreements are used when a company is using a developer to create a bespoke application and the beneficiary owns the intellectual property.

Turn source code escrow into a painless process

Under a traditional on-premise software agreement, the client, usually a larger company requests for the application’s source code and documentation to be deposited with a trusted third-party source code escrow vendor. Source code escrow is often seen by software developers as a necessary evil to secure a large account and to provide their clients with comfort that if they end up in bankruptcy or a serious failure in service, an independent party has a copy of the source code, database or operating environment.

However, from our experience in speaking with thousands of software developers, we have identified what has frustrated them with their past experience with other source code escrow vendors to learn how to improve their overall experience and to turn source code escrow into a painless process.

  • Unlimited automated deposit process – in a world of automated deployment from Git repositories such as GitHub, GitLab and Bitbucket, software developers find the manual deposit requirements of some source code escrow vendors antiquated and inefficient. To overcome this potential headache, they should choose a source code escrow vendor who can provide unlimited automated deposits from unlimited Git repos integrating the source code deposit into the software development lifecycle.

  • Streamlined Sales cycle – as the majority of software applications have moved to being hosted within AWS, Azure or Google Cloud, source code escrow has become more complex. Source code alone will not usually suffice for most applications being placed into escrow. A common frustration amongst software developers is being sold an escrow product by sales representatives that don’t fully understand the technologies they are tasked with selling. This usually requires a second or third call with a technical representative followed with a lengthy questionnaire to complete in order to prepare a proposal. Software escrow vendors need to acknowledge this frustration and ensure that all sales representatives have extensive knowledge and understanding of the leading cloud hosting vendors and third-party integrations. They should aim to keep their initial call to a maximum of 20-30 minutes with a proposal following the same business day.

  • No delays in the legal review process – a source code escrow agreement usually needs to be reviewed and agreed upon by three parties. Developers and their clients often amend the agreement to meet their specific requirements which then needs to be approved by the source code escrow vendor. Delays in the review process and the inflexibility of the source code escrow vendor often causes frustration with the developer and their beneficiary client. This was identified as a major pain point and by having an internal legal department, red-lined agreements are usually turned around by the next business day.  In addition to this, the source code escrow vendor should provide as much flexibility as possible as long as certain parameters are met. In this way, they can facilitate agreements rather than becoming another hurdle to overcome. Escrow London provides a variety of free template agreements which can offer a great starting position when negotiating the perfect source code escrow agreement.
  • Remote and timely verification process– verification is an independent test to provide assurance to the beneficiary that the deposited code or SaaS environments can be rebuilt and deployed in the event of a trigger. During a verification exercise, the developer will need to demonstrate the build process to the source code escrow vendor. Escrow London aims to minimise the time required from the developer for verifications. From our experience, verifications should be performed remotely by using video conferencing and the verification consultants should be empowered to keep the time required from the developers to an absolute minimum. For repeat verifications, the same consultants (wherever possible) should perform the test to ensure that no new knowledge transfer is required.

Conclusion

There are many advantages why software developers should embrace a source code escrow agreement and in summary here’s why:

  • Highest level of information security and data protection – Source code escrow vendors understand that a software developers source code is their “crown jewels” and it should be protected accordingly. Investing in a source code escrow agreement will ensure the highest level of information security and data protection for your software.

  • Provide assurance – investing in a source code escrow agreement will ensure piece of mind to your customers that if you ever go out of business or can not support the software anymore they are protected. Providing this level of assurance by offering a source code escrow agreement will enable you to gain more customers.

  • Evolution of software – Using the services of a source code escrow vendor can help give the software developer the ability to continue with the development of their software while reducing the chance of any damage or disruption to their company.

Escrow London understands that your source code is your “crown jewels” and it should be protected accordingly. For all our clients’ we ensure the highest level of information security and data protection. We are developer focused and understand the pain of software developers in negotiating software license agreements. We ensure that the process of implementing a source code escrow agreement with us will be simple and efficient.

##

About Escrow London

Escrow London is a global source code escrow vendor headquartered in the United Kingdom. Our global coverage is provided across our London office, Escrow London North America Inc in Atlanta, and our Australian office in Sydney.

We have invested considerable resources into innovation to reinvent source code escrow for a SaaS world. Escrow London provides a range of SaaS Continuity escrow solutions suitable for AWS, Microsoft Azure and Google Cloud Platform hosted SaaS applications. We support a wide range of clients includes major banks, central banks, insurance firms, technology companies and government.