We Offer a Range of Verification Services to Ensure the Usability of Source Code
Software Escrow Services | Verification and Testing
Escrow London offers an array of verification services to mitigate potential risks with software escrow arrangements. Our mission is for our clients to be comfortable that in the event of a release condition, the source code deposit will be accessible and usable.
File Integrity Test
Comprehensive Build Verification
Cloud Deployment Verification
SaaS Release Verification
Mobile App Verification
File Integrity Test – Included Free Of Charge With All Agreements
The File Integrity Test is a check of the deposit to ensure that the data can be accessed and it is free of viruses. The basic verification report includes the following checks:
- Ensuring that data exists on the deposit media that resembles source code data.
- If the data is encrypted, a working encrypted key is included in the documentation.
- If the data is compressed it can be decompressed into a logical file structure.
- Ensuring documentation exists detailing the required components needed to compile the software.
Comprehensive Build Verification
The Comprehensive Build Verification provides the Beneficiary with independent assurance of the completeness and usability of the Deposit Materials. Using the supplied source materials and performed remotely via a secure connection, an Escrow London consultant observes and documents the software build and compilation process. If feasible, once the Product has been compiled/deployed, the Beneficiary will be invited to remotely test the recompiled software. A typical Comprehensive Build Verification would include:
- Identify and document the test development environment utilised including specifications of all hardware, operating systems and virtualised environments;
- Identify all third-party applications used during compilation of the Product;
- Introduce the Source Code and associated files required for compilation of the Product into the test development environment;
- Analyze and document the structure of the Source Code repository and ensure that Source Code directories are present for all components of the Product;
- Identify the readability of the Source Code – check for history, formatting, comments etc. and examine file/function naming conventions etc. to verify the lack of any obfuscation;
- Identify any database(s) included as part of the software and ensure the appropriate database creation scripts or dump files are included as part of the deposit if appropriate;
- Verify that all Source Code can be used to generate an executable version of the Product and that all application components have been successfully compiled;
- Verify that the Product components can be successfully deployed and that the version of the Product is the correct version as specified by the Beneficiary with configuration of the test runtime environment and details of all third-party applications required documented;
- Verify that on the entry of test data the Product functions in the correct and expected manner;
Cloud Deployment Verification (For AWS/Microsoft Azure/Google Cloud)
Provides the assurance that all information, files and source materials including deployment scripts required to build the software have been deposited into escrow and verified for completeness and useability. An Escrow London consultant observes the Depositor performing a compilation/deployment and documents the process. This includes:
- Capturing the deployment process using screenshots;
- Asking questions to clarify the deployment process;
- Identify and document any third-party dependencies.
A final report will be issued covering the verification process including screenshots confirming the product deployment.
Cloud Deployment Verification with Code Quality Audit (For AWS/Microsoft Azure/Google Cloud)
The Cloud Deployment Verification with Code Quality Audit provides the Beneficiary with Independent assurance that in addition to the deployment process as included in a Cloud Deployment Verification, an Escrow London consultant will perform a deep dive into the quality of the source code materials deposited as part of the escrow agreement. This exercise will provide assurance that the deposit contains source code for all components of the software and that the source code may be modified and that variables, functions, etc appear to be defined clearly and explicitly. This additional process is designed so that a third-party developer could continue to maintain the source code if ever required.
SaaS Release Verification (Enterprise SaaS Continuity service)
This test is performed to simulate a release condition of a SaaS environment. This process is to ensure that the CloudFormation/Terraform scripts or other deployment scripts are deployable to a clean cloud instance. The database is verified to ensure that the database is functioning and that the data is accessible by the end user. The process includes detailed documentation of the steps required to launch the application and an opportunity for the client to perform functionality testing of the escrow environment.
Mobile App Verification
This test is performed to verify that the deposited source code for a mobile app may be used to build and run a functioning version of the app for both Android and IOS on a local machine. The test does not include submission or publishing the app within the relevant app stores.
Looking to implement a secure software escrow solution?
Leading Companies Trust Escrow London
YES! I want a free quote
If you have any questions about our services or would like to receive a free quote, simply fill in your details and we will be in touch with you.