Feeds

Software escrow – a useful tool for small developers?

If the customers know where the source is, and know where to get it, maybe

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Software escrow, essentially a way of preserving source code by depositing it with a third party, is becoming increasingly fashionable as small developers seek to license software to large organisations. An op/ed in the current issue of Dr Dobb's Journal by Andrew Moore makes a case for software escrow agreements. Moore of course works for a firm that undertakes this. There are several situations in which this could be a useful thing to do. Moore quotes a case where Amoco had a project that would cost $10 million to deploy and involve 15,000 people. The best software for the project was from a small developer, so Amoco went ahead but with an escrow agreement in place that provided a means for the company to acquire the source code if the vendor was taken over or went out of business. A clause also gave Amoco the right to decide when a release condition had been reached, with arbitration or litigation safeguards. The tale ends with Amoco deciding it had to exercise its rights, and obtaining the source code in a couple of weeks. Escrow agreements can be two-party or three-party. In the first case, multiple end-users can be covered by an agreement between the vendor and an independent party, with the end-users being beneficiaries in defined circumstances. Third party agreements tend to be used where customisation of the escrow agreement is necessary. Deposited copies of software versions can also be used to prove when particular code was distributed, either to protect against claims or to prove ownership of the intellectual property at a particular date in defence against a claim. Another use may be in the authentication of software if a software vendor needs to show ownership in merger or acquisition talks. Aside from issues about whether copyright is an appropriate way to protect software, anything would be better than the foolish and arbitrary decision of the US Copyright Office to require only the first and last 25 pages of a work to be put on file. Maybe software escrow will remain as rare as fully-documented software, but in these litigious times, it could be quite a growth industry. ®

Security for virtualized datacentres

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Lawyers mobilise angry mob against Apple over alleged 2011 Macbook Pro crapness
We suffered 'random bouts of graphical distortion' - fanbois
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?