Have you ever considered asking a software vendor to put their source code in escrow? I recently broached the topic with a vendor I was evaluating. They didn’t seem too happy about the topic (at first, they were a bit sarcastic [“does Oracle do software escrow?”] and then they deleted tech support forum post). I did a bit of research, and there doesn’t seem to be a clear consensus on software escrow. Here are two interesting articles: Are you just following the herd? and Source Code Escrow.
Just having started thinking about the topic, my thoughts are still up in the air, but here’s my first reaction. Source code escrow makes sense when the following conditions are met:
- The software is not open source (duh)
- The software is or will be crucial to your business
- The company is small or the future of the company is up in the air
- You (the purchaser) have the technical capabilities to support the software should you receive it, or you’re willing to invest in those who can
- You are willing to pay more for source that will be escrowed
I think of source code escrow like a warrenty on a car, or a professional license of open source software (like RedHat or Alfresco). It’s not for everyone (a car mechanic isn’t going to buy the warrenty) but it’s a nice option to have. And, to stretch a metaphor, if you’re going to soup up your car and build a livelihood on it, it’s nice to have a warrenty.
Reading your blog was interesting and loved the two articles; the conditions you are speaking about are reasons to ask for escrow. A little extra on your first bulletpoint, which you will agree upon, is the following:
Let say someone sells Opensource software, how does someone without the expertise of programming knows it is Opensource. Within our verification on sourcecode we often find closed source included within or next to the Opensource. In the end the Client will know when the ISV goes bankrupt.
Another point I like to address is that hosted software(SaaS/PaaS/IaaS/ASP) often is serviced by the supplier because it is easier to run updates ect. but when a supplier goed bankrupt, there is not a guarantee the services will be running, because who has access to the hosted enviroment and who will pay the bills. The anwser is SaaS Escrow, check our website.
Interesting perspectives. I’m not sure how SaaS escrow really helps, because many businesses who use SaaS software simply couldn’t run it themselves. A better option, in my opinion, would be to lobby SaaS providers to add export capabilities to their software, so that you own your data. See http://www.mooreds.com/wordpress/archives/708 for more on my perspective on trusting third parties with your data.