What is a Source Code Escrow? All you need to know

What is a source code escrow agreement and how does it work?

In today's business environment, companies frequently license custom software applications that are critical to their operations. Developing these applications can involve significant financial investment, often running into millions. Given the importance of these applications, it's increasingly common for companies to require software developers to store their software's source code and related documentation in a source code escrow.

The software source code has strategic value to a company and, like anything of value, it’s natural to want to protect it. In this scenario, putting in place a source code escrow agreement is exactly the insurance that companies need.

A source code escrow (or software escrow) works by the supplier (the software developer) depositing the source code (and documentation on how to use it) with a trusted third party (the source code escrow agent). This is then agreed to be released to the beneficiary (the client) upon the occurrence of a “release event” such as the software developer filing bankruptcy, closing up shop or failing certain obligations under the license. Following any of these release events, the insurance premise of a source code escrow is revealed.

In essence, the client can then obtain the software source code to continue to use it, and if agreed in the license, maintain the software without the supplier’s involvement. This enables the business to continue to operate without interruption or impact; whether this means being able to maintain the software by fixing bugs or ensuring compatibility with system upgrades or even just giving the client some breathing room until they can find a new supplier.

Why should developers make a source code escrow?

While the most commonly talked-about benefits of a source code escrow (or software escrow) are those for the client, it also brings a multitude of advantages for the supplier (software developer, vendor or distributor).

It allows suppliers to stand out from the crowded field of competition and offer more value by:

• Demonstrating that they’ve considered the deal from their client’s end and in effect, they are offering them a solution, or a Plan B, if Plan A fails
• Responding to the specific needs of the client

It is also a way to frame the access conditions for the source code:

• Together with the client, the supplier decides under what conditions access will be granted
• By requiring the client to go through an independent third-party, they then secure a level of neutrality and objectivity if the conditions are met

Another key benefit that developers should consider is that depositing your software source code is like taking out an extra security policy, as a backup is always in place. In parallel, they are also securing the copyright in their source code if ever an issue of authorship or unfair competition comes into play, as the deposit serves as legal proof in court that the source code was owned at a specific date and time.

What type of source code escrow agreements are available?

There are three types of classic source code escrow contracts: an access clause, bipartite and tripartite.

The access clause option

This is a clause which is integrated into an existing contract between the beneficiary and supplier such as an end-user licensing agreement, maintenance contract or a clause in the general conditions of use. This is frequently found in contracts that concern standard software that is not operation-critical and is often made available to multiple clients. In other words, it is not specific to a particular client. 

The bipartite source code escrow agreement

This type serves those who would like more control over the management of assets. This is a two-party contact between the software supplier and the client and unlike the access clause, is independent from the commercial contract. In a bipartite source code escrow, both parties play a part in the management, allowing the client to monitor the status of the deposit made by the software supplier and take action if the agreed terms are not respected. It is uniquely a relation between the supplier and the beneficiary. 

The tripartite source code escrow agreement

This last one takes it one step further by becoming a three-party agreement- meaning that a chosen source code escrow agent is signatory to the contract and plays the role of ensuring that the terms are met. It’s because of this that the tripartite agreement is considered as the most secure for the beneficiary, as the escrow agent has a more active role in monitoring the contract throughout its life and making sure that the parties honour the terms that they agreed to.

How can you check what has been placed in the source code escrow?

This is a valid point that many businesses want to know. How can they be sure that what is being escrowed is indeed what they will need to avoid an interruption to their business? Due to this, it's recommended to check what has been place in the source code escrow by choosing a source code escrow agent that offers a verification check.

At Vaultinum we offer three types of deposit verification levels with our source code escrow service. 

Standard deposit

The first type of source code deposit is the standard deposit. This deposit does not undergo any verification procedure, meaning that as the source code escrow agent, Vaultinum does not verify that that the software source code being deposited is in fact the source code actually used by the user. In effect, with the standard deposit, the client cannot know for certain what is deposited.

Element-checked deposit

The second form of source code deposit is the element-checked deposit. This option provides more assurance to the beneficiary by the escrow agent certifying that the software source code provided in the deposit contains readable data, is presented in the form of a clear tree view and is exploitable by the beneficiary. With Vaultinum, this level of verification provides a Deposit Verification Report describing the elements deposited and attesting to their verification.

Content checked deposit

Lastly, we also provide the Content Checked Deposit which is the most in-depth software source code verification possible and depending on the level of assurance desired, from high to highest, is available at three different testing packages.

However, for each of the software source code options explained above, it involves a Vaultinum agent going on site to perform a functionality test to verify that the source code is operational and to guarantee that it corresponds to that used by the beneficiary.

When entering a source code escrow agreement with Vaultinum, you can be assured that you are doing so with a European trusted third party, with 45 years of experience in the protection of digital assets. Our source code escrow clients benefit from the highest level of security and protection, through our use of asymmetric encryption and ISO 27001 certification standards and implement strict access procedures in all of our escrow agreements.

What’s more, through our online dashboard, we make it easy for you to manage all of your source code escrow agreements in one place. If you’re a software developer looking to meet your client requests or increase your competitive edge, speak to us today to find out how Vaultinum can assist you with your source code escrow (or software escrow) needs.