Frequently asked questions about source code escrow
What type of organizations are suitable to act as source code escrow agent?
An organization that is regulated and therefore subject to strict codes of conduct is ideal. This is because you want to be sure that the third party is going to be independent and trustworthy, so that if it faces a conflict of interest situation it will act properly, and not compromise your interests. It is also important to trust the agent to hold your source code securely and not lose it or in other ways act negligently.
How is the source code protected?
Ideally two copies should be held on CDs at any one time, and in different locations. Care should be taken as to who has access to the code. Another useful service is for the source code agent to keep a history of changes as the software is updated.
What happens in the event of a dispute?
The parties can agree before they set up the escrow service how disputes are to be resolved. Under our standard terms the President for the time being of the British Computer Society would decide the dispute, but it is entirely open to the parties to agree something else before the escrow service is set up.
Do you verify that the source code you are holding is actually the right one for my software?
Not normally. The escrow service is essentially based on trust, offering a deposit of the source code rather than verification that the source code is the source code for your software. If requested we may be able to provide verification services but this would come at a price.
To verify that the source code held is in fact that used in the creation of the software in question can be an extremely complex task. Verification can involve anything from an inspection of the file structure, version details, and modification history, to compilation of the software, to an in-depth analysis of the source code itself. A similar process would be necessary each time the deposited code was updated.