A recent article in an American publication highlighted a problem facing chief information officers (CIOs) worldwide. In fact, TechLaw called this problem a “nightmare” and wished the CIO all the best of luck attempting to explain why his company’s sweet dreams had turned.
The piece went a little like this: “Here’s a nightmare you’ll wish would end with you waking up. Your company spends $500 000 to license some software. Then the company you paid goes bankrupt. Now you have $500 000 worth of orphaned software. We’ll take a rain check on being you while you’re explaining this one to the board”.
Here’s a more detailed explanation of the problem of this “orphanware”, and a simple yet effective solution.
The problem
When a company licenses software, it often gets a licence to use the machine-readable object code but not access to the source code.
The difference between the two codes is vast: machines read object code, any changes that need to be made to a system must be done using the source code, which is the only computer code humans can read.
If the developer goes bankrupt or refuses to support the software, the only way the licensee company can hire its own programmer to fix any glitches and make any changes or enhancements needed, is if it have access to the source code.
But, here’s the rub. Developers don’t easily part with their source codes because they perceive it akin to giving Robin Hood the keys to the Tower of London.
A solution
There is, however, a compromise which means that developers don’t have to part with their source codes unless absolutely necessary, yet gives licensee companies peace of mind that, when it becomes necessary, they will be able to get their hands on that source code.
The compromise is active software escrow. Under an escrow agreement, the supplier and end-user of the software product agree that the source codes of the vital software product and related documentation are deposited with a neutral third party – the escrow agent – who is authorised to release the materials to the end-user under conditions as agreed by the supplier and the end-user in a written agreement.
Such conditions may relate to operational risk, technical malfunction or even failure of the supplier who tailored and contextualised the software to the end-user’s business requirements.
The key objectives of escrow are:
There’s another consideration. A passive approach to escrow or intellectual property custodianship involves passive custodians (such as banks, notaries, legal firms) that may physically “hold” a copy of the software, source code and documentation et al, but these custodians do not warrant that it is the correct or up-to-date versions.
Unfortunately, nine out of ten traditional unverified source code deposits held in escrow by passive custodians such as banks and attorneys, are useless. They are therefore unable to meet the requirements of the IT component of the company’s business continuity plan should the original software supplier no longer be in a position to continue to support the system it provided.
However, with active escrow, the escrow agent verifies the property held at least once a year to warrant that the deposit contains what the supplier has committed to lodge so as to provide proper reassurance that it is up-to-date and usable.
For example, Escrow Europe offers three levels of technical verification and reporting depending on how mission-critical the client considers the business application to be.
Inevitably, there are numerous CIOs and their boards who do not believe they need to invest in escrow.
They should ask themselves some questions and consider the consequences certain events may have on the financial success, let alone continuity, of their business:
Contact Guy Krige, Escrow Europe, Tel 021 852-9365, guy.krige@escroweurope.co.za