Data Securities International

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Data Securities International, DSI was a technology escrow administration company based in San Francisco, California. Founded in 1982, the company escrows source code and other maintenance materials for licensees. The company was acquired by Iron Mountain Incorporated in 1997.

Software Escrow[edit]

In 1981, mathematician Dwight C. Olson saw an opportunity in the infant software product industry. Software companies often were unpredictable and difficult to understand, let alone invest in. They were frequently formed and dissolved, merged or acquired. If you wanted to use one of their software products, you had to accept the substantial risk that the software company would be gone before the software products useful life was over and had to be replaced. When the software company was gone, the licensees' were on their own: no more support, no more enhancements, and no more future product releases.

This risk, sometimes called “software intellectual property investment risk”, proved a deterrent to the adoption of innovative software from smaller vendors. In the early eighties there were only small software companies. DSI wanted to find a way to control this software investment risk. If software source code could be stored in a safe place — a place where only a neutral third party could access it, with the developer still in control of it, then users could obtain it in the event that the owner-originator went bankrupt.

The source code could be released to those who had an escrow agreement and a license for it in the event that the software company simply no longer existed and in some instances for mission critical software when the software provider materially breached a support agreement.

Such an idea would work only if a neutral third party held the software source code for the benefit of both the software developer and user. Thus, software escrow was born.

DSI History[edit]

DSI's vision enabled the software industry to flourish.{{See “Why uncertain economics have generated a boom in software escrow”, Denver Business Journal, Front Range Tech Biz 10/11/2002 By Emily Frye. See also; Association of Corporate Counsel (ACC) Digital Docket, April 2004 Technology Escrow by Garry Watzky,}}

Data Securities International was founded in 1982.[1] The company grew steadily over the years before being sold to Iron Mountain in 1997.[2]

In order to provide additional assurance of the usability and usefulness of the content of the escrow deposit, the concept of “Software Escrow Verification” was developed.Verification of the escrow account content was highly recommended since with potentially so much riding on the deposit, waiting to inspect contents until after release could be catastrophic as by that time it would be too late to correct any deficiencies.

Depending upon the risk tolerance of the deposit account beneficiary several possible types of verification were implemented.

The first and least rigorous consisted of simple inspection of the deposit which served to verify that the deposit is accessible. This confirms that digital media can be accessed. If the deposit is encrypted/password protected it confirms that the correct password has indeed been provided. Confirms that any tools necessary to extract the software are known and catalogued - note that without compiling the software this can only be regarded as a provisional confirmation. Finally, confirms that documentation describing the configuration of the build environment and build procedures have been provided. This is even more important today than in 1982 given the complex and distributed nature of modern software build environments.

Next and more rigorous was the creation of executable files. This verified that all required components can be compiled from the source code provided in the deposit, using the instructions provided to configure the required build environment and the build procedures provided. Verified that all required environmental parameters have been completely specified; hardware specifications, operating systems, compilers, third party tools and specific configurations that may not be intuitively obvious without direct previous experience with the escrowed software. Certification of required tools is important since the absence or unavailability of even a single tool, library or API necessary to support compilation could render a deposit useless in the event of a release.

The highest and most rigorous was to functionally exercise the executable components created from the escrowed source code. This required configuration of a test environment and running a set of tests to confirm that the executable files created are indeed the correct software and that these executable files behave in a manner consistent with expectations. Often this requires configuration of application servers, database engines and other third party components to completely set up a functional environment. This type of testing can be most important for those applications that are delivered via an ASP model where the beneficiary of the account does not have any license to possess even a copy of the executable files until a release occurs and would therefore have no knowledge or experience configuring a system suitable to support continued operation of the application and would be totally dependent upon any documentation within the deposit describing the configuration of the functional system.

Data Securities International introduced the concept in the mid 1980s for a Total software Value (TSV) that uses the composites of Ownership Value (OV) or the software inventory, Market Value (MV), and Internal Cost Savings (ICS) as values and influencing variables of software as a financial asset. A TSV software inventory valuation (OV) analysis looks at the sum total (or bundle) of the various software components or intellectual assets that make software usable as a product.[3]

In 1992 Data Securities International was asked to become an associate member of the American Bar Association’s Information Security Group (ISC) of the Science and Technology Section working on Digital Signatures. The digital signatures document was released in 1996 and DSI became co-chair of the Key Recovery or Key escrow Working group of the ISC to develop additional Key Recovery requirements for the use of asymmetric encryption keys for security and authenticated transactions. DSI was an initial member of the Key Recovery Alliance, a consortium of major corporations working to deliver commercial software products for security of E-commerce using Digital Signatures on the internet. The Key Recovery Alliance (originally at KRA.org) was an industry organization of 30 international companies that supported key recovery, including the leading firm RSA Security, but it disbanded in 1999 under pressure from civil rights groups. Individual countries such as the US and UK have since moved to try to implement key recovery systems on their own.

References[edit]

  1. ^ Holding the keys - Data Securities International, key recovery center - Company Operations | Software Magazine | Find Articles at BNET.com
  2. ^ IRON MOUNTAIN PLANS TO BUY 2 COMPANIES FOR $60 MILLION - New York Times
  3. ^ Software & Valuation in the Information Society", LES Nouvelles, June 2008

External links[edit]