Talk:Source code escrow: Difference between revisions
Mastorrent (talk | contribs) No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
National Escrow Company (Ireland) WWW.Nationalescrow.ie |
|||
This page does not seem to be in an encyclopedic format and probably should be updated |
|||
[[User:Mastorrent|mastorrent]] 01:17, 13 June 2007 (UTC) |
|||
Many companies and organizations are being advised and encouraged by their insurance companies to establish a source code escrow for critical software, used under a license agreement, for their business. |
|||
Establishing a source code escrow can be a challenging process if the User and Developer are not in sync. The motivations for the User is a continuity of use in the event of the Developer becoming incapacitated and/or unable to continue to service/update the subject software. This is somewhat contrary to the Developer who at all times has a motivation to protect and shield the primary source code that often represents the heart and soul of their business. |
|||
Escrow instructions: |
|||
'If you want to be terrific, you have to be specific.' |
|||
It's very important in drafting escrow instructions to be very specific and simple. There is no room for ambiguity. Everyone must be clear and have the same complete understanding of the instructions. Their signature on the instructions is proof that they understand and agree with those instructions. |
|||
Although usually drafted by the escrow company, the instructions are coming from the User and Developer. It is prudent to let the Escrow Company draft the instructions, their experience will help greatly in this process. |
|||
The four most important entities in understanding escrow instructions are: the Escrow Holder, the User, the Developer, and the Judge. (Remember if there's litigation about the interpretations of a set of escrow instructions, the Judge's interpretation will prevail, it's too late to say, 'I though it meant this or that.') |
|||
Some of the challenges that must be overcome are: |
|||
Specifically defining the circumstance(s) that will lead to the release of the source code to the User. |
|||
Specifically describing the verifications of those circumstances. |
|||
Specifically describing the items to be placed into escrow. |
|||
The circumstances that will end an escrow without formal notification from any of the principals in the escrow. |
|||
What will happen to the source code in escrow if the escrow ends or is released. |
|||
Term of the escrow. |
|||
Many companies encrypt the source code before sending it into escrow. Then they pass the encryption keys to the user. This way no one, including the escrow company, has any way of reading the code. |
|||
The instructions should never take the place of the User/Developer contract. This contract may have no reference to a source code escrow before the parties enter into the escrow. But upon committing to entering a source code escrow, the contract should have a number of items incorporated. These might include: The timetable of updates of the code placed into escrow. The manor in which the source code and updates placed into escrow are verified*. What exactly is being put into escrow. What happens if the user stops updating escrow. |
|||
There is usually a setup fee charged by the escrow company and a ongoing storage fee, this could be monthly, quarterly or annual. Fees can be paid by both the User and the Developer, typically the User pays. If the Developer pays, it's likely that this fee will then be passed through to the User. |
|||
* IMPORTANT Escrow companies are usually insured as 'escrow companies'. This insurances usually insures, among other things, the parties in the escrow against certain types loss of the items held in escrow due to the behavior or omission by the escrow company. The escrow company must act as a neutral third party in an escrow. It must not act as an agent for one of the parties to the escrow. In doing so the escrow company is no longer neutral and should not be playing the role of escrow. Certainly not collecting a fee for such. Verifying the quality, utility or any other aspect of the source code might mean the escrow company is acting on behalf of the User. Such an act may lead to the denial of insurance by the company insuring the Escrow Company. For this reason it's prudent for the User and Developer to establish a their own manor to verify the quality and utility of the held source code. A Solicitor or Attorney acting as an escrow holder must be very careful to avoid direct or ostensible agency. Such actions might be very detrimental for the principals in the escrow and carry considerable liability to the Attorney or Solicitor. |
|||
Revision as of 12:12, 5 September 2012
National Escrow Company (Ireland) WWW.Nationalescrow.ie
Many companies and organizations are being advised and encouraged by their insurance companies to establish a source code escrow for critical software, used under a license agreement, for their business. Establishing a source code escrow can be a challenging process if the User and Developer are not in sync. The motivations for the User is a continuity of use in the event of the Developer becoming incapacitated and/or unable to continue to service/update the subject software. This is somewhat contrary to the Developer who at all times has a motivation to protect and shield the primary source code that often represents the heart and soul of their business. Escrow instructions: 'If you want to be terrific, you have to be specific.' It's very important in drafting escrow instructions to be very specific and simple. There is no room for ambiguity. Everyone must be clear and have the same complete understanding of the instructions. Their signature on the instructions is proof that they understand and agree with those instructions. Although usually drafted by the escrow company, the instructions are coming from the User and Developer. It is prudent to let the Escrow Company draft the instructions, their experience will help greatly in this process.
The four most important entities in understanding escrow instructions are: the Escrow Holder, the User, the Developer, and the Judge. (Remember if there's litigation about the interpretations of a set of escrow instructions, the Judge's interpretation will prevail, it's too late to say, 'I though it meant this or that.')
Some of the challenges that must be overcome are:
Specifically defining the circumstance(s) that will lead to the release of the source code to the User. Specifically describing the verifications of those circumstances. Specifically describing the items to be placed into escrow. The circumstances that will end an escrow without formal notification from any of the principals in the escrow. What will happen to the source code in escrow if the escrow ends or is released. Term of the escrow.
Many companies encrypt the source code before sending it into escrow. Then they pass the encryption keys to the user. This way no one, including the escrow company, has any way of reading the code.
The instructions should never take the place of the User/Developer contract. This contract may have no reference to a source code escrow before the parties enter into the escrow. But upon committing to entering a source code escrow, the contract should have a number of items incorporated. These might include: The timetable of updates of the code placed into escrow. The manor in which the source code and updates placed into escrow are verified*. What exactly is being put into escrow. What happens if the user stops updating escrow.
There is usually a setup fee charged by the escrow company and a ongoing storage fee, this could be monthly, quarterly or annual. Fees can be paid by both the User and the Developer, typically the User pays. If the Developer pays, it's likely that this fee will then be passed through to the User.
- IMPORTANT Escrow companies are usually insured as 'escrow companies'. This insurances usually insures, among other things, the parties in the escrow against certain types loss of the items held in escrow due to the behavior or omission by the escrow company. The escrow company must act as a neutral third party in an escrow. It must not act as an agent for one of the parties to the escrow. In doing so the escrow company is no longer neutral and should not be playing the role of escrow. Certainly not collecting a fee for such. Verifying the quality, utility or any other aspect of the source code might mean the escrow company is acting on behalf of the User. Such an act may lead to the denial of insurance by the company insuring the Escrow Company. For this reason it's prudent for the User and Developer to establish a their own manor to verify the quality and utility of the held source code. A Solicitor or Attorney acting as an escrow holder must be very careful to avoid direct or ostensible agency. Such actions might be very detrimental for the principals in the escrow and carry considerable liability to the Attorney or Solicitor.