Software developers are often requested by their clients to implement a software escrow agreement. Software escrow is a three-party agreement between a software developer (the depositor), the end user (beneficiary) and the software escrow vendor. The objective of a software escrow agreement is to provide comfort to the end user that if the software developer is unable or unwilling to support the application, the beneficiary has the ability to request a copy of the deposit materials which may include source code, deployment scripts, and documentation to be released from the software escrow vendor. The software escrow agreement will outline the responsibilities of all the parties and usually includes the pre-defined release conditions.
With any software escrow agreement, the developer is required to deposit the source code of the application on an agreed frequency. The traditional methodology for source code deposits has been either on physical media or a manual upload to an FTP site. Using this manual method can cause problems, such as length of time it takes to deposit the source code or forgetting to deposit the source code on the agreed frequency.
To avoid this manual deposit process, which can ultimately result in having its problems, the best solution would include an automated deposit process. Most developers today use a Git such as GitHub, Bitbucket or GitLab as a repository for their source code management and deployment. It is only natural that the next step is to integrate the software escrow deposit to be part of this framework. This methodology for depositing code has many advantages for both the developer and the beneficiary which are explained below.
Here are the 5 top reasons software developers should escrow their code directly from Git:
- Removes the manual burden
Depositing code automatically directly from Git repositories removes the burden of the developer having to make manual deposits via SFTP or burning a physical deposit. The process is automated and once setup does not involve any day-to-day management by the developer.
- Integrates escrow into the code eco-system
By automating the source code escrow deposits, the process becomes part of the live source code management eco-system. This builds in additional and scalable efficiencies within the development framework.
- Most recent version deposited
When software escrow deposits are a manual process, the developers often forget to make the deposits according to a fixed schedule. By using an automated deposit process from Git, the source code will always be up to date and the most recent version. This provides the beneficiaries with additional comfort and peace of mind.
- Saves time and money
Developer time is costly. By automating the deposit process directly from Git eliminates the requirement for manual deposits. After the initial setup which takes 15 minutes, the Git deposit process simply runs in the background. This saves the developer time and the beneficiary money.
- Additional backup location
The software escrow deposit directly from Git provides a secondary and offsite backup location of the code repositories. This additional layer of backup protects against ransomware as the data is stored outside of the developer organisation and out of the reach of hackers.
If you are a software developer and are currently frustrated with your current software escrow vendor, or you haven’t used one before and don’t know what to look for, here are a few things you should ensure your software escrow vendor can do to help improve your overall experience.
- Unlimited automated deposit process – in a world of automated deployment from Git repositories such as GitHub, GitLab and Bitbucket, software developers find the manual deposit requirements of some software escrow vendors antiquated and inefficient. To overcome this potential headache, they should choose a software escrow vendor who can provide unlimited automated deposits from unlimited Git repos integrating the source code deposit into the software development lifecycle.
- Streamlined Sales cycle – as the majority of software applications have moved to being hosted within AWS, Azure or Google Cloud, source code escrow has become more complex. Source code alone will not usually suffice for most applications being placed into escrow. A common frustration amongst software developers is being sold an escrow product by sales representatives that don’t fully understand the technologies they are tasked with selling. This usually requires a second or third call with a technical representative followed with a lengthy questionnaire to complete in order to prepare a proposal. Software escrow vendors need to acknowledge this frustration and ensure that all sales representatives have extensive knowledge and understanding of the leading cloud hosting vendors and third-party integrations. They should aim to keep their initial call to a maximum of 20-30 minutes with a proposal following the same business day.
- No delays in the legal review process – a software escrow agreement usually needs to be reviewed and agreed upon by three parties. Developers and their clients often amend the agreement to meet their specific requirements which then needs to be approved by the software escrow vendor. Delays in the review process and the inflexibility of the software escrow vendor often causes frustration with the developer and their beneficiary client. This was identified as a major pain point and by having an internal legal department, red-lined agreements are usually turned around by the next business day. In addition to this, the software escrow vendor should provide as much flexibility as possible as long as certain parameters are met. In this way, they can facilitate agreements rather than becoming another hurdle to overcome. Escrow London provides a variety of free template agreements which can offer a great starting position when negotiating the perfect software escrow agreement.
- Remote and timely verification process– verification is an independent test to provide assurance to the beneficiary that the deposited code or SaaS environments can be rebuilt and deployed in the event of a trigger. During a verification exercise, the developer will need to demonstrate the build process to the software escrow vendor. A reputable software escrow vendor should aim to minimise the time required from the developer for verifications. From our experience, verifications should be performed remotely by using video conferencing and the verification consultants should be empowered to keep the time required from the developers to an absolute minimum. For repeat verifications, the same consultants (wherever possible) should perform the test to ensure that no new knowledge transfer is required.