Escrow source code

Most often, the term escrow is used when paying for purchases or outsourcing freelance work. This rather short note rather than a long article describes the use of code escrow - source code escrow.



It doesn't matter whether you are a small team or a large company, whether you are developing a well-known product in the market or starting a new startup. At some point, a customer will come to you with the question: "What happens if your company suddenly closes?" Neither a well-known name nor the size of the team guarantees that a product will exist and not suddenly disappear.



If the product does not perform critical tasks, or is used to a limited extent, then the losses from switching to another software will be insignificant. And if it's a large organization in which specific software plays a key role, then you need to have insurance. One such insurance is code escrow - placing the source code of your application in a special repository. Customers get access to it if the company ceases to exist.



Code escrow includes two important elements: the access agreement and the storage itself (third party). The agreement for your clients' access to the repository should be detailed enough, and usually include the following requirements:



  • the conditions under which the company gets access to the source;
  • access object definition: one application, version, or group;
  • obligation to update sources and regularity (major version, minor version or patch).


In Russian law, the term "escrow" appeared in 2014 and can be used when making agreements.



How to properly deposit sources. The correct organization of the archive includes the source code itself to compile and detailed deployment instructions. If third-party components or tools are required, they should be listed. Please note that you usually cannot redistribute third-party components as source code.



Code escrow is a costly procedure. Costs will include paying third parties for code storage, source updates, and legal work. The cost of such an insurance service can be included in the price of the product, but most often the escrow is formalized either as a separate contract or as part of the customer's priority support. Not every client needs access to the source. Also, the presence of code escrow has a positive effect on the company's image.



In Western companies, especially in large software manufacturers, this approach is used more often than in Russian companies. There are plenty of options for code escrow service providers. An alternative to code escrow can be the publication of the product or its main part in open source.



Based on my experience, I can say that the larger your client is, the more important the role of code escrow is, regardless of whether the product is installed on an infrastructure or it is SaaS.



All Articles