Basket £ 0.00 (0 items)
You are here: HomeArticle › The Challenge Remains for Escrow

The Challenge Remains for Escrow

The National Computing Centre's Daniel Dresner says it's time the standard for escrow is reanimated.

There's something deeply suspicious about source code escrow. Only Schrödinger's cat knows what's in the box. OK. So perhaps that's not entirely accurate because if it's done properly you know what's been archived. But like the Rumsfeld knowledge… do we know what's not there? And if you've done better you'll have made sure that you can compile and restore what you've squirreled away. But what with the threads and patches of operating systems and replacement kit – don't mention the 'C' word – who knows what the software will have to run on when it comes out on judgement day? Once upon a time the risk was managed with a consensus 'standard' published by the European Committee for Standardisation (CEN). The brontosaurus of bureaucracy evolved into the fleet-footed raptor of practicality. Escrow was de-risked for the user, the software developer and the escrow agent. Even the auditor knew what to look for.

It was a breakthrough at the time and represented the collective knowledge of escrow agents from the USA, Holland, France, Germany and the UK. It contained the collective knowledge but only the best practice; the escrow agent who would put anything away for money whether the licence was there or not was given short shrift. But the nice thing about standards is that when tacit knowledge is well captured in an explicit document, its release as second nature is a credit to that documentation. Effect: the documentation drifts into obscurity, becomes out of date and needs a sober eye and deep breath to untangle the reason from the vermicelli of change. There's something deeply reassuring about source code escrow but it's not just a clerical filing exercise. It needs the strict discipline of configuration management. Knowing the parts – what's there, what's not there, and where to find the difference. It requires the knowledge of users, developers, auditors and escrow agents. Come back CWA 13620 – its not escrow by numbers but it makes sure that everyone knows what to do. It reduces the technology risk...not insignificant with information technology.

CEN Workshop Agreement 13620 ESCROWGUIDE Source Code Escrow Guidelines for Acquirers, Developers, Escrow Agents and Quality Assessors was published in 1999. The challenge remains.



For more information about The National Computing Centre and our services, please contact us at the details below:

Telephone: +44 (0)870 908 8767
Fax: +44 (0)870 134 0931

Click here for more contact information

TwitterFollow us on Twitter
Linked InJoin our LinkedIn Group
FBLike us on Facebook


Management Guidelines

NCC Guidelines Vol 5 No 1

more in Management Guidelines


Professional Development

Cloud Computing

more in Professional Development


Analyst Digest

September 2016 Bulletin published

more in Analyst Digest