When determining what should be included in the escrow the developer should ask themselves the following question. If I was given a foreign software product what would I need to maintain or support it?
The cornerstone of a software escrow is the source code and its’ 3rd party dependencies. After escrowing a large number of software projects we found that the following should be included:
- Internal repositories – This may seem obvious however every now and then during a technical verification we will find that most, but not all, of the internal repositories were escrowed. Performing a technical verification can verify that all of the needed repositories are present.
- 3rd party dependencies – The majority of software is built using frameworks, libraries or other 3rd party dependencies which may be difficult to find years later when the source code is released from escrow. To make it easier for the licensee to use the software, the software vendor should escrow not only the 3rd party dependency, but license keys as well.
There are few things crueler you can do to your development team than give them a poorly documented software product. While a poorly documented software product doesn’t render an escrow worthless, properly documented software greatly helps the licensee in the event of a release.
- Build instructions – This type of documentation should include the steps taken when building the source code into an executable. Those steps should be written with the idea in mind that although the reader should be experienced in the relevant programming language and development environment, he or she has no tribal knowledge and has never worked on this software in the past. In the event your software is built using an interpreted language this type of documentation can be omitted; however, other documentation should be included.
- Configuration instructions – This type of documentation should include clear configuration steps of the server running the application and any configurations the software itself needs. For example, server configuration files, usernames, passwords, application startup options, database configurations and anything else useful.
- Any other critical documentation – The whole idea behind documentation is to make the next person’s life easier if and when they need to set up the software. If there is a piece of documentation that is critical to the software include it in the escrow.
If the software vendor is holding the licensee’s customer data, this should also be included in the escrow materials.
The power of virtualization makes escrowing entire production or build environments possible. This greatly reduces the amount of time a licensee might have to spend when a release occurs.
One often overlooked escrow item is a list of developers and their contact information. Escrows are often released due to the software vendor going bankrupt which normally means their developers are also out of work. This is a great opportunity for a licensee to hire developers familiar with the software they now intend to maintain.