informa
/
IT Life
Commentary

Source Escrow, Meet Grumpy IT Guy

Today's gripe: The source code escrow service shake-down.

Source code escrow was such a great idea at the time: Buy enterprise software. Sign escrow agreement with third-party company. Software vendor goes out of business. Third party has the source code. We can (maybe) compile it. And miraculously, we will be good to go (also maybe) -- even without support.

But I am ready to ditch.

The last straw was this: Like most companies, ours has an agreement with source code escrow service for ERP. Escrow company gets in touch for "critical message about your escrow."

I get back in touch. They say, sure, we have the code, but do you really, really know that compiling with XYZ toolchain will work? Do you really know? WHY DON'T YOU KNOW!?

[Beware these office offenders: Cubicle Sins: 10 Coworkers Who Drive You Crazy.]

I feel like I have been grabbed and shaken. No, I say. You're right. I don't really know. But we have current code. We know what tools were used to compile. Are you making me crazy for nothing?

No, of course not, says company. Not for nothing! We are making you crazy because ... MONEY!

What?

For a LOW, LOW PRICE, we can remove your fear! We can do a test! For every patch!

But I thought I was already paying you for removing my fear?

No! All we do is escrow the code! Look at your agreement! We are just a drop box.

And it's true. Most escrow companies are just drop boxes for code. It's an additional fee for code compilation services.

But let's get real. Code escrow is the pterodactyl soaring from the age of mainframe into today. By the time you escrow today's code, it has changed. Today's IT looks at value of data, not ERP code. If an ERP vendor goes under, we change ERP and do data export. I don't know anybody who would stick with an ERP solution if the company went under. We need support! We do not want to be in the business of wrenching on our ERP.

My CSO would also not be happy if the company had no official support and regular security patches. Code escrow was created before every bit of useful software connected somewhere to the Internet, and before the days of zero day vulnerability.

No, I changed my mind. Code escrow is not a pterodactyl. It is a Klingon on the butt of IT, a checkbox on ERP purchasing best practices from the old days that just hasn't been taken off yet. We are not expanding use of code escrow. In fact, I'll bet the business in general for code escrow is shrinking.

Thus some bright boy at code escrow company says: Oh, I know! Generate fear! Offer new service! Generate MONEY!

Except you ain't getting me. Or my company.

Avoiding audits and vendor fines isn't enough. Take control of licensing to exact deeper software discounts and match purchasing to actual employee needs. Get the Software Licensing issue of InformationWeek today.