A recent article – in an American publication – highlighted a problem facing chief information officers worldwide. In fact, TechLaw called this problem a ‘nightmare’ and wished the CIO all the best of luck attempting to explain why his company’s sweet dreams had turned.
The piece went a little like this: “Here’s a nightmare you’ll wish would end with you waking up. Your company spends $500,000 to license a software. Then they go bankrupt. Now you have $500 000 worth of orphaned software. We’ll take a rain check on you while you’re explaining this one to the board.”
Here’s a more detailed explanation of the problem of this ‘orphanware’, and a simple yet effective solution.
When a company licenses software, it usually receives a licence to use the machine-readable ‘object code’ but not access to the ‘source code’.
The difference between the two codes is vast: only machines read object code, any changes that need to be made to a system must be done using the source code, which is the only computer code humans can read.
If the developer goes bankrupt or refuses to support the software, the only way the licensee company can hire its own programmer to fix any glitches and make any changes or enhancements needed, is if it has access to the source code.
But, here’s the rub. Developers don’t easily part with their source code because they perceive it akin to giving Robin Hood the keys to the Tower of London!
There is, however, a compromise which means that developers don’t have to part with their source codes unless absolutely necessary, yet gives licensee companies peace of mind that, when it becomes necessary, they will be able to get their hands on that source code.
The compromise is software escrow.
Under an escrow agreement, the supplier and end-user of the software product agree that the source codes of the vital software product and related documentation are deposited with a neutral third party – the escrow agent – who is authorised to release the materials to the end-user under conditions as agreed by the supplier and the end-user in a written agreement.
Such conditions may relate to operational risk, technical malfunction or even failure of the supplier who tailored and contextualised the software to the end-user’s business requirements.
The key objectives of software escrow are therefore
- Continuity of use of the software by the end-user under circumstances where that would be impossible without escrow.
- Safeguarding the underlying business process.
- Protection of end-users investment in the software, related hardware and staff training.
- Limiting the end-users total dependency on the supplier for support and maintenance of the software.
Inevitably, there are numerous CIOs and their boards who do not see the need to invest in software escrow.
But there are serious questions which must be answered satisfactorily before closing the door and we must consider the consequences of certain events may have on the financial success, let alone continuity, of their business:
- Is the technical or IT know-how I use everyday critical to my business processes?
- Is this know-how not easily replaceable by an alternative?
- Is the conversion to an alternative too costly or too lengthy?
- What if the company that developed and now maintains one of my business critical software applications becomes insolvent?
- The company that developed and now maintains my critical software applications is taken over by a competitor and changes business direction?
- A virus or hacker destroys critical operational software?