262 • A Guide to IT Contracting: Checklists, Tools, and Techniques
☐ In critical applications, include right for the customer to use a con-
sultant to verify the source code is well written and documented.
S Nondisclosure agreement with consultant
S Termination right for customer in the event of adverse
☐ Consider requiring the vendor to deposit names and contact
information of key developers in the escrow.
☐ Ensure the escrow company is well established and nancial
Whenever a customer enters into a license agreement for soware it takes
the risk that the vendor may go out of business, le bankruptcy, or, simply,
cease providing support. Depending on how critical the soware is to the
customer, these events could be catastrophic, stranding the customer with
a piece of soware for which it has no means of support. If the investment
in licensing the soware is substantial (e.g., hundreds of thousands or,
even, millions of dollars in fees, protracted implementation), the customer
must have some means of protecting itself. While conducting vendor due
diligence—particularly with regard to nancial wherewithal—is clearly
one of the most important protections, careful customers also generally
require the vendor to “escrow” the source code for its soware. In this
chapter we discuss what “escrowing” means, the types of escrow arrange-
ments, the real-world benets of escrowing, and common issues.
WHAT DOES IT MEAN TO ESCROW SOURCE CODE?
Almost all commercial soware is licensed so that the customer only
receives the object code version of the application. e object code is the
version of the soware that can be read and understood by a computer, but
not by humans. To modify the soware, x bugs, and otherwise maintain
and support the application, one must have the source code (i.e., the ver-
sion of the programming that can be understood and edited by humans).