Software Risk and Source Code Access


source code access

There was an interesting piece of news this week from the NCC Group plc, an  information assurance specialist that provides software Escrow services amongst other things.

It's their impression that software risk is too low on the corporate agenda, and they back up this view with analysis of the use of Escrow amongst leading UK companies. Escrow is where software source code is stored with a 3rd party (such as NCC) and released in the event of certain circumstances, such as the vendor going out of business.

If a company is in the FTSE-100, there is an 82% probability that they will have Escrow in place for at least one piece of software they use.

However, if you expand that analysis to the FTSE-350, the number of 'yes' responses drops to 54% which means that 46% of the richest 350 companies in the UK don't have any "break glass in emergency" strategy for their software.

One has to imagine that this can only get more skewed towards "no Escrow in place" as one goes further down the scale of company value.

Of course, a solution to this is to include source code access for customers along with every license sold. It can be argued that "source code included" is an even better disaster recovery strategy because it does not require vendor business failure before the buyer is free to study the code. That's what happens with CogniDox.

Tags: Open Source Software, Document management and control, New Product Development

Paul Walsh

Written by Paul Walsh

Paul Walsh was one of the founders of Cognidox. After a period as an academic working in user experience (UX) research, Paul started a 25-year career in software development. He's worked for multinational telecom companies (Nortel), two $1B Cambridge companies (Ionica, Virata), and co-founded a couple of startup companies. His experience includes network management software, embedded software on silicon, enterprise software, and cloud computing.

Related Posts

On the difference between Bug Tracking and Help Desk software

There's a long-running debate whether a bug or defect tracking software tool is just a synonym for ...

Version 1.7 of OfficeToPDF available

Today we released version 1.7 of our OfficeToPDF open source project for PDF conversion. You can ...

Convert Office documents to PDF using OfficeToPDF 1.5

    We’ve made a new release (1.5) of our OfficeToPDF open source project and pushed the code to ...

Medical Device Technical File requirements: what you need to know

What is the medical device technical file? What should it contain and how should it be structured? ...

Why not just use SharePoint as a Document Management System?

What’s wrong with SharePoint, anyway? Why shouldn’t it be used as a document management system ...

8 Tips for Improving the Document Review Process

How is the quality of your document review process affecting the speed and efficiency of the way ...

The evolution of a Quality Management System

A focus on a quality management system shouldn’t just mean a ‘box ticking’ exercise for an ...

Can Product Innovation Tools help you go 'virtual first?'

Colocation was one of the central tenets of the Agile manifesto, but times have changed. With all ...

Why your QMS needs to be an eQMS

If you want to develop a Quality Management System that meets the regulation and powers your ...