Software Risk and Source Code Access


source code access

There was an interesting piece of news this week from the NCC Group plc, an  information assurance specialist that provides software Escrow services amongst other things.

It's their impression that software risk is too low on the corporate agenda, and they back up this view with analysis of the use of Escrow amongst leading UK companies. Escrow is where software source code is stored with a 3rd party (such as NCC) and released in the event of certain circumstances, such as the vendor going out of business.

If a company is in the FTSE-100, there is an 82% probability that they will have Escrow in place for at least one piece of software they use.

However, if you expand that analysis to the FTSE-350, the number of 'yes' responses drops to 54% which means that 46% of the richest 350 companies in the UK don't have any "break glass in emergency" strategy for their software.

One has to imagine that this can only get more skewed towards "no Escrow in place" as one goes further down the scale of company value.

Of course, a solution to this is to include source code access for customers along with every license sold. It can be argued that "source code included" is an even better disaster recovery strategy because it does not require vendor business failure before the buyer is free to study the code. That's what happens with CogniDox.

Tags: Open Source Software, Document Management and Control, New Product Development

Paul Walsh

Written by Paul Walsh

Paul Walsh was one of the founders of Cognidox. After a period as an academic working in user experience (UX) research, Paul started a 25-year career in software development. He's worked for multinational telecom companies (Nortel), two $1B Cambridge companies (Ionica, Virata), and co-founded a couple of startup companies. His experience includes network management software, embedded software on silicon, enterprise software, and cloud computing.

Related Posts

On the difference between Bug Tracking and Help Desk software

There's a long-running debate whether a bug or defect tracking software tool is just a synonym for ...

Version 1.7 of OfficeToPDF available

Today we released version 1.7 of our OfficeToPDF open source project for PDF conversion. You can ...

Convert Office documents to PDF using OfficeToPDF 1.5

We’ve made a new release (1.5) of our OfficeToPDF open source project and pushed the code to its ...

What is a document control system and why is it important?

What does it mean to 'control documents'? And who needs a formal document control system to manage ...

Why not just use Google Drive as a Document Management System?

Google Drive is a cloud-based program that allows you to create, edit, store, and share documents. ...

Why not just use SharePoint for your Medical Device QMS?

A Quality Management System (QMS) is a requirement for medical device developers across the globe. ...

8 tips for documenting your SOPs (Standard Operating Procedures)

There are many reasons why organisations need to document their SOPs. From ensuring uniformity in ...

Pros and cons of a phase gate process in new product development

Will a phase gate process hold back or enhance your new product development? What are the pros and ...

The evolution of a Quality Management System

A focus on a quality management system shouldn’t just mean a ‘box ticking’ exercise for an ...