Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
How does one put code in escrow?
4 points by syndicatedjelly on Oct 10, 2023 | hide | past | favorite | 3 comments
I have heard a few people on HN casually mention that one can pass code on to a client “in escrow”. This is suggested as a way one may alleviate a client’s concerns that should you or your business stop supporting the software for any number of reasons, they can pull the source code from escrow and presumably keep running the system.

How does this actually work in practice?



I've used two methods of doing this:

First, a local smallish legal firm that specialised in intellectual property (trade marks, patents, etc) offered an escrow service. We would send them a list of customers and their contact details, updated for each sale, and a DVD (this was a few years ago) of the source code and build scripts for the product: you need to deliver enough to enable the customer to build (and fix) all their licensed products.

Then we got a larger customer who insisted on using what was then called Iron Mountain as their escrow service. That business was sold, and is now owned by NCC Group. Their process was similar, but a bit more bureaucratic.

In both cases, the escrow agents would actually check the build instructions, and make sure they worked: once we forgot to include a file, and they called us up about a week later and asked for it, because their attempt to build it had failed.

The local lawyer was remarkably cheap; Iron Mountain less so, but still reasonable.

They have standard language you can then put in your contracts to give clients the right to acquire the source code (with appropriate rights to transfer to successor organizations, but not to re-distribute, etc) in circumstances where you either cancel the product or go out of business.

My company ended up cancelling one particular product, and one of our customers exercised their escrow rights. They maintained it in-house (with a little bit of help from a couple of our engineers) for many years afterwards.

The whole process was remarkably painless.


IANAL, but my understanding is, in short you nominate a trusted third party to hold onto the source code of the seller/provider you're dealing with, to avoid the source disappearing and leaving you high and dry.

This prevents the 'buyer' from accessing the IP (although I'm not sure if that applies to all cases), but gives them assurance they can still function if everything goes to pot and the selling company disappears/deletes their source etc.

How its actually implemented I guess depends and I don't think there's a uniform process - CD-ROM, a git clone to them etc. Basically a legal/contractual agreement when dealing with IT vendors in (big) stakes collaborations or ventures.


We are a small business with big customers. We alleviate their source code concerns by making source available in a git repository that is always accessible to them. The contract basically says that if our business stops operating that they have a license to the source to continue doing whatever they need. They can in theory, but may not, access the code in disputes. They have no day-to-day rights to the source, and they ensure that their own developers don't have general access.

Customers are happy with this arrangement, especially if you offer to make use an escrow service provided that they cover the costs. This way, it is 'free' because lawyers are only involved during the initial contracts. After that, their are only two parties, no lawyer trying to get ongoing fees.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: