Active Escrow

Passive software escrow is not enough

Conventional escrow is limited to the depositing of software source code. The manufacturer delivers the code to the escrow agency, the customer will receive access to the code in predefined emergencies — all the parties’ interests are protected. The formal security aspects for investment decisions have been addressed.

However, the material in escrow is a black box. Is the code well-structured? Is it commented and documented so a qualified third-party can work with it? In the event of an emergency, the materials deposited in this “passive” escrow often turn out to be useless. The escrow contract failed to achieve its basic purpose.

The New Standard: Active Escrow

Because trust is not always enough, we have developed a new, active escrow concept. When the escrow contract is put in place, we ensure not only that the software or firmware can be re-installed, but that it can be successfully used and maintained on a long-term basis. This means not only verification and documentation, but also auditing of the source code and software development process. We assure our customers that the software and the corresponding components, manuals, drawings, configuration data, keys and passwords match up and are in working order.

Conventional escrow cannot provide such detailed knowledge about the internal structure of a software-driven product and its development processes. Only a technically qualified approach that recognizes the serious risks provides real security for the future.

The Limitations of Conventional Escrow (Source Code Deposit)

In Germany, escrow contracts (source code deposit) are still often provided as notarial services. This procedure seems serious and professional, but presents only the appearance of security. A Notary Public deposits the software without any prior audit or verification. Escrow agencies, however, inspect the source code to verify that it is complete, readable, in working order and free of viruses. Yet many escrow agencies do not offer detailed, technical quality assurance to verify that the source code is viable. They often neglect to deposit all the know-how, for example, engineering components (mechanical or electronic) of the product. This is where we come in with our new escrow concept.