Wednesday, April 26, 2017

Whatever happened to software source code agreements?

Back in the early 2000s, when instructed to draft agreements relating to the deployment of software, technology lawyers tended to deliver a cache of three documents: a software license agreement, a software maintenance agreement, and a software source code escrow agreement. Software source code escrow agreements had their genesis in days when small developers were sometimes here one day, gone the next. If a developer changed business, became insolvent, or lost key personnel, then the developer would possibly no longer be in a position to fix that software. This inability to fix a software failure could have a catastrophic effect upon a licensee’s software-supported business.
Fixing and maintaining software usually requires access to source code, which underpins software and is, unlike object code, capable of being understood by a human programmer. Original source code can involve tens of thousands of hours in creation, and so is regarded as the family jewels of software developers’ businesses. But if the developer went bust, then where would be source code be if something went critically wrong with the software?
The workaround for this was, and often still is, to place the source code into escrow with a third party. If a triggering event such as the insolvency of the developer occurred, then the source code would be released to the developer’s client. In the late 1990s and early 2000s, escrow agents included banks, law firms, and accounting firms, when it was naively assumed that whatever had been deposited into escrow was complete and would be helpful. However, source code escrow deposits were often incomplete (sometimes as a consequence of developers ultimately being unwilling to relinquish control over their main intellectual property asset), or were not periodically updated as the software morphed or improved thereby rendering the escrow deposit redundant. In addition, additional materials like programmers’ notes and lists of development tools were often not included, resulting in the task of understanding the source code, upon released from escrow, more difficult. The idea of a junior lawyer or graduate accountant/auditor looking at a list of deposited material and ticking a box once a year to confirm the material was still in the firm’s safe seems ludicrous, but this scenario occurred with surprising frequency. As a consequence of this, an industry of source code escrow agents with significant IT capability – the ability to meaningfully audit the escrow deposit – came into existence and flourished.
But all of that seems to have significantly receded. What happened?
First, in those dire circumstances where source code was released from escrow, a new developer picking up the pieces would much rather sell an entirely new platform than fix a broken one using strange source code. Subjectively, I can think of no occasion where released source code has been use to repair software. This is a commercial reality not envisaged by the prudence of lawyers recommending software source code escrow agreements.
Second, large and reputable escrow agents were (in my experience) not willing to compromise on the terms of their source code escrow agreements. Thick layers of disclaimers and indemnities made some of their potential customers wonder what they were actually getting by way of comfort.
Third, open source software code became very fashionable amongst developers. Open source software code does not need escrow arrangements by its very nature.
Finally, and most significantly, very large developers started providing esoteric solutions easily capable of extensive and bespoke modification by authorised resellers. This caused many small developers to stop using their own code, and instead work with very useful and flexible products from, for example, Microsoft, and using Microsoft’s code. Those developers might have a lot of valuable modifications to that code (especially around interoperability and GUIs, and more recently machine learning virtual assistants), but all of that is unlikely to require an escrow arrangement.
The concept of source code escrow now sounds a little old school. It still obviously happens (a Google search brings up plenty of escrow providers using AdWords to tout their services), especially for large companies with a conservative risk profile on key solutions, but not for the bulk of development projects.

 This article was originally published on lexology

No comments:

Post a Comment