Reducing Code Risks with Open Source

Open source's built in escrow helps code live to see another day, protects companies

In the old days, the commercial licensing model for software was fairly straightforward -- and somewhat risky:

  • Company A buys a software license from Company B, a startup.
  • Company A crosses its fingers that Company B doesn't go bankrupt and disappear, along with the source code for Company A's mission-critical software.
  • Company B goes kaput.
  • Company A is left with some machine-readable binary code that it is powerless to develop or use.

That's when source code escrow appeared on the scene with the goal of providing some sort of protection against such risks. It has done so to a certain extent, but it too has restrictions and risks:

  • Company A buys a software license from Company B.
  • Company A and B enter into a source code escrow agreement.
  • Company B goes kaput.
  • Company A gets Company B's source code, as long as "going kaput" classifies as a noted "release event" and any necessary arbitration or legal action has been completed.
  • Company A crosses its fingers that Company B has kept the source code and documentation up to date and that the closed-source licensing clause doesn't restrict usage or development so much that the code becomes virtually useless.

Enter open source and turns the escrow model on its head. The open source model offers a built-in safeguard for businesses that are building and running their mission-critical applications on a platform that they didn't develop.

With open source, the Company A and Company B scenario looks very different:

  • Company A buys a software license from Company B.
  • Company B signs an open source escrow agreement.
  • Company B goes kaput.
  • Company A's closed-source license with Company B is replaced with an open source license, making the source code available to Company A and the rest of the community at large. 

Like it or not, countless software companies go out of business every year, and either their code disappears entirely or goes to another company that doesn't do any development or maintenance on it. This concept of open-as-built-in-escrow is one way in which open source gives companies a chance to continue their contribution and innovation, because the code they wrote can outlive them and continue to be evolved by the community.

Without transparent escrow, it's a one-way deal. You pay for the privilege of using the license, knowing there's a big chance that your software developer may disappear and leave you in the lurch.  

What's your experience with source code or open source escrow? Any best practices or cautionary tales to share?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT