Software escrow – FAQ

What is the protection of the deposited data against loss or damage (e.g. during a hardware crash)?

We try to prevent any losses of the deposited materials on several levels. The data are kept as a protected archive specularly at two geographically separated storages in Prague and Olomouc. A cyclic check of file consistency is carried out at each of the storages independently of each other. For emergency cases (e.g. outage of storage accessibility), an exact procedure has been defined in order to remedy the consequences and restore the whole deposit system.

What is the protection of the sources codes against revealing?

We use a protection of source codes based on an asymmetric cryptography. The material is ciphered by the public key of the software user. Thus, the user becomes the only subject able to decipher the material. However, the user has access to the ciphered material only after it is released from the library. Our technology of source codes storage thus meets the basic principle of safety technique – a combination of knowledge of secret (private key) and ownership (access to the material).

What is the guarantee that DEPONEST does not release the source codes without authorization or to some other party?

The conditions in the escrow agreementfor the release of the source codes always need to be objectively measurable and clearly set. The party which receives the source codes (licensee) is also clearly defined, and it is a duty of DEPONEST to identify it. Following are typical events when the source codes are released:

  • bankruptcy of the software producer,
  • violation of the escrow agreement by the software producer,
  • violation of the duties following from the maintenance contract.

What is the difference between the services of DEPONEST and the services of lawyers who deposit source codes too?

Depositing source codes at lawyers surely is an acceptable solution; it ensures that this digital material is untouchable and may be released only when the contractual conditions are fulfilled. However, lawyers mostly do not have sufficient technological know-how at their disposal, and thus cannot verify that you – as a client – will be able to immediately create a functional application from these source codes.

As opposed to this type of services, we offer two levels of verification of the deposited material due to which we may verify if the deposited source codes really correspond to the application the client installed and uses. As soon as the conditions defined in the escrow agreement are fulfilled and the source codes are released, any experienced coder is able to generate full software from it.

Is it possible to deposit also any type of digital material other than source codes?

Our escrow services may be used by anybody to deposit various types of digital material. It is important that the client agreed on what is the subject of the deposit with the other party and on the conditions that need to be fulfilled in order to release the deposit.

Besides the deposit of source codes, our escrow services are easy to apply for example to implementing documentation for various civil engineering projects that carry certain intellectual property of the producer and is not submitted to the client. Also, it is possible to deposit all kinds of production plans, design data, and technical documentation which after some time substantially simplify modifications of the final product.

Another suitable use of our services is to deposit originals of photographs and source data needed to create for instance various marketing materials. Even in this case the clients typically receive only the final products from the professional photographer, such as various handouts, templates and billboards. If the clients request some modifications after some time, they need to contact the photographer again.

Escrow services prove to be useful in relationships between a producer and client in which the producer is forced to protect the know-how and the related risks for the client exceed the acceptable extent. Whether anybody admits it or not, just anything may happen to the producer.

It is possible to gain source codes through a decompilation of binary files. Why should we deposit them?

Yes, this is basically possible. Unfortunately, decompilation of a machine code results in a source code which is not easy to read (e.g. coder’s comments disappear). What is more, the source code as such is not enough at all; other program elements such as build scripts, build instructions, configuration of development tools, technical documentation, tools of third parties – all these are important. The software decompilation procedure may be in fact only successful with small, simple software programs.