The Importance of Software Risk Management and Source Code Access

 

source code access

There was an interesting piece of news this week from the NCC Group plc, an  information assurance specialist that provides software Escrow services amongst other things.

It's their impression that software risk is too low on the corporate agenda, and they back up this view with analysis of the use of Escrow amongst leading UK companies. Escrow is where software source code is stored with a 3rd party (such as NCC) and released in the event of certain circumstances, such as the vendor going out of business.

If a company is in the FTSE-100, there is an 82% probability that they will have Escrow in place for at least one piece of software they use.

However, if you expand that analysis to the FTSE-350, the number of 'yes' responses drops to 54% which means that 46% of the richest 350 companies in the UK don't have any "break glass in emergency" strategy for their software.

One has to imagine that this can only get more skewed towards "no Escrow in place" as one goes further down the scale of company value.

Of course, a solution to this is to include source code access for customers along with every license sold. It can be argued that "source code included" is an even better disaster recovery strategy because it does not require vendor business failure before the buyer is free to study the code. That's what happens with CogniDox.

Tags: Open Source Software, Document Management and Control, New Product Development

Paul Walsh

Written by Paul Walsh

Paul Walsh was one of the founders of Cognidox. After a period as an academic working in user experience (UX) research, Paul started a 25-year career in software development. He's worked for multinational telecom companies (Nortel), two $1B Cambridge companies (Ionica, Virata), and co-founded a couple of startup companies. His experience includes network management software, embedded software on silicon, enterprise software, and cloud computing.

Related Posts

Bug Tracking vs Help Desk Software: Understanding the Key Differences

There's a long-running debate whether a bug or defect tracking software tool is just a synonym for ...

Enhanced PDF Conversion with OfficeToPDF Version 1.7

Today we released version 1.7 of our OfficeToPDF open source project for PDF conversion. You can ...

Increase Efficiency: Convert Office Files to PDF with OfficeToPDF

We’ve made a new release (1.5) of our OfficeToPDF open source project and pushed the code to its ...

Adventures in quality management: how document control became sexy

In the past, document management was an unglamorous business. Not every company was digitised, and ...

Understanding Document Management vs Document Control

For some companies simply managing their documentation is enough to support their business goals. ...

Why not use Sharepoint as a Document Management System?

What’s wrong with SharePoint, anyway? Why shouldn’t it be used as a document management system ...

8 Tips for Effective SOP Documentation

There are many reasons why organisations need to document their SOPs. From ensuring uniformity in ...

The Pros and Cons of Phase Gate Processes in New Product Development

Will a phase gate process hold back or enhance your new product development? What are the pros and ...

The Evolution of Quality Management Systems: A Path to Business Growth

A focus on a quality management system shouldn’t just mean a ‘box ticking’ exercise for an ...