Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Handing Your Software’s Source Code to Someone Else: When, Why and How?

By: on 2 Comments

While keeping a tight hold on your company’s valuable source code is often seen as the preferred option, there are times when you may be required to hand it over to someone else; there may even be times when handing over your software is actually hugely beneficial to business, too. However, in these scenarios, it’s always important to understand under what conditions this situation may arise, exactly why you may need to do so, and how you can transfer your source code to another party safely.

When and Why to Transfer Source Code

Quite simply, source code should never be handed to someone outside of your company unless there is a specific and necessary reason to do so. Here are some situations in which you may need to transfer code:

Bespoke Development

As a software company, you may be tasked with creating bespoke solutions to fulfill specific and/or niche business needs. Following development, both the software and its source code will be transferred to the customer, who will, in most cases, then own the intellectual property rights for the software in question.

When: You will usually be required to provide the source code to the customer at agreed milestones.

Licensing/Collaborative Development

If your company (the licensor) opts to partner with another (the licensee) to extend development of one of your products, either with your branding or as a white-label, you will need to provide the licensee with access to the source code for the product they are licensing for the duration of the contract.

When: Once again, you will usually need to keep providing updated source code at agreed milestones.

Escrow

If your customer purchases your software but wants to protect themselves from supplier contractual or business continuity issues, source code can be handed to a third-party software escrow provider. This means that, should the worst happen to your business, your customers can gain access to the code.

When: Code will usually be transferred at agreed milestones; in many cases, following formal releases.

Acquisition

Mergers and acquisitions are somewhat common within many sectors, including the technology industry. Should you enter into an M&A process and are acquired by another business, your source code will be transferred to the new owner, who will then own the intellectual property rights to the software.

When: Under merger and acquisition conditions, you will only need to hand over your source code once.

Legal Discovery

While this situation is very uncommon, there is the possibility that a business may be accused of intellectual property theft by a competitor. In this scenario, source code must be made available to intellectual property experts for analysis to determine if infringement has taken place.

When: Again, in a legal discovery situation, source code will only need to be transferred once.

How to Transfer Source Code Safely

The safest way to hand over code will largely depend on when and how often you need to transfer.

For a One-Off Delivery …

… the safest option is usually in person, using multiple, highly durable, solid-state devices and secure, public-key encryption. With the addition of multiple drives, this method also provides the fastest way to exchange a large amount of data. It is important to manage the physical security of the transit and the exchange. However, a face-to-face exchange is often impractical due to scheduling, geography or a whole host of alternative reasons. If you need to undertake a virtual delivery, choose file-hosting services with rich access controls that allow you to explicitly specify who has access to which of the files.

For a Recurring Delivery …

… the face-to-face and virtual options of a one-off delivery can also be utilized for recurring deliveries, although a recurring physical delivery is usually not sustainable unless the two parties are geographically close. Therefore, virtual deliveries may be the preferred option and can be undertaken in the same way each time as necessary; either as complete releases of the source code, or alternatively as a delta since the previous delivery. If the data involved in the transfer is particularly large, it is recommended that an initial delivery is completed physically, followed by smaller deltas delivered virtually via servers.

A Collaborative Approach

In some instances, particularly when the relationship between the parties is two-way, rather than being a simple client-vendor setup, a collaborative approach to sharing source code may be more appropriate. The easiest way to achieve this would be for one side to host the code, providing the other with access rights to the repository. Alternatively, modern distributed version control systems offer each side the opportunity to have a copy of the repository, with changes synchronized between them, or for a common server to exist between the servers on both sides. A collaborative approach can be useful, but may also introduce complexities relating to reconciliation of changes from both sides of the equation.

Protecting Your Code

Depending upon the reason behind your need to hand your software to someone else, you may wish to take measures to protect your intellectual property. Patents can be used to protect the factual aspects of software, while software copyright can be used to protect the “artistic” side of things, including your code. While handing your code to another party is a relatively common behavior in the software world, it never hurts to be prepared, to be aware of the risks and to protect yourself throughout the process.

— Jorge Sagastume