Software Escrow Solutions
SES provides the mechanism for end users of critical software to legally access source code in the event that their third party software owner is no longer available to continue with development or support. SES provides a range of software escrow agreements, source code management and software IP solutions that compliment all aspects of software whether it is server based, hosted in the cloud or sourced through reseller or distribution channels. e-testing work with SES on projects and highly recommend their secure storage and validation services.
SES provides basic code validation testing as standard which ensures that the source code held under the escrow agreement is accessible and virus free so that in the event of release the end user can access the source code files. SES have developed a series of source code validation testing options designed to provide independent build documentation and evidence that the source code held under each escrow agreement is a useable and complete deposit. SES can conduct a range of audio and visual knowledge capture exercises designed around specific client needs.
The following checks are carried out as part of basic validation testing:
- Check the source code is apparent on the deposit
- Ensure that any compressed files on the deposit can be de-compressed
- Ensure any encrypted files on the deposit can be decrypted and the method is noted
- Check that all passwords are correct where used
- Scanning of media for viruses
The report includes a full directory listing of all de-compressed files. If any of these checks fail, the software owner will be asked to provide a replacement deposit to be retested.
Complete Code Validation Testing
SES’s complete code validation service ensures that the source code they will hold in their vaults is complete, accurate and can be built into a working application. This is achieved by observing and recording the software developer’s team executing a complete build of the software in their environment. Alongside this, a report is created including an audio and visual recording created by the SES consultant which contains vital information that any programmer would need, in order to quickly and effectively deploy the software.
Benefits of complete code validation:
- Proves source code is complete, accurate and contains all the source code and build files
- Random functionality testing carried out at the end of the validation exercise
- Independent report including unique details of third party tools, build environment and build processes executed by the developer
- Increased DR capability
- Protection against loss of key development staff
- Assurance that even the most complex applications can be rebuilt based on the independent validation report
- Secure transportation of the validated source code by a consultant
SES’s secure storage approach is focused on modern media storage facilities to ensure customers have the optimum solution for the latest technology deposits. SES provides CTC (Counter Terrorism Checked) and SC (Special Clearance) compliant secure storage facilities and all premises have extensive security features which are externally audited & approved. Features include:
- All processes are in accordance with UKAS Lloyds registered ISO 9001:2008 and 27001:2005 information security
- All staff are security cleared & bound by non-disclosure agreements
- ADPRO fast-trace internal & external CCTV
- ADPRO presidium video motion detection linked to our dedicated 24/7 monitoring service
- PAC and biometric access controls
- Redwall intruder detection
- VESDA fire detection systems linked via ADSL to a dedicated 24 x 7 x 365 monitoring service
If you would like more information on how e-testing and SES can work together to leverage these testing functions at your organisation, please contact us.