Why is source code escrow verification so important?
To highlight the significance of verifying source code deposits, consider the following:
In recent years, nearly 80 percent of all examined deposits lacked essential software compilation materials, and approximately 90 percent of the reviewed deposits necessitated additional input from the software company to validate the deposit.
It's crucial to uncover this reality before the software company faces financial difficulties!
Deposit Verification Levels:
Level 1 – Comprehensive Verification on the Supplier's Side
Verification, including the reproduction of submitted materials (software compilation, installation, document inspection), is carried out by the software supplier, overseen by our verification consultant either on-site at the supplier's location or remotely.
Documentation includes, but is not limited to: user requirements specifications, functional specifications, technical specifications, design specifications, architecture details, etc. Information about conducted tests with supporting evidence, user manuals, technical manuals, installation manuals, and details about software versions and change control are thoroughly analyzed.
Level 2 – Specialized Verification
Specialized verification assesses various aspects of the software, including security, performance, code quality, user experience (UX), and architectural quality (server, back-end, front-end, and integration with external systems). The duration of this verification may range up to two weeks, depending on its scope.
Code analysis of software or IT solutions entails:
Evaluating the supplier's credibility by scrutinizing software development procedures and the evidence generated throughout this process.
Employing questions from our framework, derived from software engineering principles like the SOLID paradigm, and the collected evidence, to formulate opinions on code quality and the maturity of the software provider. Our code quality verification framework is not tied to a specific programming language and is adaptable across different languages.