STATEMENT OF USER NEED
Credit will be given to bidders who read and understand all of the Statement of User Need. Standard replies and missing information will receive a negative inference.
The successful builder will:
1. Knowledge Base. Have extensive knowledge and understanding of the Source Code Escrow process (also known as Software Escrow). [url removed, login to view]
2. Current Agreements. Have standing Source Code Escrow agreements with other customers. (Desirable)
3. Cryptography. Have an expert understanding of encryption and cryptographic techniques to government standards.
4. Outright Sale. Agree that the company [EscrowProtect] will own the software, and all associated IPR, outright, including but not limited to the source code and all associated components. There will be no EULA. All rights to license, copy, alter or re-sell will be passed to the company on receipt of the final payment.
5. Support Solution. Do not include a support solution in your initial bid. Bidders are to quote this cost separately if they intend to provide it.
Develop a software application that will allow software developers to “deposit” source code in a organised, simple and consistent way. It must be efficient, tidy and easy to use.
The application will reside on a flash memory device and prompt the user through the complete process. It must be consistent, yet flexible enough to deal with every possible type of deposit. This will ensure that all the critical and added value information is reliably captured:
E.g. Version Numbers, ESCROW Agreement number, expected size (used for gross error checks), designer's contact details, Source Code Platform, Operating System, special tools (e.g. compression), passwords, operating manuals, special instructions, etc. etc.
At the end of the process the application will encrypt the code and extra information ready for safe transmission to the ESCROW agent. The encryption must be unbreakable and must require another physical device (holding the key), held only by the ESCROW agent, to successfully decrypt the software.
The next step in the Escrow process is for the deposit to be verified. The bidder coming up with the clearest and most imaginative ideas for automating (as far as is possible) the next part of this process is highly likely to win the bid. Remember, it is not testing the software in the traditional sense, it is testing for integrity and completeness.
There is a possibility to do this process online. Bidders will be asked to comment on the pros and cons of this approach.
1. to have his code put in ESCROW by EP and signs an online agreement. [Standard Agreement]
2. when the source code can be released to end user and signs online. [Release Clauses]
3. what information he will supply; and, agrees to keep it up to date. [Key Disaster Recovery Info & Notifiable Occurrences]
4. that he will update the code on certain triggers: new version, significant minor updates and/or every 1/2/3/4 months. [Update Trigger]
1. Developer follows on screen prompts, fills out carefully crafted online forms (GUI) and selects a file for upload.
2. The data is compressed and encrypted using a public key.
3. The data is held on a central server. Developer and End User can "see" the files via a password protected account & login, and, even download them (if he wants to). Neither can decrypt.
4. Data is mirrored on server - 2nd level security (1st is the encryption).
5. Automated 1st integrity check is carried out (0kb files, source code present when flag is set from upload, plus other clever stuff we can think of)
6. Server is backed up to SSD after every upload and weekly using Grandfather, Father, Son. - 3rd level security.
7. An Update Trigger occurs.
8a. An automated email is sent to developer and end user with links etc.; or
8b. Developer initiates update as part of the agreement (e.g. version upgrade).
9. The developer chooses fresh upload, individual files or clicks to say no update is necessary in accordance with the agreement.
10. repeat 1 to 6.
11. A release event occurs.
12. ESCROW agent decrypts code.
13a. End User downloads code to main site to begin immediate disaster recovery; or
13b. Code is held awaiting the appointment of a new developer.
Company offers further verification services:
Bronze: Test download and human-check of data.
Silver: Rebuild at 3rd party site (trusted verifier)
Gold: Rebuild at End Users site.
11 freelanceria on tarjonnut keskimäärin %project_bid_stats_avg_sub_26% %project_currencyDetails_sign_sub_27% tähän työhön
I can develop this software using the most secure encryption algorithms, thus the source code would be impossible to access without the key. Please see my PM.
I am very interesting of your project. Frankly speaking, it's the first time I heard about source code escrow. However, I have done some research today.
Let me know your Final Price and Final Time line for this project on PM , So we have Proposal / project Execution plan for your project . Waiting for your fast response on PM.
Hi, I am very much interested in developing this kind of project so pleas give me a chance to prove my self .i am an engineer so i can able to develop this.