Would you know how to build your business critical software application from scratch?
Verifying your software source code with NCC Group gives you total assurance that should you ever need to carry out maintenance and support of your software application, you will have all the required material, knowledge & guidance to do so.
An escrow agreement provides the protection and assurance that your business critical application source code is accessible, however, it cannot guarantee that the building blocks required to continually maintain and support that application have been captured. Many of the applications used in today's business are very complex pieces of software and would be very time consuming to build without detailed instructions.
Our software verification process provides peace of mind that all the necessary scripts, instructions and files required to rebuild or amend the application are deposited along with the source code. The entire process is detailed in a comprehensive software verification report, which organisations can then use as a step-by-step manual to build the source code into the working application should the need arise.
- Designed to complement our escrow services.
- Strongly recommended for all business critical applications and technology.
- Carried out by an experienced, high quality, security cleared, in-house software verification & testing team to guarantee an independent and quality service.
- End users are assured that they will be able to take over the maintenance and reconstitution of their source code if necessary.
- Software suppliers can reassure their customers, test their own build procedures and demonstrate their commitment to best practice.
- Key element of mitigating risk for business critical applications.
- Independent assurance.
- Detailed build report, with step by step guidance.
Types of Verification
Which type of verification testing is best for you?
We offer a range of verification services to suit different requirements. All of our testing is delivered by our experienced, in-house testing team.
Our services include:
Media Checks are provided on material deposited under an escrow agreement to ensure that it is virus free, accessible and of the expected type. A Media Check involves the following:
- Virus check
- Media read check
- Compression check
- Password/encryption check
- Source code check
Deposit Reviews provide reassurance that the material deposited in escrow is virus free, accessible and of the expected type. In addition to the Media Check a Deposit Review involves the following:
- An independent audit carried out either remotely or at the software vendor’s site, recording the environment. This includes the architecture and third party utilities/software as well as providing a full inventory of the source code and documentation files.
- An independent witness to the process used for the creation of the material that is to be deposited in escrow and a recording of the method used for its collation.
Entry Level Verification
Entry Level Verification ensures that the material deposited in escrow is correct, complete and can be built into the working system either remotely or at the software vendor’s site.
During an Entry Level Verification, an NCC Group verification consultant will observe and document the end-to-end build process of the application, from source code to working system, documenting every detail of the environment and build process in a comprehensive report. The report includes precise details of the complete build process, the checks made, results of those checks and any findings/ recommendations.
Independent Build Verification
The Independent Build Verification exercise simulates the scenario of an escrow release event where a licensee has received the source code and contracts with a third party to maintain it. The third party has to recreate the development environment, work with the deposited source code and rebuild the software application.
For the purpose of this exercise, NCC Group acts as the independent party where we will build the source code at our secure test laboratory.
User Assured Verification
User Assured Verification begins with an Entry Level Verification, this is typically undertaken at the software vendor’s site. It makes use of the escrow deposit and build procedures recorded during the initial Entry Level Verification and serves to ensure that the licensee then has the means to rebuild the system from scratch in the event of vendor failure.
Using the source code that was collected during the Entry Level Verification, an NCC Group verification consultant will build the application at the software vendor’s site, followed by a build and install of the deposited source code at the licensee’s site.
A Secure Verification provides independent assurance that the source code and associated files deposited in escrow have been scanned to identify any security vulnerabilities which exist in the application source code. Find out more about our different levels of Secure Verification.