[RiderOfGiraffes]

I run a small company and provide software and services to very large players in a conservative industry. We've often offered escrow, it's always been accepted happily. Hence my advice/comment.

YMMV - it will clearly depend on your industry, customer, and likelihood that there'll be a problem anyway.

[saas123]

How does this escrow thing work on a practical basis? Do you know any good escrow agents? and perhaps more importantly, do you charge your clients extra for providing them with a source code escrow agreement, similar to providing an SLA.

[RiderOfGiraffes]

It's in the contract, and we charge for it. In effect, it's part of the service we provide.

An agreed escrow company comes in, and we prepare a clean build system. We follow the documentation to build the system and run basic system checks. We show that the binaries just built are identical to those on the customer's running system. Then we power down, remove the disk, and hand it over to the agent who seals it in a labelled bag. We sign, they sign. If the customer wants to be present, they sign as well.

There are many places where the whole thing can be faked, but we don't do that, and the agent does have some skills and abilities to detect such things.