I ran a SAAS company for 8 years, going from zero to double-digit million rev per year.
The answer is a clear no. They can PAY YOU to make custom plots/charts/reporting or run queries if they want to understand what it does better. There is almost always a way to achieve any business goal without requiring source code.
The only case I can think of source code needing formal verification by a third party is if you're targeting drones to kill people or government jailing people. That doesn't sound like a commercial company in any event.
Have you actually dealt with enterprise sales? Source code is a fairly typical request, and there are software escrow
and audit companies specifically set up to address concerns.
Microsoft, for example, gives source code access to paying enterprises and governments under the Shared Source Initiative specifically for security vetting and other auditing purposes.
OP: Consult a lawyer who specializes in these matters.
> Have you actually dealt with enterprise sales? Source code is a fairly typical request
Not the parent, but I have done deals like this and I feel the need to counter your sentiment.
Sure, 3rd party security review, escrow, etc etc is normal.
However, this is a massive red flag for me:
>Their justification is: "we want to see how your algorithms made their decisions."
I mean this is straight out of an episode of "Silicon Valley". The OP's entire product value is in "how your algorithms made their decisions" and this is not something you want to expose to anyone unless perhaps they are about to acquire your company.
I agree, although if the company asking is not engaging with an aforementioned auditing company (Mitre is the one I've dealt with the most), then that would be a red flag to me.
you could also give them source code but on printed paper so they don't outright steal the source, and also make them sign an NDA for a free with a much larger fee if they break it.
The answer is a clear no. They can PAY YOU to make custom plots/charts/reporting or run queries if they want to understand what it does better. There is almost always a way to achieve any business goal without requiring source code.
The only case I can think of source code needing formal verification by a third party is if you're targeting drones to kill people or government jailing people. That doesn't sound like a commercial company in any event.