There is a lesson here.
In order to meet the Department’s … standards, analysis and testing of the software source code … was required to reduce the possibility of unforeseen system and safety problems….
The Department had failed to specify access to the source code in the original procurement and therefore had no leverage with which to negotiate … for release of the source code.
(The contractors), for their part, in seeking to protect their intellectual property rights, resisted the Department’s requests for access to the source code.
Even if it had been able to access the source code, the Department estimated that it might take up to two years to analyse the source code with no guarantee that the code would be written in a way which might make it comprehensible for analysis purposes.
This is from a report by the government spending watchdog, the National Audit Office. Ok, it is about helicopters, but there is a warning here that generalises to many organisations where IT is crucial.
If it is not in the contract you've got no comeback.
Suppliers are notoriously unwilling to guarantee the code they supply, but in these days of enhanced compliance requirements, perhaps end users can start demanding they do.