Oracle Begins to Audit Java
Oracle Java audits are here. In order to get a better grip on what this means for our clients and the ITAM world at large it’s best to start at the beginning.
How Did We Get Here?
In early 2019, Oracle announced that it would begin charging commercial users for access to updates/patches released on or after April 16, 2019. Prior to this announcement, Oracle sold a few commercial Java products which offered its customers advanced features of Oracle Java, as well as 24/7 support. These commercial offerings were sold as perpetual licenses—similar to how Oracle traditionally sells their Database and Middleware products—and separate from their free offerings, Oracle’s Java Development Kit (JDK) and Java Runtime Environment (JRE). These had always been free to use and upgrade as long as no “commercial features” were being utilized. With the 2019 Java licensing change, Oracle scrapped their former commercial offerings and included all use of Java under a new subscription-based license model with new Java licensing rules whereby customers must pay annually if they want to install, upgrade, patch, use commercial features, or receive Oracle Support services for Java installations taking place on or after April 16, 2019.
Is This a Problem?
It depends. These new Java licensing rules mean that almost every organization in the world needs to:
- Stay on versions of Oracle Java which pre-date April 16, 2019 (better check with your Security team on how they feel about this option)
- Remove or replace Oracle Java from their environments; or
- Purchase a Java license subscription
Regardless of which option an organization chooses there will be some required investment by the organization to determine how much and what versions of Java are currently deployed, the feasibility of removing or replacing Oracle Java, and the cost of an annual subscription. We’ve seen Java subscriptions range anywhere from $8K to $3M – annually.
How Is Oracle Managing Compliance for Java?
Just as they do with all their products, Oracle makes downloading and installing Java easy. Too easy. The Java Sales team monitors these downloads and uses the email domain name of the installer to track the downloads back to a specific company. Once they have enough “evidence” that a company is using licensable versions of Java, the Sales team makes contact with someone inside the company, typically in IT, Purchasing, or Vendor Management. They ask for information from unprepared or unaware individuals, those individuals overshare information, and Oracle sends a bill for a new Java subscription under the guise of needed Java compliance. Not exactly how you want to incur extra and unforeseen costs to the business.
But many organizations are familiar with Oracle’s sales tactics and are properly prepared by assessing their need for Java before making a purchase. However, when this process takes longer than the Sales team is willing to give, they begin to involve members of Oracle’s Java audit division to participate on calls and email threads to intimidate the customer and speed up the sale via the threat of an Oracle Java audit.
These “soft audits” have been happening since Oracle made its Java announcement back in 2019 and are the reason for so many rumors throughout the industry that Oracle is auditing Java. They were not formal audits and compliance was managed through Sales.
Until now.
What Changed?
According to some of our North American clients, Oracle Java auditors are no longer simply participating on Sales calls and email threads. They are sending official Java audit notices on Oracle letterhead and invoking their right to audit Java via the “audit clause” found in the customer’s Oracle Master Agreement (OMA). These are not “soft audits.” Organizations need to be aware of how to prepare for these Java audits.
How Can Anglepoint Help?
Immediately following Oracle’s change to Java licensing rules in 2019, our team of Oracle license experts—many of whom are former Oracle executives and auditors—created a process and service offering to assess an organization’s use and need for Oracle Java and to help them assure they are Java compliant. We can help determine where Java is installed, how much of what is installed requires a Java license, possible options for removing Java or replacing it with a free alternative, and we provide our findings in simple-to-understand reports so our customers can have the ammunition they need to make the best decision on the path forward.
The process typically takes 4 to 8 weeks on average and is sold as a fixed fee depending on environment size. Find out if our solutions would be right for you.
To learn more about Oracle and Oracle auditing, please visit our Oracle resources page. There you can find helpful webinars and articles for more in-depth information. And please schedule a free call with us to learn out more.