Using Oracle Java can become costly. If your company uses a licensed Oracle Java version, Oracle will start calculating: all employees (including those at external service providers) * 12 months * $8.25 (price for 12,000 employees). The result is the annual payment Oracle will demand. However, it often doesn’t stop there, as Oracle frequently requests back payments for 2-5 years.
Audits are lucrative for Oracle. Be honest: Are you certain that no Oracle Java is installed in your company that requires a license? In our Oracle Java Quick Checks, we have yet to encounter a company completely free of it. Regardless of the company’s size—whether 300, 3,000, or 20,000 employees—we have found “dangerous” Java installations everywhere. These installations inadvertently breach compliance and need to be “remedied.”
Below, you will learn how Oracle conducts Java audits and how you can respond effectively.
Types of Oracle-Java-Audits
There are two types of Oracle-Java-Audits: Soft-Audits and Formal Audits.
Soft-Audits are the initial and most dangerous audits. They begin with subtle emails from Oracle and can last one to six months. This phase is risky because it catches companies unprepared, and the seriousness of the situation is often underestimated. Mishandling a Soft-Audit can quickly escalate.
Formal Audits are conducted by the Oracle Audit Team. These are more structured, official, and involve detailed information requests and a thorough investigation of your Java usage. This includes the use of tools as well as manual explanations of usage or non-usage.
Why Soft-Audits Are So Dangerous
- Unexpected Start: Soft-Audits start discreetly, making their seriousness easy to overlook.
- Potential for Escalation: A poor response in a Soft-Audit can lead to a Formal Audit.
- Lack of Rules: Oracle can make exaggerated claims without sufficient evidence, putting significant pressure on executives who fear legal battles if they don’t sign Oracle’s proposed agreement.
Careful handling of Soft-Audits is crucial to avoid escalation and significant costs.
What You Should Know About Oracle-Java-Audits
- Risky Downloads: If you have downloaded Java from Oracle, Oracle likely has records of your company’s Java downloads since 2019. These logs include numerous security updates.
- Take Oracle Emails Seriously: Consider these emails as a Soft-Audit. Ignoring them is not an option. Your executives might also receive emails regarding Oracle’s intellectual property protection.
- Understand Licensing: Ensure you know which Java implementations in your company require a license.
- Uninstall Java: You can probably uninstall most of your Java applications, but not all. Check if a non-Oracle Java version will also work.
- Proper Response to Oracle: Knowing how to respond to Oracle is crucial. An experienced consultant can help your executives formulate appropriate responses. Never reply spontaneously.
- Delay the Process: Understanding the phases of a Soft-Audit can help you delay it. If you do not intend to purchase Java licenses, delaying the audit can allow you to remove all chargeable installations before a Formal Audit begins. However, Oracle may still demand license fees for the past usage.
- High Costs: The costs for Java licensing are high. Oracle often demands retrospective payments for several years, leading to contract terms of three to five years. Discounts are typically only available for contracts lasting 7-10 years.
How We Can Help
We conduct Java Quick Checks in companies. These Quick Checks include a scan of your systems, which is easy to handle and typically takes a month. We ensure that your systems are fully accounted for and assist if any systems are missing.
Upon completing the scan, we evaluate the Java installations. Our experience shows that our clients are often:
- Surprised by the number of Oracle Java installations present
- Unaware that many installations are unnecessary
- Forgetful of many installations
- Able to run applications with non-Oracle Java products
- Able to create a long-term strategy to eliminate Oracle Java
Our urgent appeal is: Act before Oracle comes knocking at your door.
The Author
Kirsten Springer
CEO und License Expert of SAMtoa GmbH