Is Oracle Knocking on Your Door? Oracle Java Audit Recommendations

If Oracle has started sending emails, you are under a soft audit from Oracle. Depending on your account manager, this soft audit can last one to six months and has different timelines and pressures.

Let's explain how Java Audits Work, as there are two different kinds.

Oracle Java Audits: Soft vs. Formal

Oracle conducts two types of Java audits: soft and formal.

Soft Audits

Soft audits are the initial and most dangerous. They begin with subtle emails from Oracle and can last one to six months. This phase is risky because it catches organizations off guard and can escalate quickly if mishandled.

Formal Audits

Oracle's audit team conducts formal audits. They are more structured and official, involving detailed information requests and thoroughly scrutinizing your Java usage. This involves both tooling and manual declarations of usage or no use.

Why Soft Audits are Riskier

• Unexpected Start: Soft audits begin subtly, making it easy to overlook their seriousness.
• Escalation Potential: Mishandling a soft audit can lead to a formal audit.
• Initial Pressure: Early mistakes can increase pressure and scrutiny.
• No Rules: Oracle can make absurd claims without sufficient evidence, which puts immense pressure on executives who fear litigation if they do not sign the agreement Oracle proposes.

Handling soft audits carefully is crucial to avoid escalation and significant costs.

What You Need to Know about Soft Audits

1. Java Download Logs: Oracle likely has records of your organization downloading Java since 2019. These logs include numerous security updates, making it hard to claim mistakes.
2. Treat Emails Seriously: Consider these emails a soft audit. Ignoring them is not an option. Eventually, your CFO, CIO, and CEO may receive emails about Oracle protecting its intellectual property.
3. Understand Licensing: Ensure you know which Java deployments in your organization require a license.
4. Uninstalling Java: You can likely uninstall most of your Java, but not all.
5. Responding to Oracle: Knowing how to respond to Oracle is crucial. An experienced consultant can help your executives draft appropriate responses.
6. Delaying the Process: Understanding the phases of a soft audit can help you delay it. If you plan not to buy Java licenses, delaying the audit might give you time to reduce your need for licenses before a formal audit starts.
7. Oracle's Audit Tools: Oracle can audit your Java usage and may ask your C-level executives to sign certifications confirming no use of licensable Java.
8. High Costs: Java licensing costs are high. Oracle might demand licenses starting in 2019, resulting in a minimum five-year agreement. Discounts are usually available only for agreements spanning 7-10 years.

What Are the Costs?

The monthly cost for an organization with 12,000 employees is $8.25 per user. Over five years, this amounts to:

12,000?employees×$8.25?per?user/month×12?months/year×5?years=$5,940,0001

Even organizations with 50 or 100 users with Java are not exempt and must license their entire employee count.

What Can You Do?

If You Receive an Email from Oracle:

1. Do Not Respond: Avoid responding or taking meetings. Doing so starts the clock and increases pressure.
2. Seek Help: Our advisory service has helped many customers delay the process, get off Java, or negotiate fair-value Java agreements. We also help design strategies to manage this significant financial risk.
3. Assess Licensing Exposure: We offer a replica of an official Oracle Java audit, covering all steps Oracle takes in a formal audit. This process, developed after defending customers in formal audits, includes data collection and a comprehensive list of questions Oracle might ask.

Need Assistance?

If you need help, reach out to us. We’re here to guide you through this complex process.

Java Audit Advisory Service

Our Java Audit Advisory Service helps you easily and confidently navigate Oracle’s audit process.

Here’s what we offer:

• Review Communications: We review all existing communications with Oracle and your team.
• Assess Licensing Exposure: We assess your Java licensing exposure to understand your current standing.
• Understand Java Strategy: We gain a clear understanding of your Java strategy.
• Develop a Strategy: We develop a tailored strategy for your organization, whether to postpone, engage, or negotiate.
• Craft Responses: We help craft precise responses for you and your management.
• Minimize Costs: We help you minimize costs. If you want to get off Java and pay zero, we develop a strategy to achieve this.

Our service ensures that you are well-prepared and supported throughout the audit process.