Oracle has started including Java in its software license audits as part of a classic set of measures to catch customers on the fringes of non-compliance and beyond.

Big Red first introduced two new licensing models for its commercial Java platform, Standard Edition (Java SE), in April 2019, when it began charging licensing fees for previously free Java. This requires users to purchase an annual subscription for commercial Java SE products in order to receive patches and updates.

In September 2021, when Oracle released Java 17, it started offering a free license with free quarterly updates for three years, but only for this iteration; not earlier versions such as Java 7, 8 and 11.

So far, Oracle has taken a soft approach to auditing Java, via its sales teams. But the ubiquitous SDK has made its way into official Oracle audits — which many users view with some trepidation — since earlier this year, our sources say.

Craig Guarente, founder and CEO of Palisade Compliance, said his team began receiving letters from Oracle License Management Services (LMS) specifically requesting information about Java, as some customers were unprepared to understand their compliance. licensing domain.

“There is a lot of confusion in the market. A misconception people have is that using an older version of Java does not require a license. In fact, even if you are using the older versions, if you download patches and updates from Oracle’s website, you need a support license for that. Customers care enough to just write big checks,” he said.

Oracle also uses auditing in other areas, such as databases, to access information about Java usage. “Companies claiming 5,000 database licenses might get knocked on the door by a Java sales rep saying, ‘We heard your environment is 5,000 processors: we don’t see Java licenses for that. “. You can give Oracle a week’s information about an area that’s being used in a completely different area,” he said.

There are two crucial differences in the licensing of Java compared to other Oracle products. While databases and other on-premises software may come with a perpetual license, Java requires a subscription. At the same time, defending audits for databases, middleware or applications requires customers to leave their contracts, while Java can be so widespread that it may require technical analysis of IT assets, said Guarantee.

Earlier this year, software asset management firm Anglepoint said it spotted official Java audits from Oracle. Scott Jensen, Oracle practice lead, said The register there was a group of organizations that had “completely ignored the subject” of Java licensing, creating risk for their employers.

“You are susceptible and vulnerable to a number of risks, whether it’s financial risks due to lack of licenses, but even security risks from elsewhere,” he said.

Among the organizations better prepared for the Oracle audit process, some were looking for open-source alternatives, Jensen said. “I’ve seen Fortune 500 organizations uninstall Java overnight and then say, ‘Well, we’ll see what breaks, and if it breaks, we’ll put Java back in place.’ But many organizations have somehow removed and replaced Oracle Java and replaced it with Open JDK or other equivalents.”

A research note from Gartner indicates that users need a commercial subscription to obtain critical updates for Oracle Java SE 7, Java SE 8, and Java SE 11. It recommends that organizations evaluate their options by evaluating the appetite to migrate to Java 17 or to upgrade to a third party. party java product.

Anne Thomas, Gartner veep and distinguished analyst, said Oracle’s view on virtualization is also inflating Java subscriptions. As with databases, organizations must license each processor without partitioning the virtual environment and only in a single cluster, for example.

“That’s why these big companies face an annual price tag of over $10 million,” she said.

Another source of confusion was that Java subscriptions are required for the runtime environment, not the SDK, she said.

“There were people who didn’t really understand. Part of that might have been the difference between the Java Development Kit in the Java Runtime Environment: Oracle’s product is called Oracle JDK, even though it’s a runtime environment. So a lot of people didn’t realize that the license actually applied to runtime,” she said. The register.