New Oracle Java Compliance Threat

When Oracle acquired Sun, the database giant had approached Java licensing with a long-term monetization strategy. We are now seeing the next steps Oracle is taking to force you to buy an expensive Java ULA contract. This new Oracle tactic may just be a precursor for things to come as you adopt other Oracle technologies that connect with Oracle servers.

Your Oracle data goes to the mothership

Oracle knows every time you download Oracle software. You have to go to their eDelivery site, sign in, and then download, so of course they know. And when you install Oracle Java on a Windows machine, certain information is sent back to Oracle. This information includes the time/date, version of installation, and IP address of the installer. See for yourself.

All these facts have been out there for a while. But there is something new in Oracle’s behavior. For the first time, we are seeing Oracle use this data in licensing and compliance “conversations” with clients. We have several clients who came to us after Oracle sales approached them to discuss the need to buy Java licenses. Without the client giving any additional information to Oracle through those “discussions” Oracle knew so much about what the client installed and when they installed it. How did they know? How do you think they knew?

This is groundbreaking stuff for Oracle. In 26 years, I have not witnessed Oracle use this tactic before. Yes, we’ve seen them use the eDelivery site information. But using install data from your own servers, without you sending it to them? That’s new! And it’s disturbing if we think Oracle might expand this tactic. Perhaps Oracle will use it when you sign up to their cloud infrastructure products (OCI)? Who knows?

Please keep in mind that the instances we’ve seen are not official Oracle LMS (or whatever they call themselves now) audits. These are just smart Oracle sales people gathering internal data and using it to push their customers to sign up for Oracle Java ULAs. Or is it a program coordinated at a high level? We don’t know yet.

Ensure your Java is in compliance

If you are using Oracle Java, you are probably sending this information to Oracle. There is a specific way to install that can opt out of much of this and avoid the problem. However, the best thing you can do is ensure you are in compliance with your Oracle Java licensing. That means know what you are using, what you own, and your compliance position. From there you can mitigate any risk and then purchase the small amount of Java that you actually need rather than being forced into an over-priced Oracle Java ULA.

If you’ve already signed your Java ULA then you have some work to do. Unless you manage your Java compliance, you will be forced into a Java ULA renewal. If you have an Oracle Database ULA you know the drill; lock you into the ULA and keep you on that agreement forever. It works for Oracle on the database side so it’s not surprising they would try on the Java side.

Get help from Palisade Compliance

Palisade Compliance has the most robust Java compliance and risk mitigation program available to any client using Java. We can assist whether or not you have an Oracle Java ULA. Reach out to us to schedule a meeting and we can walk you through the program; how it works, and how our clients have stayed in compliance and literally avoided millions of dollars of unexpected and unbudgeted Oracle licensing penalties. Don’t wait for Oracle sales to knock on your door and have that “conversation”.

Picture of Craig Guarente
Craig Guarente
Craig is the President and Founder of Palisade Compliance, which he founded in 2011. Before 2011, Craig worked at Oracle for 16 years where he was the Global Vice President of Contracts, Business Practices, and Migrations. He was also the Global Process Owner for Oracle’s audit teams (LMS), a member of Oracle’s CIO advisory board, and on the Oracle User Group’s contract and licensing advisory board. Craig is now the leading expert on Oracle licensing, is quoted in dozens of publications, and assists with many high-profile Oracle disputes.