knowledge & insights

Licensing Oracle Java – Going from Bad to Worse

"It's not enough that we win; everyone else must lose."

Larry Ellison, Co-Founder and Chief Technology Officer of Oracle

After years of monitoring Oracle’s sleight-of-hand maneuvering to monetize Java, Beeman & Muchmore is willing to surmise that Oracle has, at long last, fulfilled Larry Ellison’s prophecy and unleashed a licensing schema in the marketplace in which it can tally nearly every sale as a ‘win’ for itself and a setback, if not a ‘loss,’ for its customers.

For nearly a decade after Oracle’s acquisition of Sun Microsystems in 2009, Oracle did very little to commercialize its newly-acquired rights to Java. This hands-off approach to monetizing Java resulted in many of the software users incorrectly believing that Java was open source or, at minimum, free to use.

Then, in the spring of 2019, once Java was deeply embedded in many (if not most) businesses large and small, Oracle launched a new price guide charging per processor/per desktop installation for Java updates 8u221 and beyond. Over the next few years, many long-time Java users were caught flat-footed when Oracle reached out to their company, often in the guise of a sales call, brandishing a list of automatic downloads of commercial Java from the Oracle store, announcing the new licensing model in place, and often demanding copious back fees pursuant to the new metric.

At this point, one could easily consider Oracle’s successes in moving Java from ubiquitous-but-largely-unpaid to an expensive licensing model as a ‘win’ for the software giant. And, while this may have been an unpleasant surprise for a lot of companies, paying for actual software use is not quite an unequivocal ‘loss’ for Oracle licensees since they are getting the benefit of a bargain.

Unfortunately, with the launch this past January by Oracle of the Java SE Universal Subscription Global Price List, Oracle’s customers have been removed from the frying pan and thrown into the fire. As we shared back in March, Oracle now mandates that every single full-time, part-time and temporary employee of a customer must be licensed regardless of whether they use Java. The undetected landmines of the new metric for Oracle customers “present a degree of uncontrollable financial exposure previously unimaginable.”

The employee-based Java licensing metric has been in place for several months, and Oracle has unleashed its auditing and sales team on a hard-hitting campaign to lock in companies to the new metric. What can be learned from the last several months of monitoring Oracle’s market behavior? If your company has not yet been targeted, what should you be on the lookout for? And, perhaps most importantly, what should you be doing to protect yourself?

The New Metric is Drastically More Expensive for Many Oracle Customers

In the online Java SE Universal Subscription FAQ, Oracle describes the new model as “a simple, low-cost monthly subscription.” Furthering this notion, Oracle apparently claims that the employee-based metric was a response to client demand. As CRN reported, Mike Ringhofer, SVP of Worldwide Java Business at Oracle, stated in an email that:

The new Java SE Universal Subscription was developed based on feedback from our customers with Java workloads running in increasingly diverse environments. It no longer requires customers to count every single Processor, Desktop, or Named User that may be using the subscription, and the permitted use is universal across desktop, servers, and cloud infrastructure.

    Unsurprisingly, Oracle’s optimism does not reflect reality for many companies. Bearing in mind that a company is supposed to account for every employee – full-time, part-time, and temporary – AND every contractor, consultant, agent and outsourcer, industry observers have predicted that many companies will be “on the hook for a massive subscription fee increase that may have minimal benefit to the operation.” (Emphasis in original.) Gartner has predicted that “most organizations adapting to the new licensing terms by Oracle for Java should expect the per-employee subscription model to be two to five times more expensive than the legacy model.”

    The reality of unwelcome and excessive fees becomes even more stark due to there being no option to tailor licensing to actual use – licensing per employee for every employee is the only metric Oracle is officially offering. As Scott Sellers, the CEO of Azul, stated:

    All it takes is one copy of Oracle Java downloaded into your enterprise, and now you have the full financial liability of running that … I mean, if that happened before, okay, whenever Oracle comes in and audits me, I pay for the few rogue developers that accidentally downloaded Oracle Java. Now, it’s a totally different deal. The liability is significant.

    Bear in mind that Java routinely auto-updates, a practice that did not stop with the introduction of explicitly commercial versions of Java. (Oracle maintains that, in all instances, a click-through notice regarding the changing terms popped up to alert licensees of the change.) As Mr. Sellers states above, a single installation – intentional or otherwise – can only be licensed pursuant to full count of all employees. Put differently, a single inadvertent Java installation can become the financial equivalent of flying an airplane into the side of a mountain.

    The financial peril of the all-or-nothing model is compounded by the fact that certain third-party applications may require commercial Java installations. Suffice to say, sorting through whether a licensed third-party application includes commercial Java licenses (or if Java must be separately licensed) is not always as straightforward as it sounds. As such, under the current metric, Java licensing issues surrounding use by third party applications present a Hobson’s choice for many companies with a low Java footprint: abandon critical software or pay exorbitant licensing fees on Oracle’s new metric.

    Companies are Fleeing from Oracle for Their Java Needs

    Of course, Oracle Java isn’t the only Java available. According to one 2022 survey, Oracle only held 34% of the market share of JDK distributions, falling drastically from its 2020 share of 75%. Following behind Oracle were Amazon at 22%, Eclipse Adoptium at 11%, Azul Systems at 8%, and Red Hat at 6%. Similarly, Gartner concluded that the steep increase in Oracle licensing costs for most Java users would mean that by 2026, more than 80% of Java applications will be deployed on third-party Java runtimes, up from 65% in 2023.

    In fact, both Eclipse Foundation and Azul are seeking to fill the void, with Eclipse Foundation immediately seizing the sales opportunity by tweeting: “Stumbled across Oracle’s latest Java price list. Wow, I had no idea that Java was so expensive! Fortunately, you can download the fully compatible, community-supported, quality-certified Temurin OpenJDK distribution for free!” Similarly, Azul has said that it had seen a massive increase in inquiries about Java licensing since Oracle’s Universal pricing plan debuted.

    Oracle is Targeting Java Usage

    Perhaps sensing that the limited time to exploit the new model before mass exodus is completed, there is little doubt that Oracle has been steadily increasing its focus on unlicensed Java use. Gartner reported that in the 12-month period leading up to 31 December 2022 (immediately prior to the launching of the new metric), 52% of the Oracle software compliance and audit-related interactions focused on Oracle Java. Looking forward, Gartner projected that one in five organizations using Java applications will be audited by Oracle by 2026, leading to “unbudgeted noncompliance fees.” 

    Of course, this 20% figure doesn’t necessarily account for friendly sales calls that morph into aggressive true-up demands. The Register has reported on Oracle’s practice of sending unsolicited emails to businesses offering to discuss Java subscription deals “seemingly to extract information that could benefit future license negotiations.” We call these “soft audits” and will attest that they can be as bad as – if not worse than – a formally announced contractual audit. After all, audits come with explicit notice as to Oracle’s intentions and contractual guardrails that protect a licensee from an audit “unreasonably interfering with Your normal business operations.” (See Oracle TOMA, General Provisions, Section 8.)

    Conversely, a soft audit cloaked as a friendly sales outreach can prey upon the naturally helpful demeanor of your company’s IT personnel. Gratuitous, confidential, and damaging information could be disclosed before a business is fully aware of what has transpired. Before long, Oracle is making precipitous back licensing demands.

    Many Companies that Use Java – Even Those with Recently Executed Employee-Based Licenses – Are Non-Compliant

    Gartner also predicted that by 2026, more than 30% of organizations using Java applications will not comply with their Oracle contracts. If anything, that is a conservative prediction. In our observation and opinion, the new metric is a seemingly bottomless pit for mischief making and customer intimidation.

    For example, how are temporary employees counted? Does a temporary worker with a week’s employment need to be licensed the same as full-time? What about a succession of temporary employees at a week each? If so, for how long must temporary employees be licensed? Does it reset in a year? If a temporary worker is an employee of a contractor, are they counted under “agents, contractors, outsourcers, and consultants”? Does this metric actually intend to include ALL employees of “agents, contractors, outsourcers, and consultants,” as it says on its face? Or did Oracle intend to only include the selected employees of “agents, contractors, outsourcers, and consultants” that work on “your internal business operations”?

    Even if that tangle is straightened out, don’t expect to find a definition of “internal business operations.” Oracle has included this term in its contracts for decades, yet we have never seen it defined. Because the necessary employee count could increase exponentially depending on how that phrase is defined, there is enough inherent vagueness to drive a truck through.

    Even once the “employee” count is satisfied, is there a true-up responsibility in the contract? Not in many that we have seen, but that doesn’t mean that Oracle won’t proceed as if there were one. Because your company could feasibly become non-compliant if one of your contractors makes hiring decisions that you are completely unaware of, this is a non-trivial possibility. Further, are companies ensuring that affiliates are accounted for both in the count and in extension of the license grant? It is entirely feasible for a company to execute an agreement that counts employees of affiliates but does not grant those affiliates the right to use the licenses.

    * * *

    It is too early to know how Oracle intends to audit licensees on the employee-based metric. Regardless of how the terms are enforced, there is only so much information that Oracle can obtain through an audit. At minimum, the unusual number of vagaries strongly counsels companies to take their time, retain counsel, and go slow when negotiating the terms of a new Java agreement.

    In our next blog post, Beeman & Muchmore will provide guidance for how customers licensing Oracle Java can find their way out of the wilderness and protect their businesses.

    Software licensors are known for vague contracts—they’ve made a business of it. 

    Read the latest industry news.

    Recommended Reading