Update: After receiving many questions in regards to the topic of this article, we developed a complimentary Java Compliance Self-Assessment Guide to help organizations determine their Java usage and better understand their potential compliance exposure. You can request the guide here.
There has recently been heightened confusion and anxiety around Java use and when organizations are required to purchase a commercial license. Considering the recent changes to Java Standard Edition (SE) and reports that Oracle started to ramp up Java audits, these concerns are warranted.
There are three primary reasons organizations find themselves unknowingly out-of-compliance. These are easily misunderstood or overlooked issues you should carefully review to ensure you are not financially exposed in the event of an Oracle audit.
1. Wrongfully Assuming Java is Free
Understandably, many organizations are still under the impression that Java is free. The root of this misconception comes from the fact that Java was originally developed and offered under proprietary software licenses by Sun Microsystems. By 2007, Sun relicensed most of Java under a General Public License (GPL) which allowed users to modify, use, and copy Java software for free. The distribution of Java-based software applications was also free regardless of the type of application.
But in 2010, Oracle acquired Sun Microsystems and progressively commercialized Java in order to see a return on their investment. As years went by, Oracle continued to add proprietary pieces to the Java SE suite and blur the line between what requires a commercial license and what doesn’t.
Java hasn’t been entirely free since Oracle got its hands on it and introduced the Oracle Binary Code License (BCL) Agreement for Java SE. Under this vague license agreement, developers can only use some features of Java SE for free if they are using them for certain, specific purposes. This is where a lot of confusion stems from, which leads us to the next two reasons organizations can unknowingly be out-of-compliance.
2. Using Java Outside the Scope of “General Purpose Computing”
Oracle is just as notorious for its ambiguous licensing terms as it is for the aggressive auditing tactics it uses to enforce them. This is no different when it comes to Java licensing. Within the long-winded BCL agreement for Java SE, you will find that Java is free to use in “general purpose computing.” Unfortunately, Oracle hasn’t clearly defined the license scope or limitations for this term and instead uses vague and ambiguous language that leaves room for misinterpretation and compliance exposure.
However, the BCL agreement does state that “Oracle grants you a non-exclusive, non-transferable, limited license without fees to reproduce internally and use internally the software complete and unmodified for the purpose of designing, developing, and testing your programs.”
Notice that deploying your programs is not listed here. Because many organizations misinterpret what Oracle considers to be general purpose computing (as Oracle may have intended), they decide to use Java without a license believing they are within their rights. But in the event of an Oracle audit, you could find that this is not the case.
3. Unknowingly Using Commercial Features
Even if your Java use falls within Oracle’s definition of general purpose computing, you may still require a commercial license. The Java SE Development Kit automatically includes many commercial features that require a license regardless of whether you are using those features for general purpose computing or not.
On commercial features, the Oracle BCL agreement states:
“You may not use the Commercial Features for running programs, Java applets or applications in your internal business operations or for any commercial or production purpose, […]. If you want to use the Commercial Features for any purpose other than as permitted in this Agreement, you must obtain a separate license from Oracle.”
In other words, you need to pay for a commercial license to use any of the commercial features. Sounds simple but remember, this is Oracle we are talking about. It is surprisingly easy to inadvertently activate and use Java’s commercial features. Anyone can easily download Java software from Oracle’s website which has a mix of free and commercial features. Oracle also doesn’t make it clear which features are free and which are commercial during the download process.
If you were to download Java SE from Oracle’s website, you would see something like the screenshot below.
Notice that Oracle has a link to the BCL Agreement as a click-through agreement, where you can accept the terms without having a signature from a company officer. Once you click to accept, it will switch to the message below and you’re all set.
Nowhere during the installation did it list which of the included features require a license. You also won’t see any information or recommendation to purchase a commercial license during the download process.
Further, if Oracle were to initiate an audit, they would likely recommend that you run the Java Usage Tracker tool which is easy to enable and will tell you a lot about your Java use including which commercial features you are using.
However, the Java Usage Tracker is a commercial feature itself so activating and using it without a commercial license will put you out-of-compliance. Don’t expect Oracle to tell you that though. This is a great example of how easy it is to accidentally activate a commercial feature.
Based on the information provided on Oracle’s website, we found a list of the commercial features that are automatically included in Java SE. Activating any of the features below requires a commercial license fee.
- Java Flight Recorder
- Java Mission Control
- Java Advanced Management Console
- MSI Enterprise JRE Installer
- JRockit Flight Recorder
- JRockit Mission Control Console observability
- JRockit Mission Control Memory Leak Detector observability
- JRE Usage Tracking
- JRockit Real Time, Deterministic GC
Actions to Take
This issue affects everyone from new Oracle Java users to legacy users. To ensure you are properly licensed, we recommend you:
- Take time to understand Oracle’s definition of general purpose computing.
- Conduct a utilization assessment of your environment to identify actual usage of Java.
It is critical to not only assess whether your Java use falls outside of Oracle’s definition of general purpose computing, but also whether you have activated any of the commercial features listed above.
If you do require commercial licenses:
- Assess the number and types of licenses required to cover your usage
- Assess which pricing model is best based on the version of Java you need
To help you calculate your licensing requirements under the new Java SE subscription models, see our recent post: Using Java? Here’s How Oracle’s New 2019 Java SE Licensing Affects You.
Unfortunately, Oracle can make more from out-of-compliance fees than it could in Java license fees, so it’s not in their best interest to ensure you are within your rights. Oracle will not necessarily let you know when you should purchase licenses, but they will let you know how much you owe them for violating their license terms. It is entirely your responsibility to determine whether your Java usage requires commercial licenses and to approach Oracle to purchase the correct number of commercial licenses if necessary.
Listen to the related podcast where I answer the most common questions we’ve received in response to this blog:
- Oracle Java Inquiries – Audit or Fishing Expedition?
- What Oracle Doesn’t Want You to Know
- Oracle Baseline Assessment: Failing to Prepare is Preparing to Fail
- Oracle Gets Cloudy: What’s Behind Their Change in Financial Reporting?