The Core Pillars of Software Asset Management 5th May 2023

In this post we introduce the fundamental pillars required to begin increasing maturity in Software Asset Management. We should fully understand how we are using a product, how we are allowed to use the product and how these compare to identify the current compliance position.

Discovery

The first step is to identify all the software applications used in an organisation. This includes both commercial software and open-source software.

Inventory

Once the software applications have been discovered, it is essential to maintain an inventory of them. This inventory should include details like the name of the application, version, license type, and the number of installations.

License Management

License management involves tracking the licenses purchased (along with Proof of Entitlement), their terms and conditions, and ensuring that they are being used in compliance with the license agreements. It is also important to avoid over-licensing or under-licensing of software.

Compliance

Compliance ensures that the organisation is using software in accordance with the licensing agreements (contract) and regulations (e.g. Copyrights, Designs and Patents act).

SAM helps to ensure that the organisation is compliant with the software licensing requirements of vendors and governing bodies and are using the vendors Intellectual Property in the proper way.

Optimisation

Optimisation involves making sure that the organisation is using software efficiently and effectively. This includes ensuring that the organisation is using the right software for the job, eliminating unused software, and identifying opportunities for cost savings.

Risk Management

Risk management involves identifying and mitigating risks associated with the use of software.

This includes risks related to license compliance, security, reputation and financial risks.

By focusing on these six pillars, an organisation can effectively manage its software assets and ensure that it is using software efficiently, effectively, and in compliance with licensing agreements and regulations.

Java Licensing
4th May 2023

Java is one of the most widely used programming languages in the world, with millions of developers using it to create applications for desktops, servers, and mobile devices.

However, when it comes to licensing, Java can be a complex and confusing topic for many developers.

Java is available under several different licenses, each with its own terms and conditions. While some versions of Java are free and open-source, others require a commercial license or subscription for use in certain situations.

Failure to comply with these licensing terms can result in legal and financial consequences.

In this blog, we'll explore the different types of Java licenses and the risks of non-compliance.

Types of License:

Java is available under several different licenses, each with its own terms and conditions. These licenses include:

GNU General Public License (GPL): The GPL is a free and open-source software license that allows users to use, modify, and distribute the software. However, any changes made to the software must also be released under the GPL.

Oracle Binary Code License (BCL): The BCL is a proprietary license that allows users to use and distribute the binary code of Java without modification. This license is suitable for use in situations where the source code is not required.

Oracle Java SE Subscription: The Java SE Subscription is a commercial license that provides additional features, support, and certifications for Java SE users. This license is required for use in production environments.

Oracle Java SE Advanced, Oracle Java SE Advanced Desktop, and Oracle Java SE Suite: These are commercial versions of Java SE that include additional features and support, and require a commercial license.

OpenJDK: OpenJDK is a free and open-source implementation of Java SE. It is released under the GPL and other open-source licenses.

Risks of Non-Compliance:

Failure to comply with Java licensing terms can result in legal and financial consequences.

These consequences may include:

Legal action: Oracle, the company that owns Java, has taken legal action against companies and individuals for non-compliance with Java licensing terms. This can result in costly legal fees and damages.

Fines: Non-compliance with Java licensing terms can result in fines from regulatory agencies. For example, the Federal Trade Commission (FTC) has fined companies for non-compliance with open-source licenses.

Reputational damage: Non-compliance with licensing terms can damage a company's reputation and erode customer trust.

Loss of support: Failure to comply with licensing terms can result in loss of support and updates from Oracle, which can impact a company's ability to use Java in production environments.

Security risks: Using outdated or unsupported versions of Java can create security risks for a company's systems and data.

Best Practices for Java Licensing Compliance

To avoid the risks of non-compliance with Java licensing terms, it's essential to follow best practices for licensing compliance. These best practices include:

Read and understand the licensing terms: Before using Java, it's essential to read and understand the licensing terms that apply to your use case. This includes reviewing the terms of the GPL, BCL, Java SE Subscription, and other relevant licenses.

Understand if Java has been deployed as part of another software product deployment and if so understand if the terms of the license for this product cover this instance of Java.

Keep track of Java usage: It's important to keep track of how Java is being used within your organization. This includes tracking the number of installations and the types of Java licenses being used.

Obtain appropriate licenses: If a commercial license or subscription is required for your use case, it's important to obtain the appropriate licenses from Oracle.

Monitor compliance: Regularly monitor your organization's Java usage to ensure that you are complying with licensing terms. This includes reviewing your use