How a global car rental company with 20,000+ employees and thousands of locations eliminated a $4.7M Oracle Java SE audit claim entirely — paying zero — through deployment auditing, virtualisation footprint optimisation, third-party entitlement review, and expert Oracle negotiation.
Avis Car Rental (part of Avis Budget Group) is a global automotive and travel services company with over 20,000 employees and thousands of rental locations worldwide. Java technology is deeply embedded in Avis's operational backbone — powering reservation systems, fleet management platforms, self-service kiosks at rental counters, customer-facing web applications, and back-end integration services that connect locations globally in real time.
When Oracle launched an intensive Java-focused audit, their findings alleged widespread non-compliance across Avis's enterprise environment. Oracle identified Java on hundreds of servers and desktops, applied their most aggressive licensing interpretations — including per-VM licensing for virtualised environments and retroactive charges for historical usage — and presented a compliance claim of approximately $4.7 million. Oracle's sales team simultaneously pressured Avis to accept either the full claim or a costly long-term Java SE subscription as a "resolution."
By engaging Redress Compliance for Java audit defence and advisory services, Avis achieved a complete zero-cost resolution. Oracle withdrew the entire $4.7M claim. No licence purchases. No subscriptions. No penalties.
| Metric | Oracle's Claim | Actual Outcome | Impact |
|---|---|---|---|
| Total Java Audit Claim | $4,700,000 | $0 | $4.7M saved — 100% reduction |
| Servers Flagged by Oracle | Hundreds (including VMs and indirect use) | Majority exempt, covered, or removed | Compliance scope reduced by ~90% |
| Java Subscriptions Required | Enterprise-wide or large-scale subscription | Zero subscriptions purchased | No recurring Java cost to Oracle |
| Virtualisation-Related Claims | Per-VM licensing demanded across clusters | Contained to specific hosts; majority eliminated | ~$1.5M in VM-related claims removed |
| Third-Party Embedded Java | Counted as Avis's licensing obligation | Covered under vendor redistribution agreements | ~$800K in third-party claims removed |
Key takeaway: Oracle claimed $4.7M based on inflated virtualisation counting, inclusion of third-party vendor-bundled Java, assumptions about indirect usage, and legacy deployments that didn't require licensing. Systematic audit analysis, virtualisation footprint optimisation, and entitlement review eliminated the entire claim — demonstrating that even multi-million dollar Java audit demands can be resolved at zero cost with the right expertise.
Avis's IT infrastructure supports one of the world's largest vehicle rental networks. The operational demands — real-time fleet availability across thousands of locations, dynamic pricing, online and kiosk-based reservations, loyalty programme integration, and complex supply chain logistics — require a technology stack built for both scale and reliability. Java has been a core component of that stack for over two decades.
1. Java's Pervasive Role in Avis's Operations:
Java SE was deployed across multiple layers of Avis's technology infrastructure:
Reservation and booking systems: Java-based application servers powered the reservation engine — processing millions of bookings annually across web, mobile, and call centre channels. These systems ran on clustered, virtualised infrastructure for high availability and disaster recovery.
Fleet management platforms: Real-time fleet tracking, vehicle assignment, and maintenance scheduling systems used Java for back-end processing, integration with GPS and telematics services, and communication with location-level systems.
Self-service kiosks and rental counter systems: Hundreds of kiosk and counter-top devices at rental locations ran Java-based applications for check-in, check-out, and contract generation — each device potentially constituting a separate Java installation in Oracle's count.
Enterprise integration (ESB/middleware): Java powered the enterprise service bus connecting Avis's core systems — ERP, CRM, financial reporting, and third-party partner integrations.
Desktop and developer environments: Java JDK on developer workstations and Java JRE on corporate desktops for internal web-based tools and legacy applications.
2. The Audit Trigger and Oracle's Approach:
Oracle's audit focused specifically on Java SE usage — an increasingly common audit vector as Oracle seeks to monetise its Java installed base. Oracle's Java audit scripts were deployed across Avis's accessible infrastructure, identifying every Java binary on reachable systems. The preliminary findings were alarming: Oracle claimed $4.7M in non-compliance, encompassing historical usage, current deployments, and projected future subscription costs.
| Audit Element | Details |
|---|---|
| Audit type | Intensive Oracle Java audit (formal scope) |
| Products in scope | Oracle Java SE (JDK and JRE) — all global installations |
| Geographic scope | Global — all Avis locations, data centres, and endpoints |
| Oracle's preliminary claim | ~$4.7M (historical non-compliance + forward subscription) |
| Key Oracle arguments | Per-VM licensing for virtualised environments; indirect Java usage; embedded Java in custom/third-party systems |
| Oracle's proposed resolution | Immediate multi-million dollar payment or long-term enterprise Java subscription |
Oracle's approach was notably aggressive on two fronts: virtualisation (arguing that each VM running Java required its own licence — not just the physical host) and indirect/embedded use (claiming that Java embedded in third-party vendor applications was Avis's licensing responsibility, not the vendor's). Both assertions were challengeable — and would prove to be the key vulnerabilities in Oracle's claim.
What IT Leaders Should Do Now — When a Java Audit Arrives
Control the information flow from day one: Oracle's audit team will request broad access and extensive data. Share only what your contract requires. Have every data submission reviewed by independent experts before delivery.
Challenge virtualisation claims immediately: If Oracle claims per-VM Java licensing, challenge the basis. Java licensing generally follows Oracle's Processor metric tied to physical hosts, not individual VMs — though Oracle frequently asserts otherwise.
Identify third-party embedded Java early: Catalogue every Java installation that was deployed by a third-party vendor's software. These are typically covered under the vendor's Oracle redistribution agreement — not your responsibility to licence separately.
Don't accept the settlement framing: Oracle positions the audit as a binary choice: pay the claim or buy a subscription. In reality, the claim itself is negotiable — and often largely or entirely eliminable.
The first phase was a comprehensive audit of every Java installation across Avis's global IT environment — distinguishing Oracle's commercial Java from open-source alternatives, legacy free-use versions, and third-party bundled distributions.
1. Independent Java Discovery:
The advisory team deployed independent scanning tools (separate from Oracle's scripts) to inventory every Java binary across Avis's infrastructure — servers, virtual machines, kiosk devices, desktops, and developer workstations. For each installation, they documented: Java version and build number, distributor (Oracle JDK, Oracle JRE, OpenJDK, Amazon Corretto, Adoptium, vendor-bundled), installation date and update history, whether the Java process was actively running or merely installed, and the application or service using the Java runtime.
2. Key Findings — Oracle's Overcounting:
| Java Category | Installations Found | Oracle Licence Required? | Action |
|---|---|---|---|
| Oracle JDK (post-April 2019, production) | ~110 servers | Potentially — requires analysis | Evaluated against entitlements and VM containment |
| OpenJDK / Corretto / Adoptium | ~150 systems | No — open-source, free distributions | Documented as non-Oracle; removed from scope |
| Oracle JDK (pre-April 2019, legacy builds) | ~65 servers | No — covered under legacy BCL free terms | Version evidence documented; removed from scope |
| Java bundled with third-party applications | ~120 systems | No — vendor redistribution agreements | Vendor agreements documented; removed from scope |
| Kiosk/counter Java (Oracle JRE) | ~300 devices | Potentially — depends on version | Migrated to OpenJDK; Oracle JRE removed |
| Desktop Java (corporate endpoints) | ~400 desktops | Potentially — triggers headcount pricing | Oracle JRE removed; OpenJDK deployed where needed |
| Java in Oracle product bundles | ~30 servers | No — covered under existing Oracle product licences | Documented as entitled; removed from scope |
3. Immediate Scope Reduction:
The independent discovery immediately demonstrated that Oracle's claim was built on a fundamentally overcounted base. Of the ~1,175 Java installations Oracle's scripts had flagged, approximately 765 (65%) were either non-Oracle Java, pre-April 2019 legacy versions, third-party vendor-bundled distributions, or Java covered under existing Oracle product entitlements. These installations should never have been included in Oracle's compliance claim — yet they were, inflating the demand by millions.
The remaining ~410 installations required further analysis: 110 production servers with Oracle JDK (evaluated against virtualisation and entitlements in subsequent phases), 300 kiosk devices (migrated to OpenJDK during remediation), and a handful of edge cases resolved through contract analysis.
The second phase targeted Oracle's virtualisation-specific claims — a significant component of the $4.7M demand and an area where Oracle's interpretation was particularly aggressive.
1. Oracle's Per-VM Java Licensing Argument:
Oracle's audit team asserted that each virtual machine running Java SE required its own licence allocation. In Avis's environment, Java was deployed on VMs spread across VMware clusters — meaning Oracle was attempting to count each VM as a separate licensing unit. For a company running Java on potentially dozens of VMs across multiple clusters, this per-VM approach dramatically inflated the licensing requirement compared to licensing at the physical host level.
This argument parallels Oracle's broader soft partitioning position on VMware environments. Oracle's claim: because VMs could theoretically move between hosts via vMotion, every host in the cluster might need licensing. The advisory team challenged this on both contractual and technical grounds.
2. Containment Strategy:
Working with Avis's infrastructure team, the advisory team implemented a virtualisation containment strategy for Java workloads. Oracle Java-running VMs were concentrated onto a defined subset of physical hosts using VMware DRS affinity rules and resource pool boundaries. vMotion scope was restricted to prevent Java-bearing VMs from migrating outside the designated hosts.
This containment converted the licensing conversation from "how many VMs run Java?" to "how many physical hosts are designated for Java workloads?" — dramatically reducing the licensing footprint.
| Virtualisation Metric | Oracle's Claim (Per-VM) | Contained Position (Per-Host) | Impact |
|---|---|---|---|
| Java-running VMs | ~85 VMs across 14 hosts | Contained to 4 designated hosts | Licensing scope reduced to 4 hosts |
| Licensing units | 85 VMs × per-VM cost | 4 hosts × per-Processor cost | ~80% reduction in VM-related licensing |
| Financial impact | ~$1.5M of the total claim | Covered by existing entitlements + containment | ~$1.5M eliminated |
3. Contractual Challenge to Per-VM Interpretation:
The advisory team also challenged Oracle's per-VM licensing interpretation on contractual grounds. Oracle's Java SE licence — whether under the legacy BCL or the current NFTC — defines licensing requirements based on Processors. The Processor metric counts physical processors (or cores with a core factor), not virtual machines. Oracle's assertion that each VM is a separately licensable unit is an interpretation layered on top of their Partitioning Policy — a unilateral document not necessarily incorporated into Avis's Java licence terms.
The combined technical containment and contractual challenge eliminated approximately $1.5M of Oracle's claim — the entire virtualisation-related component.
What IT Leaders Should Do Now — Java Virtualisation Defence
Contain Java workloads on dedicated hosts: Use VMware DRS affinity rules to restrict Java-running VMs to designated physical hosts. This limits licensing scope to those hosts, not the entire cluster.
Challenge per-VM licensing assertions: Oracle's Processor metric is defined as physical processors/cores, not virtual machines. If Oracle claims per-VM licensing, demand contractual justification.
Document your VMware configuration: DRS rules, affinity groups, vMotion boundaries, and resource pools. This evidence is essential for defending against virtualisation-based claims.
Complete containment before responding to Oracle: Implementing host containment proactively — before your audit response — demonstrates governance maturity and creates a defensible licensing position.
The third phase addressed a critical but frequently overlooked defence vector: Java usage rights that Avis already possessed through third-party vendor agreements and existing Oracle product licences.
1. Third-Party Vendor-Bundled Java:
A substantial portion of Java installations in Avis's environment had been deployed not by Avis's IT team, but by third-party software vendors whose products bundle Java as a runtime dependency. Fleet management software, payment processing systems, telematics integrations, and monitoring tools all shipped with their own Java runtime. Under Oracle's redistribution programme, these vendors obtain redistribution rights that cover their customers' use of the bundled Java — meaning Avis didn't need a separate Oracle licence for these installations.
The advisory team contacted each relevant vendor and obtained documentation confirming their Oracle redistribution agreements. This evidence was compiled into the audit response, demonstrating that approximately 120 systems running vendor-bundled Java were covered under the vendors' redistribution rights — removing approximately $800K from Oracle's claim.
2. Existing Oracle Product Entitlements:
Avis also held licences for several Oracle products that include Java SE usage rights as a component:
| Oracle Product | Java Entitlement | Avis Systems Covered |
|---|---|---|
| Oracle WebLogic Server | Java SE included as middleware component | ~12 servers |
| Oracle Database | Java SE included for database Java VM | ~8 servers |
| Oracle Fusion Middleware | Java SE included as platform component | ~6 servers |
| Oracle Forms/Reports | Java SE included for application tier | ~4 servers |
| Total covered | — | ~30 servers already entitled |
These 30 servers were among those Oracle had flagged as requiring separate Java subscriptions. By mapping each installation to its covering Oracle product licence and presenting the ordering documents and CSIs, the advisory team removed these from the compliance scope entirely.
3. Prior Oracle Agreement Review:
The team also reviewed Avis's historical Oracle agreements — going back over a decade — to identify any Java-related entitlements that might have been forgotten or misunderstood. This uncovered legacy Java development licences from earlier Oracle contracts that provided perpetual rights for specific use cases. While the scope of these legacy rights was limited, they covered several edge-case installations that Oracle had included in their claim.
In parallel with the entitlement analysis, the advisory team coordinated a rapid Java remediation programme across Avis's global environment — removing Oracle Java where it wasn't essential and migrating to open-source alternatives.
1. Kiosk and Rental Counter Migration:
The largest single category of Java installations was the ~300 kiosk and rental counter devices across Avis's location network. These devices ran Oracle JRE for check-in/check-out applications and contract printing. The advisory team worked with Avis's application team to test and certify Eclipse Adoptium (OpenJDK) as a compatible replacement. Once certified, all 300 devices were migrated to OpenJDK — eliminating Oracle's basis for licensing these endpoints and removing a significant portion of the claim.
2. Desktop and Corporate Endpoint Cleanup:
Approximately 400 corporate desktops had Oracle JRE installed — in many cases as a legacy browser plugin or a dependency for internal web applications that had since been modernised. The team coordinated a company-wide desktop remediation: Oracle JRE was uninstalled from all corporate desktops, and where a Java runtime was still needed, Adoptium was deployed as the default. This eliminated the entire desktop footprint from Oracle's compliance scope and, critically, removed Oracle's basis for applying the employee headcount pricing model.
3. Development Environment Migration:
Developer workstations and staging servers running Oracle JDK were migrated to Amazon Corretto and Eclipse Adoptium. For Avis's development use cases, there was no functional dependency on Oracle-specific Java features — OpenJDK builds were fully compatible with the application stack.
| Remediation Action | Devices/Systems | Completion Time | Impact |
|---|---|---|---|
| Kiosk/counter migration → OpenJDK | ~300 devices | 6 weeks | Eliminated largest endpoint category |
| Desktop Oracle JRE removal | ~400 desktops | 4 weeks | Removed headcount pricing basis |
| Dev/staging migration → Corretto/Adoptium | ~35 servers | 3 weeks | Removed dev from compliance scope |
| Non-critical app migration → OpenJDK | ~25 servers | 4 weeks | Further reduced Oracle Java footprint |
| Total remediated | ~760 systems | ~8 weeks | ~85% reduction in Oracle Java installations |
All remediation was completed and documented before the formal audit response — demonstrating to Oracle that Avis was managing its Java environment responsibly and had actively addressed the situation. This proactive posture significantly influenced Oracle's willingness to accept a favourable resolution.
With the data validated, environment optimised, entitlements mapped, and remediation complete, the advisory team managed the formal negotiation with Oracle's audit team — presenting an evidence-based position that left Oracle no sustainable basis for their claim.
1. The Audit Response:
The comprehensive response addressed every element of Oracle's $4.7M claim across five categories:
| Oracle Claim Category | Defence | Result |
|---|---|---|
| Non-Oracle Java counted as Oracle ($1.2M) | Independent scan evidence; OpenJDK/Corretto identification; version analysis | Fully eliminated — not Oracle's product |
| Virtualisation per-VM claims ($1.5M) | Host containment via DRS affinity; contractual Processor metric analysis | Fully eliminated — contained to entitled hosts |
| Third-party vendor-bundled Java ($800K) | Vendor redistribution agreements documented | Fully eliminated — vendor's licence responsibility |
| Desktops, kiosks, dev environments ($700K) | Migration to OpenJDK completed and documented | Fully eliminated — Oracle Java removed |
| Remaining servers with Oracle JDK ($500K) | Covered by existing Oracle product entitlements (WebLogic, DB, Middleware) + legacy agreement rights | Fully covered — no new licences required |
| Total: $4.7M | — | $0 — entire claim eliminated |
2. Oracle's Withdrawal:
The advisory team managed all communications with Oracle's audit team, presenting the corrected data in a structured, professional format that addressed each finding with supporting evidence. Oracle initially contested several points — particularly the virtualisation containment and the scope of existing product entitlements — but the evidence was comprehensive and difficult to dispute.
After several months of back-and-forth, Oracle agreed to drop the claim entirely. The audit was formally closed with no licence purchases, no subscription commitments, and no financial penalties. The $4.7M demand was fully withdrawn.
3. The Complete Zero-Cost Resolution:
This outcome was achieved through the combination of all five defence phases working together. No single phase would have eliminated the full claim — but collectively, they addressed every element of Oracle's demand with factual evidence that Oracle could not sustain. The result: one of the cleanest possible audit outcomes — $4.7M to $0.
Client Testimonial — IT Procurement Lead, Avis: "When Oracle told us we owed almost $5 million for Java, we were stunned. Redress Compliance came in and completely changed the outcome. Their deep knowledge of Oracle Java licensing and savvy negotiation skills saved us from paying a single dollar. They gave us a clear strategy to resolve the audit and even helped us future-proof our Java usage. It's expertise we simply didn't have in-house."
Beyond the immediate $4.7M savings, the engagement delivered lasting governance improvements that protect Avis against future Oracle Java exposure.
1. Java Asset Management Controls:
Avis implemented a comprehensive Java governance framework: centralised Java inventory maintained through endpoint management tools with quarterly automated scans; procurement gate requiring approval for any Oracle JDK installation (OpenJDK is the default for all new deployments); vendor Java documentation requiring all new software contracts to specify whether bundled Java is covered under the vendor's redistribution agreement; and VMware-Java governance ensuring that any changes to DRS rules, vMotion scope, or host assignments for Java-bearing clusters require licensing review.
2. Open-Source Java Strategy:
Avis adopted a formal OpenJDK-first strategy: all new application deployments use Eclipse Adoptium or Amazon Corretto unless Oracle JDK is specifically required for certified compatibility. This policy, combined with the kiosk, desktop, and dev migration completed during the engagement, means Avis's future Oracle Java footprint is minimal — and fully tracked.
3. Vendor Compliance Model:
The experience became a template for how Avis handles other vendor compliance reviews. The structured approach — independent data validation, proactive remediation, entitlement analysis, and controlled communication — is now the standard playbook for any vendor audit, not just Oracle. The IT procurement team gained institutional knowledge that strengthens Avis's position across all software licensing relationships.
| Governance Improvement | Description | Long-Term Impact |
|---|---|---|
| Centralised Java inventory | Quarterly scans; real-time dashboard tracking Oracle vs OpenJDK | Prevents uncontrolled Java accumulation |
| Procurement gate for Oracle JDK | Any Oracle JDK installation requires licensing approval | Stops new Oracle Java exposure at source |
| OpenJDK-first policy | All new deployments default to Adoptium/Corretto | Minimises future Oracle licensing surface |
| Vendor redistribution documentation | All software contracts specify Java bundling and redistribution rights | Prevents third-party Java from creating Oracle exposure |
| VMware-Java change management | Cluster/DRS changes require licensing review | Maintains virtualisation containment |
Avis's zero-cost resolution joins a growing portfolio of Java audit defence outcomes demonstrating that Oracle's Java claims are systematically overstated and consistently reducible through expert defence.
| Client | Industry | Oracle Claim | Outcome | Cost |
|---|---|---|---|---|
| Avis Car Rental | Mobility / Rental | $4.7M | Claim withdrawn | $0 |
| Kroger | Retail / Grocery | $20M | Resolved at zero cost | $0 |
| Illinois Manufacturing | Manufacturing | $5.3M | Resolved | Minimal |
| World Kinect | Energy / Logistics | $5M | Claim withdrawn | $0 |
| Mercy Health | Healthcare | $4M | Resolved at zero cost | $0 |
| Crown Equipment | Manufacturing | $4M | Resolved at zero cost | $0 |
| Aegean Airlines | Aviation | $2M | Resolved at zero cost | $0 |
| CSAA Insurance | Insurance | $1.5M | Resolved at zero cost | $0 |
| Swedish Manufacturing | Manufacturing | $5M | $5M saved | Minimal |
The cumulative pattern: over $55M+ in Oracle Java audit claims resolved at zero or near-zero cost. The defence methodology is consistent across every engagement — validate Oracle's data, optimise the Java estate, map entitlements, remediate proactively, and present Oracle with a factual position they cannot sustain. The fact that this works across mobility, retail, manufacturing, energy, healthcare, aviation, and insurance demonstrates that Oracle's Java audit claims share common, exploitable weaknesses regardless of industry.
Whether you're a global mobility company like Avis or any enterprise with Oracle Java installations, here is the action plan that consistently delivers results.
| # | Action | Timing | Expected Impact |
|---|---|---|---|
| 1 | Inventory all Java installations globally. Use endpoint management tools to catalogue every Java version, distributor, and deployment context. Distinguish Oracle JDK from OpenJDK, Corretto, Adoptium, and vendor-bundled Java. | Immediate | Establishes your actual Java position; identifies Oracle overcounting |
| 2 | Remove Oracle Java from all desktops, kiosks, and endpoints. Replace with Eclipse Adoptium or Amazon Corretto. This eliminates Oracle's basis for enterprise headcount pricing — typically the largest component of Java claims. | Within 30 days | Removes the largest category of installations from scope |
| 3 | Contain Java workloads in VMware. Use DRS affinity rules to restrict Java-running VMs to designated physical hosts. Document configuration and maintain vMotion logs. | Within 30 days | Defeats per-VM and full-cluster licensing claims |
| 4 | Document all third-party vendor-bundled Java. Contact vendors whose software includes Java runtime. Obtain redistribution agreement confirmation. Add Java bundling clauses to all new software contracts. | Within 60 days | Removes vendor-bundled Java from your licensing obligation |
| 5 | Map remaining Oracle Java to existing product entitlements. Review WebLogic, Database, Middleware, EBS, and other Oracle product licences for Java SE bundling rights. | Within 60 days | Demonstrates existing coverage for remaining installations |
| 6 | Implement a Java governance policy. OpenJDK by default; Oracle JDK requires procurement approval; quarterly automated scans; vendor Java documentation requirements. | Ongoing | Prevents future Java exposure from accumulating |
| 7 | If Oracle contacts you — engage Java audit expertise immediately. The first data submission and response shape the entire audit outcome. Expert guidance before responding is the highest-ROI investment in the process. | When triggered | Controls the audit trajectory; maximises claim reduction or elimination |
Key point: Avis faced a $4.7M Oracle Java audit claim. Through systematic deployment auditing, virtualisation containment, third-party entitlement documentation, proactive remediation, and expert negotiation, the entire claim was resolved at zero cost. This outcome is achievable for any enterprise that prepares properly. Oracle's Java audit claims are built on overcounting, aggressive interpretations, and failure to account for existing rights — all of which are factually correctable.
Through a five-phase defence: (1) independent Java deployment audit identifying 65% of Oracle's flagged installations as non-Oracle, legacy, or vendor-bundled; (2) virtualisation footprint optimisation containing Java to 4 designated hosts, eliminating $1.5M in per-VM claims; (3) third-party entitlement review removing $800K in vendor-bundled Java; (4) migration of 760 kiosks, desktops, and dev systems to OpenJDK; (5) mapping remaining servers to existing Oracle product entitlements. Oracle withdrew the entire claim.
Oracle's Java licensing uses the Processor metric, which counts physical processors/cores — not virtual machines. Oracle frequently asserts per-VM licensing during audits, but this interpretation is based on their Partitioning Policy, which may not be part of your specific licence terms. Containing Java VMs to designated physical hosts via DRS affinity rules limits licensing scope to those hosts.
Generally no. Software vendors who bundle Java runtime with their products obtain redistribution rights from Oracle that cover their customers' use. If a vendor's product ships with Java, the vendor's redistribution agreement typically covers your use. Obtain documentation from your vendors confirming their redistribution rights and present this during any audit.
Since January 2023, Oracle's Java SE Universal Subscription is priced at approximately $15 per employee per month for the entire organisation. This model is designed to be Oracle's default pricing for enterprise Java. However, it's avoidable by removing Oracle Java from desktop endpoints and demonstrating that Java usage is limited to specific servers — or eliminating Oracle Java entirely through migration to OpenJDK.
Very common — across Java audit engagements, Oracle's preliminary findings contain errors affecting 30–65% of the claimed scope. Errors include double-counting systems, including decommissioned servers, misidentifying OpenJDK as Oracle JDK, and counting vendor-bundled Java as the customer's licensing obligation. Independent data validation is essential.
Yes. Oracle WebLogic Server, Oracle Database, Oracle Fusion Middleware, Oracle E-Business Suite, and other products include rights to use Java SE as a component. Oracle's audit process doesn't automatically credit these entitlements — you must identify and assert them with supporting ordering documents.
In most cases, no. Kiosk and counter-top devices can typically run OpenJDK alternatives (Adoptium, Corretto) without any functional impact. Migrating these devices to open-source Java eliminates a large volume of Oracle Java installations and significantly reduces audit exposure — as demonstrated in Avis's case with 300 devices migrated.
Typically 3–9 months from engagement to audit closure. The timeline includes data validation (2–4 weeks), remediation (4–8 weeks), entitlement analysis (2–4 weeks), and negotiation with Oracle (2–4 months). Well-prepared defences with completed remediation tend to resolve faster.
Eclipse Adoptium (Temurin), Amazon Corretto, Red Hat OpenJDK, Azul Zulu, and IBM Semeru are the most widely adopted. All are free, functionally equivalent to Oracle JDK, receive regular security updates, and are suitable for production use. They carry no Oracle licensing obligation.
Redress provides end-to-end Java audit defence: independent deployment auditing, virtualisation containment strategy, third-party entitlement documentation, remediation planning and execution support, and direct negotiation with Oracle LMS. All fixed-fee, 100% vendor-independent. Track record: $55M+ in Java audit claims resolved at zero or near-zero cost.
This article is part of our Oracle Java Audit pillar. Explore related guides:
Redress Compliance has helped hundreds of Fortune 500 enterprises — typically saving 15–35% on Oracle renewals, ULA negotiations, and audit defense.
100% vendor-independent · No commercial relationships with any software vendor