In 2015, Mars Inc. took the extraordinary step of suing Oracle to stop an aggressive licence audit from spiralling out of control. The case β one of the only public legal fights over Oracle's audit practices β exposed the tactics Oracle uses behind closed doors with thousands of customers. This independent analysis covers what happened, why it matters, and how your organisation can defend itself.
The Oracle vs. Mars conflict began as a routine licence review in 2014 and rapidly escalated into one of the most revealing public disputes in enterprise software licensing history. Mars Inc. β the global confectionery and pet care giant β was an Oracle customer under a long-standing 1993 licence agreement. Oracle's License Management Services (LMS) team initiated an audit focused on Mars' use of Oracle databases and software, particularly in VMware virtualised environments.
The flashpoint was Mars' use of VMware virtualisation (vSphere 5.x). Oracle's auditors claimed that VMware could enable Oracle programs to run on any connected server β and therefore demanded that Mars run Oracle's audit scripts and provide detailed data on all servers in Mars' IT environment, including servers where no Oracle software was installed. Mars provided Oracle with over 233,000 pages of documentation demonstrating compliance. But Oracle insisted on data beyond the agreed-upon audit scope, including details of every VMware server cluster β arguing that even systems not currently running Oracle might need licensing if Oracle software could potentially migrate to them.
Tensions escalated when Oracle issued a formal notice alleging that Mars was in material breach of the licence agreement for failing to fully comply with the audit. Oracle threatened to terminate Mars' Oracle licences and support within 30 days. Mars disagreed vehemently, maintaining that it had honoured the contract's audit clause β which allowed audits of use of Oracle programs β and that Oracle was fundamentally overreaching.
By October 2015, Mars took the extraordinary step of filing a lawsuit in the Superior Court of California (San Francisco), seeking a court order to restrain Oracle's audit conduct within the contract's bounds and prevent Oracle from cancelling Mars' licences. It was a bold move β essentially turning the tables and challenging Oracle's audit practices in open court.
Just weeks later, in December 2015, a private settlement was reached and Mars withdrew its complaint. The settlement details remain confidential, but the public court filings shed unprecedented light on Oracle's audit methods β confirming that Oracle's push was largely driven by its virtualisation licensing stance, a position not explicitly written in Mars' contract.
"The Oracle vs. Mars case is the most important public window into how Oracle actually conducts audits. What Mars experienced β the scope creep, the breach notices, the termination threats, the demand for data on non-Oracle systems β happens behind closed doors with thousands of Oracle customers every year. The difference is that Mars was brave enough to fight it in court. Every CIO running Oracle should study this case, because the tactics Oracle used against Mars are the same tactics they'll use against you."
β Fredrik Filipsson, Co-Founder, Redress ComplianceMars Inc. enters into an Oracle licence agreement β the foundation of a 20+ year customer relationship. The contract includes standard audit rights allowing Oracle to verify "use" of its programs.
Oracle's License Management Services (LMS) team begins a routine audit of Mars' Oracle deployments. Mars cooperates and begins compiling evidence of its Oracle database usage.
Oracle demands that Mars run audit scripts across all servers β including non-Oracle systems. Oracle insists on VMware cluster data, arguing any connected server might need licensing. Mars provides 233,000+ pages of documentation but pushes back on requests exceeding the contract's audit scope.
Oracle issues a formal material breach notice, alleging Mars failed to comply fully with audit demands. Oracle threatens to terminate all Mars licences and support within 30 days if Mars doesn't acquiesce.
Mars sues Oracle in the Superior Court of California (San Francisco), seeking a court order to restrain Oracle's audit within contractual bounds and prevent licence termination. Public court filings expose Oracle's audit tactics.
Mars and Oracle reach a private settlement. Mars withdraws its complaint. The case never goes to trial. Oracle avoids a judicial ruling on the legality of its audit practices β but the public filings remain as a permanent record of its tactics.
The Oracle vs. Mars saga revealed several audit tactics that Oracle has been reported to employ across its customer base. These tactics raise serious concerns for every Oracle customer:
| Tactic | How Oracle Applied It Against Mars | Why It Matters for Your Organisation |
|---|---|---|
| Expansive audit scope | Demanded information on all servers β including those not running Oracle β interpreting "installed or running" to include any environment where Oracle could run (e.g., any VMware host in a cluster) | Oracle may claim your entire virtualised infrastructure needs licensing, not just the VMs running Oracle. This can multiply exposure by 4β8Γ |
| Script execution and data dumps | Insisted Mars run Oracle-provided scripts across its infrastructure. These scripts reveal all deployments, VMware configurations, and even the presence of non-Oracle software | Running Oracle's scripts without review can expose your entire IT estate. Always review scripts in a test environment first and understand what data they collect |
| "Fishing expedition" demands | Repeatedly shifted requests and moved the goalposts. After Mars complied with reasonable Oracle usage data, Oracle continued asking for more β including data on unrelated servers and Mars personnel who didn't use Oracle | Oracle may use each piece of data to generate additional "findings." Only provide data required by the contract β not everything Oracle requests |
| Breach notices and threats | Issued formal breach notices and threatened licence termination within 30 days. Used the threat of losing access to critical Oracle systems as maximum-pressure negotiation tool | The termination threat is Oracle's most powerful weapon. Know your contract's cure period, dispute rights, and termination protections before an audit begins |
| Avoiding judicial scrutiny | Settled quickly once Mars brought the dispute to court. Oracle preferred a confidential settlement over risking a legal precedent that could limit its audit practices | Oracle knows its positions are often not contractually supported. A well-prepared customer who is willing to push back β even to court β often gets a far better outcome |
"Audit by intimidation" is Oracle's operating model. The Oracle vs. Mars case confirmed what industry experts have long observed: Oracle's audit teams leverage complexity, fear of termination, and information asymmetry to drive licence sales or settlements. The vast majority of customers capitulate under pressure without realising that Oracle's claims may not be contractually enforceable. The few who push back β like Mars β consistently achieve better outcomes.
Learn the 10 strategies that enterprises use to defend against Oracle's audit tactics β from managing scope to challenging findings β based on real-world engagement patterns including cases like Oracle vs. Mars.
Download Whitepaper βMany Oracle audit disputes stem from similar contract pitfalls and scenarios as seen in the Mars case. CIOs should review these areas in their Oracle agreements:
| Pitfall / Audit Trigger | Description and Impact | How to Protect Yourself |
|---|---|---|
| Virtualisation and soft partitioning | Using VMware or other hypervisors can trigger Oracle claims that all physical hosts must be licensed β even if Oracle runs on only a few VMs. Oracle's partitioning policy treats VMware as "soft partitioning" not recognised for licence reduction. This was the central issue in Oracle vs. Mars | Seek explicit contractual clarity on virtualised environments. Use Oracle-approved hard partitioning or dedicated physical servers. See our Oracle VMware licensing guide |
| Undefined "installed" or "use" terms | Ambiguities in what counts as "use" or "installation" can be exploited. Oracle argued in the Mars case that software available on a server equals a licensable installation β even if it's not actually running | Review contract definitions carefully. If vague, negotiate amendments that align "use" with actual deployment, not theoretical availability |
| Licence metric changes | Oracle's processor definitions, core factors, and NUP rules can change or be interpreted strictly. New CPUs, added cores, or hyper-threading can unknowingly push you past entitlements | Monitor hardware changes and re-calculate licence positions whenever infrastructure changes. Document all calculations with official Oracle metrics |
| Multiple or legacy contracts | Companies with multiple Oracle agreements or older contracts (like Mars' 1993 agreement) face conflicts or gaps. M&A activity that inherits Oracle licences is especially risky β contract consolidation often triggers audits | Conduct a full contract inventory. Identify inconsistencies between agreements. Address gaps before Oracle identifies them during an audit |
| Oracle Options and Packs usage | Oracle database Options (Partitioning, RAC, Advanced Compression) and Management Packs require separate licences. DBAs frequently enable these features without realising they're unlicensed β Oracle auditors look for this first | Audit all Oracle feature usage with tools like Oracle's own scripts or third-party discovery tools. Disable any unlicensed Options and Packs immediately |
| Weak audit clauses | Broad inspection rights, short response timelines, and no dispute resolution mechanism give Oracle maximum leverage during audits. Combined with aggressive tactics, a weak audit clause can turn a review into a crisis | Negotiate audit terms: advance notice periods (45+ days), frequency limits (no more than once per 12 months), scope constraints (only actual Oracle deployments), and dispute resolution procedures |
| Lesson | What Mars Demonstrated | What You Should Do |
|---|---|---|
| Know your contracts | Mars successfully argued that Oracle's audit rights were limited to actual "use" of its software β not theoretical availability. The contract language saved them | CIOs and sourcing teams must thoroughly understand Oracle licence agreements β particularly audit, usage definitions, and termination clauses. Read every word before an audit begins |
| Document and limit audit scope | Mars resisted Oracle's attempts to expand the audit to non-Oracle environments. They drew a line at the contract language and held firm | Provide only what the contract requires. Push back on requests for non-Oracle infrastructure data. Document everything you provide β and everything you decline with explanation |
| Virtualisation is a licensing minefield | The entire Oracle vs. Mars dispute centred on VMware licensing interpretation. Oracle's position was not in the contract β it was an internal policy applied unilaterally | Seek written contractual clarity on virtualised environments. Consider architecture changes (dedicated physical servers, Oracle VM) to eliminate ambiguity. See our virtualisation licensing guide |
| Don't assume Oracle's claims are law | Mars showed that customers can challenge Oracle's interpretations. Oracle's policies and sales materials are not contractually binding unless incorporated into your agreement | Differentiate between Oracle's contractual terms and its policies or sales tactics. If Oracle cites a policy not in your contract, it may not be enforceable. Challenge it |
| Engage experts early | Mars enlisted outside counsel and licensing advisors to navigate and counter Oracle's audit. Expert guidance was critical to their defence | Involve your legal team and independent Oracle licensing specialists as soon as you receive an audit notice. Experienced advisors identify overreach and negotiate from strength |
| Prepare for disruption | Mars dedicated significant internal resources and produced an enormous volume of data. The audit consumed months of staff time and executive attention | Have an internal audit-response plan. Designate knowledgeable asset owners, maintain up-to-date deployment records, and be prepared to gather compliance evidence quickly |
| Consider your risk tolerance | Mars chose to fight β and it worked. But it was a major undertaking that required executive commitment, legal resources, and a willingness to escalate to court | Evaluate whether it's better to negotiate an acceptable deal up front (e.g., a ULA for cost certainty) versus risking a drawn-out audit battle. Each organisation's risk profile is different |
"The single most important lesson from Oracle vs. Mars is this: Oracle's audit demands are a negotiating position, not a legal requirement. The contract is the only thing that matters. When Mars pointed to the actual contract language and said 'this is all you're entitled to,' Oracle couldn't answer β because they knew Mars was right. Every enterprise should approach Oracle audits with the same mentality: cooperate within the contract, push back on everything beyond it, and be prepared to escalate if Oracle doesn't back down."
β Fredrik Filipsson, Co-Founder, Redress ComplianceVirtualisation exposure, Options and Packs usage, unlicensed environments, and weak audit clauses β these are the risks Oracle's audit teams exploit most frequently. Learn how to identify and close them before Oracle arrives.
Download Whitepaper βImagine Company X, a global manufacturer, which β like Mars β runs Oracle databases on a VMware virtualised cluster. One day, Company X receives a polite-sounding licence review notice from Oracle. Expecting a routine check, the IT team begins compiling evidence of their Oracle database licences and usage.
However, Oracle's auditors soon ask Company X to deploy scripts across all servers in their data centre. The scripts report back not just on Oracle software, but also flag that VMware vSphere is in use. Oracle then demands a list of every physical server connected to the VMware environment β insisting that even servers with no Oracle products must be counted for licensing due to the potential for VM migration.
Company X's CIO becomes concerned β these demands exceed the Oracle contract. Oracle points to an internal policy document (not part of the signed agreement) and claims a hefty licence shortfall: dozens of unlicensed servers owing database licences, back support fees, and penalties. The amount runs to millions of dollars. Oracle sets a 30-day deadline to "resolve" the findings β essentially, buy more licences or face support termination.
Rather than panic, Company X convenes its response team. They review the contract's audit clause β which, just like Mars', limits audits to "use" of Oracle programs. Nowhere does it require licensing "available" capacity. Company X engages an independent Oracle licensing advisory firm and legal counsel. Together, they draft a firm reply: providing data on actual Oracle installations and usage, but refusing the request for non-Oracle server information that isn't contractually required. They remind Oracle of the contract language and ask Oracle to explain how their requests align with the signed agreement.
Oracle's sales team pushes harder, threatening escalation. But Company X stands its ground, prepared to litigate if needed. Faced with a well-prepared customer, Oracle backs off the most extreme demands. The two sides negotiate a resolution: Company X agrees to purchase a few additional licences to address genuine shortfalls, and Oracle closes the audit without the massive compliance bill originally feared.
Company X avoided a worst-case scenario by understanding its contract, asserting its rights, and utilising expert assistance β exactly as Mars did. The pattern is consistent: well-prepared customers who know their contracts and are willing to push back achieve dramatically better audit outcomes than those who capitulate under pressure.
This example is fictitious but based on patterns seen in real Oracle audits.
| Recommendation | Detail |
|---|---|
| Thoroughly review Oracle contracts | Regularly audit your own agreements. Understand definitions of "processor," "user," "installed," and "use." If language is vague, seek amendments or clarifications before an Oracle auditor exploits them |
| Proactively address virtualisation | If you run Oracle on VMware, obtain written contractual clarification. Consider hard partitioning (Oracle VM, IBM LPAR, Solaris Zones), dedicated hosts, or negotiating a special clause. Virtualisation ambiguity is Oracle's most profitable audit lever |
| Maintain robust licence tracking | Implement processes or tools to continuously monitor Oracle deployments, user counts, processor counts, and features enabled. Real-time knowledge makes audits far less painful and reduces the chance of surprises |
| Train and communicate internally | Educate IT staff on Oracle licensing rules. Ensure DBAs know that enabling an unlicensed database Option or cloning an Oracle VM to a new host has compliance implications. A culture of licence awareness prevents accidental non-compliance |
| Engage experts at the first audit notice | The moment an Oracle audit notice arrives, involve contract managers, legal counsel, and independent Oracle licensing specialists. Early expert guidance significantly influences the scope and tone of the audit |
| Control the audit process | Be cooperative within contractual limits while managing the flow of information. Review Oracle's scripts in a test environment first. Only provide contractually required data. Insist on written follow-ups so there's a clear record of every exchange |
| Push for a fair resolution | If genuine shortfalls exist, negotiate pragmatically. If findings are based on questionable interpretations, dispute them. Ask Oracle to show where the contract supports their claim. Well-prepared customers consistently reach better settlements |
| Learn from peer experiences | Stay informed through user groups, industry publications, and peers about Oracle's latest audit tactics. Tactics evolve β including increased audits of Java licensing in recent years. Knowing how Oracle vs. Mars unfolded helps you anticipate Oracle's playbook |
| Evaluate Oracle dependency | Assess the criticality of Oracle to your operations and whether diversifying or using alternatives could reduce risk exposure. Some organisations mitigate audit risk by limiting Oracle footprint expansion, shifting workloads to alternative platforms, or negotiating ULAs that provide cost certainty |
Whether you're facing an audit, preparing for a renewal, or negotiating a new deal β this whitepaper provides CIOs with a framework for shifting the power dynamic back in your favour when dealing with Oracle.
Download Whitepaper βOur team includes former Oracle executives who know exactly how Oracle's LMS and audit teams operate. We've defended hundreds of enterprises against Oracle audits β challenging overreach, reducing exposure, and negotiating outcomes that protect our clients' interests. If you're facing an Oracle audit or want to prepare before one arrives, we can help.
A practical framework for CIOs managing complex Oracle estates β covering inventory, compliance verification, virtualisation risk containment, and the negotiation strategies that protect your budget and your business continuity.
Download Whitepaper βExpert defence against Oracle's LMS and audit teams. We challenge overreach, reduce exposure, and negotiate outcomes that protect your interests.
Learn More βFull deployment inventory, compliance verification, and cost optimisation across databases, middleware, applications, and Java.
Learn More βIndependent advisory for Oracle renewals, ULAs, and new purchases β protecting audit clauses, pricing, and contractual rights.
Learn More β