Software Audits: How High-Tech Software Vendors Play Hardball

snydeq writes: InfoWorld's Dan Tynan offers an inside look at how high-tech software vendors such as Adobe, Oracle, and IBM play hardball over software licensing, pushing customers to "true up" to the tune of billions of dollars per year -- and using the threat of audits as a sales tool to close lucrative deals. "When it comes to software audits, the code of omerta prevails," Tynan writes. "It's not a question of whether your organizations' software licenses will get audited. It's only a question of when, how often, and how painful the audits will be. The shakedown is such a sure thing that nearly every customer we contacted asked us to keep their names out of this story, lest it make their employers a target for future audits."

Ok, so how should it work?

[ShooterNeo]

Software is immensely expensive to create. The bigger, real world systems actually in use cost a fortune in real money to create because the bigger and more complex they get, the more people are needed to try to increase productivity by increasingly small percentages.

The money has to come from somewhere. If companies can't pay their programmers, the software stops being made. The open source model is an alternative in SOME cases - but not all.

Software is pathetically easy to steal. Somehow the companies making the software need to get paid. Going after individual thieves is a waste of time, but targeting corporations with deep pockets makes perfect sense.

Sue Joe Smoe for ripping off Microsoft Office, and you won't recover enough to pay your lawyers and the fees to file the lawsuit. Sue Exxon because they paid for 1000 copies of Office but used 10,000, and they will be able to pay any court judgement. You can ask the courts for your legal fees, the cost of the software they stole, and compensation for your trouble.

Not see what is unfair or unjust about this. The "hardball" tactic described here is to find companies that are stealing software, and offer them this "true up" deal. This is just a pre-lawsuit bargain - they pay a lot less than they would pay if there were a court judgement, you get your money now. Sounds fair and reasonable to me.

If companies don't want to face this risk, they can use open source software. Oh, it costs them more to have an in house programmer staff to customize the software for their needs? (since open source stuff tends to be a bit rough around the edges) Then pay the damn commercial license fees, and buy a few more than you need just to be on the safe side.

Re:Ok, so how should it work?

Then buy a boxed copy of each unit of software and tape the unique license keys to each computer using it.

You'd think it would be that easy, except it isn't. Microsoft will not accept the unique license keys as proof of you having a valid license. That includes the Windows license sticker that's affixed to your computer, or the license key that's printed on the software. All this is is the certificate of authenticity, which verifies that it is a genuine copy of the software. It does not show that you have a license to use that software.

Proof of the license comes in the form of proof of purchase from a valid reseller, who in turn must have proof that they purchased it from a valid distributor. If your reseller sold you an invalid licensed copy, you're on the hook for that. It is up to you to provide valid documentation that the license is valid and was purchased from an authorized reseller.

Re:Ok, so how should it work?

[mattventura]

The problem is that normally what allows the audit to begin with is entering a contract with the software vendor. So if someone strictly pirates everything, theyre at somewhat less risk of an audit than a company that buys some software but pirates here and there. And the "piracy" isn't always intentional - often it's just someone thinking "hey, this feature looks neat, I'll enable it" without realizing you have to pay extra. Could the software vendor just lock down the features you didn't pay for? Sure, but then they wouldn't get to sue your ass off when they discover you've been using a feature you didn't pay for. It could also be someone wanting to make a test environment of something, not realizing they would need more licenses for that. There can also be situations where a license lapses, but the system in question isn't centrally managed enough for someone to know that they need to uninstall some particulra piece of software from it.

It's far from a "make pirates pay up", it's "make everyone who does a rolling stop or goes 1MPH over pay a 4-digit fine".

Thanks, Adobe

[sk999]

The only audit I ever ran into came from Adobe, and it was for some product that I had signed off on the requisition for someone who ended up never using it anyway, but it was still my job to track down the original P.O. Not a huge deal, but it was a waste of a few hours along with accompanying anxiety. My solution to prevent a recurrence in the future: I will never approve a requisition for any product from Adobe ever again.

Two words:

Ernie Ball

I was once an Oracle "guru"

[EmperorOfCanada]

In my distant past I was the guy who would made Oracle things happen for clients. But as I got more and more into dealing with clients I realized that Oracle is just a mean thing to do to people. One interesting part of the Oracle sales process seems to be to delay giving a final price. This way the project is well underway or even done before you present the client with some sticker-shock.

Then there were the prices themselves. I deployed quite a number of systems and could never predict the price. Would it be $30,000 or $300,000.

Then there were the end runs. Once Oracle got ahold of your client they were perfectly happy to see you swapped out and replaced with another consultancy who would slather the entire client with Oracle products. It was bordering on Oracle Doorbell for all your ding-dong needs.

There is no way I would ever use a solution that results in a company like that able to mess with my clients. No Microsoft, no Oracle, no IBM, or SAP.

My favourite is when I have a client who is in the process of throwing them out and they ask, "What will it cost to licence MariaDB." Then when they ask, "Can it handle our Enterprise database?" I will say, "Your $400,000 system has 40,000 rows of data in it. A $25 raspberry Pi could handle your needs." Then they ask about per seat licensing costs. "None." At this point I can see them fishing around in their heads for how they are going to be screwed; suddenly it dawns on them that the screwing is now over. They then go through a list of features that they have built up over time but couldn't afford. When they get the quote for those they pretty much throw up in disgust at how badly they had been treated over the years.

When they put it all together they realise that their previous consultant hadn't been working for them but effectively for a company like Oracle.

It has been over a decade since I dumped everything Oracle and will never go back.

Re:I was once an Oracle "guru"

[irrational_design]

We have been using Oracle (legally) for 15 years, but are in the process of switching to Postgres. Postgres has been such a breath of fresh air after Oracle that we keep asking ourselves why we didn't do this years ago?! I have tons of experience with Oracle, but I honestly can't understand why 99% of Oracles current uses can't use Postgres.

Just say no

An attorney told me that those audit clauses in contracts are effectively unenforceable and you should just refuse to let them audit you.

One of the many reasons we went to Google Apps

[zerofoo]

Boxed software licensing stupidity pushed us into the cloud.

We are a private school, and we got tired of constantly tracking our licensing status. Do we have enough AV seats? Do we have enough Exchange and SQL cals?

Enough is enough.

We put our staff on Mac OS and we put the kids on Chromebooks and Google Apps. Our experience with Microsoft's crazy licensing schemes was one of the reasons we didn't even consider their "cloud" solutions. Yes, an E1 Office 365 is free for schools, but Google Apps and Chromebooks are dead simple and the staff and students really like them.

We kicked Adobe to the curb for the same reasons. The licensing and compliance costs, even for Edu, were absurd.

It's a trap

[dbIII]

As an example, licensed for 800 seats, but using 835

While much of the software used in my workplace has some very annoying licence management software to punish the honest, it at least does not trap people by letting them go into non-compliance so the legal vultures can come in and feast.
If your software allows 835 seats when you are only allowed 800 it's either a deliberate trap or incompetence on the part of the vendor or whoever they have bought their licence management software from.

If seat 801 can start up then someone on the vendor side has fucked up, or it's a trap.

Re:Freedom, not Price

[phantomfive]

Or when people insist you "have to" use an IDE to write code, because more people use them than don't.

My problem with this is when the IDEs become obsolete. I had a project I built for OSX. I didn't touch it for a few years, then came back, and XCode was unable to open it anymore.
I had another project from the same era built with a Makefile. The same makefile still works today. So yeah, I'll be putting in extra effort to avoid IDEs that depend on proprietary file formats in the future.