Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Businesses Software The Almighty Buck Government IBM Open Source Oracle News Technology

Software Audits: How High-Tech Software Vendors Play Hardball (infoworld.com) 162

snydeq writes: InfoWorld's Dan Tynan offers an inside look at how high-tech software vendors such as Adobe, Oracle, and IBM play hardball over software licensing, pushing customers to "true up" to the tune of billions of dollars per year -- and using the threat of audits as a sales tool to close lucrative deals. "When it comes to software audits, the code of omerta prevails," Tynan writes. "It's not a question of whether your organizations' software licenses will get audited. It's only a question of when, how often, and how painful the audits will be. The shakedown is such a sure thing that nearly every customer we contacted asked us to keep their names out of this story, lest it make their employers a target for future audits."
This discussion has been archived. No new comments can be posted.

Software Audits: How High-Tech Software Vendors Play Hardball

Comments Filter:
  • by Anonymous Coward on Monday April 25, 2016 @05:01PM (#51985793)

    several times as many CALs as have employees, we're moving what we can to Linux.

  • by Anonymous Coward on Monday April 25, 2016 @05:01PM (#51985801)

    The only audits of open source software are to remove bugs. Ditch proprietary software and this isn't an issue.

  • Freedom, not Price (Score:5, Insightful)

    by Aighearach ( 97333 ) on Monday April 25, 2016 @05:04PM (#51985823) Homepage

    This is why I only use FLOSS software in my business, and why I don't care which Free/Libre/Open license it is.

    Freedom means some external entity can't interfere or try to pull the rug out. I have what I have, I know what it is, and nothing will change unless I accept change.

    • This is why I only use FLOSS software in my business, and why I don't care which Free/Libre/Open license it is.

      What do you use for accounting/bookkeepping/taxes?

      • [same as before computers but]... on a computer.

        They don't have a special doohickey that enables those things. Though spreadsheets are pretty awesome compared to a ledger and a calculator.

        • [same as before computers but]... on a computer.

          Using a spreadsheet may be okay if you are a one person business or a Mom & Pop shop. We use Quickbooks, and it pays for itself with just the end-of-month bank reconciliation (a few seconds with the software, half a day for a human). Other than accounting and tax software which runs on a single dedicated Windows box, we are completely FLOSS. We tried GnuCash, but it is missing many crucial features, and even worse, the developers consider it "done" and are not open to suggestions for improvement. Pl

          • forking gnucash is silly, that is personal budget software, not resource management.

            There are indeed other ways of doing things than buying proprietary software licenses. This idea that we're crippled is absurd.

            If your software license works for you, nobody is asking you to switch.

          • "Using a spreadsheet may be okay if you are a one person business or a Mom & Pop shop."

            I did the accounting for a club with about 25 members for a couple of years. In a spreadsheet. Every year when I needed to close the books, I found myself sitting behind the screen until 3am because the numbers were not consistent, due to spreadsheet errors (inserted row that messed up cell ranges in formulas) and all the special cases of bills that were paid in a different year than the invoice date.

            I shudder if I th

      • I own and operate a small business and I do my accounting with the Libreoffice spreadsheet. I print the spreadsheets out at the end of each year and give them to my accountant.

        Nothing much to it, really.

      • Sorry to reply twice, but I wanted to tell a funny short story about my taxes this year.

        I decided to use one of the "free" options other than the fillable forms... big mistake! I went through their whole step by baby-step process, in the end provided the exact same information as the real form, in the same order, was asked a question in every place where the instructions instruct me to do one thing or another, and at the very end right before submitting it they pissed me off so bad with their bait-and-switc

  • by ShooterNeo ( 555040 ) on Monday April 25, 2016 @05:07PM (#51985833)

    Software is immensely expensive to create. The bigger, real world systems actually in use cost a fortune in real money to create because the bigger and more complex they get, the more people are needed to try to increase productivity by increasingly small percentages.

    The money has to come from somewhere. If companies can't pay their programmers, the software stops being made. The open source model is an alternative in SOME cases - but not all.

    Software is pathetically easy to steal. Somehow the companies making the software need to get paid. Going after individual thieves is a waste of time, but targeting corporations with deep pockets makes perfect sense.

    Sue Joe Smoe for ripping off Microsoft Office, and you won't recover enough to pay your lawyers and the fees to file the lawsuit. Sue Exxon because they paid for 1000 copies of Office but used 10,000, and they will be able to pay any court judgement. You can ask the courts for your legal fees, the cost of the software they stole, and compensation for your trouble.

    Not see what is unfair or unjust about this. The "hardball" tactic described here is to find companies that are stealing software, and offer them this "true up" deal. This is just a pre-lawsuit bargain - they pay a lot less than they would pay if there were a court judgement, you get your money now. Sounds fair and reasonable to me.

    If companies don't want to face this risk, they can use open source software. Oh, it costs them more to have an in house programmer staff to customize the software for their needs? (since open source stuff tends to be a bit rough around the edges) Then pay the damn commercial license fees, and buy a few more than you need just to be on the safe side.

    • by Anonymous Coward

      The open source business model works just fine. Companies like IBM and Redhat use it with no problem. The source is open and free, but they make money by selling complete systems and providing support. Those things are valuable enough to businesses to pay for. There are a lot of corporate contributions to open source software as as result. It's in the interests of those businesses to maximize the quality of the software so more people purchase support and enterprise systems.

      • Yes, but for companies who steal commercial software, how else SHOULD it work?

        Companies who have the choice of paid open source, free open source, and commercial software still extremely frequently choose commercial. Must be a reason.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Not see what is unfair or unjust about this. The "hardball" tactic described here is to find companies that are stealing software, and offer them this "true up" deal.

      Except in many cases, that isn't at all how it works.

      Someone will send an anonymous "tip" that a company is using unlicensed software. Often this is a disgruntled employee or ex-employee. Hell, BSA has been running ad campaigns on Facebook for a while now encouraging people to report companies in exchange for the possibility of a small reward.

      The software companies (Or BSA on their behalf) will start hassling the reported companies, whether or not it is true. This leads to either a voluntary audit of their

      • Except in many cases, that isn't at all how it works.

        Someone will send an anonymous "tip" that a company is using unlicensed software. Often this is a disgruntled employee or ex-employee. Hell, BSA has been running ad campaigns on Facebook for a while now encouraging people to report companies in exchange for the possibility of a small reward.

        The software companies (Or BSA on their behalf) will start hassling the reported companies, whether or not it is true. This leads to either a voluntary audit of their licenses (Which still costs quite a bit in time and effort) or legal action. Every instance I've heard of companies going through with the voluntary audit has had the companies threatened with having trivial, honest mistakes punished with large fines and legal action. It's a losing proposition for them, even if they've done nothing wrong, or have small technical issues with their licensing that they've made a good faith effort to have in compliance.

        It is a complete shakedown.

        It wasn't like that in my experience 15 years ago. I was a disgruntled employee, I sent an anonymous tip to BSA.org, but nobody showed up at my company.

    • As software technical support on various corporate products, we take notes on everything, but if it isn't relevant to the issue, we tend not to care.
      As such, I've had plenty of people freak out because when talking to me they realized they are using a few more seats than they have licenses for. As an example, licensed for 800 seats, but using 835. It just goes in the notes that 835 are in use so any techies working with them know what they have to look at.
      On the other hand, if you get situations where someb
      • It's a trap (Score:5, Interesting)

        by dbIII ( 701233 ) on Monday April 25, 2016 @08:13PM (#51986749)

        As an example, licensed for 800 seats, but using 835

        While much of the software used in my workplace has some very annoying licence management software to punish the honest, it at least does not trap people by letting them go into non-compliance so the legal vultures can come in and feast.
        If your software allows 835 seats when you are only allowed 800 it's either a deliberate trap or incompetence on the part of the vendor or whoever they have bought their licence management software from.

        If seat 801 can start up then someone on the vendor side has fucked up, or it's a trap.

        • by Lehk228 ( 705449 )
          it should not prevent seat 801, or even 8001 from starting, but it should make lots of noise about the problem (splash warning on every excess startup) if a piece of software is critical for a business to function, a wise customer will look elsewhere if the license server going sideways can bring operations down.
          • Getting sued for starting up seat 801 and violating the licence can do a lot more than temporarily "bring operations down" - and if not starting up seat 801 can even temporarily "bring operations down" or come remotely close to it then there is a long chain of serious fuckups leading to that point.

            I'm not a fan of restrictive commercial software but I don't see a circumstance where your excuse would hold water with the vendor. If you haven't paid for it and the condition for using it is paying for it - th
            • The nicest setup allows 801 (and by that I mean *legally* allows), but notifies you that you've got seven days grace, after which you'll only be able to run 800. If you want to maintain access to these extra licenses, click here / phone this number and have a chat with the vendor.

    • by sjames ( 1099 )

      It wouldn't be so bad if they could tell you exactly how many of what license you need and then not change their minds during a disruptive audit. It's quite hard to guess what licenses they may require you to have from day to day.

      • Then buy a boxed copy of each unit of software and tape the unique license keys to each computer using it. I'm just saying, if you really want to be above reproach, you can do this. Try to pinch pennies and get exactly the bare minimum licenses you need? Well, this is a risk you take.

        • by Anonymous Coward on Monday April 25, 2016 @06:45PM (#51986353)

          Then buy a boxed copy of each unit of software and tape the unique license keys to each computer using it.

          You'd think it would be that easy, except it isn't. Microsoft will not accept the unique license keys as proof of you having a valid license. That includes the Windows license sticker that's affixed to your computer, or the license key that's printed on the software. All this is is the certificate of authenticity, which verifies that it is a genuine copy of the software. It does not show that you have a license to use that software.

          Proof of the license comes in the form of proof of purchase from a valid reseller, who in turn must have proof that they purchased it from a valid distributor. If your reseller sold you an invalid licensed copy, you're on the hook for that. It is up to you to provide valid documentation that the license is valid and was purchased from an authorized reseller.

        • by sjames ( 1099 )

          Above and beyond what AC said, you can also get in trouble if you install any web based services or similar.

    • by mattventura ( 1408229 ) on Monday April 25, 2016 @06:52PM (#51986391) Homepage
      The problem is that normally what allows the audit to begin with is entering a contract with the software vendor. So if someone strictly pirates everything, theyre at somewhat less risk of an audit than a company that buys some software but pirates here and there. And the "piracy" isn't always intentional - often it's just someone thinking "hey, this feature looks neat, I'll enable it" without realizing you have to pay extra. Could the software vendor just lock down the features you didn't pay for? Sure, but then they wouldn't get to sue your ass off when they discover you've been using a feature you didn't pay for. It could also be someone wanting to make a test environment of something, not realizing they would need more licenses for that. There can also be situations where a license lapses, but the system in question isn't centrally managed enough for someone to know that they need to uninstall some particulra piece of software from it.

      It's far from a "make pirates pay up", it's "make everyone who does a rolling stop or goes 1MPH over pay a 4-digit fine".
      • Could the software vendor just lock down the features you didn't pay for? Sure, but then they wouldn't get to sue your ass off when they discover you've been using a feature you didn't pay for.

        Intentionally delaying legal action is called "laches" and can limit the damages that a plaintiff can collect.

  • Thanks, Adobe (Score:5, Interesting)

    by sk999 ( 846068 ) on Monday April 25, 2016 @05:18PM (#51985905)

    The only audit I ever ran into came from Adobe, and it was for some product that I had signed off on the requisition for someone who ended up never using it anyway, but it was still my job to track down the original P.O. Not a huge deal, but it was a waste of a few hours along with accompanying anxiety. My solution to prevent a recurrence in the future: I will never approve a requisition for any product from Adobe ever again.

  • VMware has a software audit clause in all their license agreements, all the way down to the VMware Player.

    Don't use VMware; It's just not worth it.

    • That's one of the reasons I switched to VirtualBox. The other reason was that VMWare pushed me to a new version that would not work on my upgraded Mac unless I paid again to upgrade the VMWare license. It's been on the shelf ever since :-)

    • by swb ( 14022 )

      I think VMware is actually pretty generous with their licensing terms. I don't think their licensing is *inexpensive*. But every fresh install of VMware and most major version upgrades (eg, 5.5 to 6) enable ALL features for something like 60 days. And AFAIK, they don't do any phoning home for license verification.

      A common license used in SMB is their Essentials Plus, which doesn't give you storage vMotion. Many is the time where a customer has upgraded storage/servers and versions simultaneously and I

  • Two words: (Score:3, Interesting)

    by Anonymous Coward on Monday April 25, 2016 @05:58PM (#51986113)

    Ernie Ball [cnet.com]

  • I did some work for a local government and Microsoft went back and forth with me on licensing. They wanted photos of all 75 computers product keys to prove they had OEM licenses for Win 7 Pro. Those that didnt have were covered by about 30 Windows 8 licenses I purchased with downgrade rights (Same price as Windows 7 and we dont use Windows 8). It went back and forth about 4-5 times and he really haggled over the most minute workstation licenses. I had sent proof on multiple occasions and they couldnt ev
    • the most minute workstation licenses

      I don't understand what that means. Was the OS on that workstation licensed, or not? Is that more or less of a license than the one needed on another (bigger?) workstation?

  • Because if you actually pay for the licenses that the people who create the software you want say you need to buy if you want to use the things they've created, it's a non-issue. How is it a "shakedown" to require people who want your product to act according to the agreement required before they can use it? Is it a "shakedown" when you order three sandwiches and the chef asks you to actually pay for all three, instead of one? If you work 40 hours and expect your employer to pay for all of those hours, per
    • Re: Phony FUD story. (Score:2, Informative)

      by Anonymous Coward

      I agree.

      But, having done many myself, what actually happens is that the Chef will try charging you for 6 sandwiches. You will say, hey, look, I only got 3. And he will say, prove it. So you have to measure your feces to prove it is only the weight 3 sandwiches would produce. He will then reply, maybe you are constipated, so that isn't proof. You then take a laxative, and show him that your bowels were empty, and indeed only received 3 sandwiches. He will then agree over the phone, and send you an upda

  • by EmperorOfCanada ( 1332175 ) on Monday April 25, 2016 @06:47PM (#51986363)
    In my distant past I was the guy who would made Oracle things happen for clients. But as I got more and more into dealing with clients I realized that Oracle is just a mean thing to do to people. One interesting part of the Oracle sales process seems to be to delay giving a final price. This way the project is well underway or even done before you present the client with some sticker-shock.

    Then there were the prices themselves. I deployed quite a number of systems and could never predict the price. Would it be $30,000 or $300,000.

    Then there were the end runs. Once Oracle got ahold of your client they were perfectly happy to see you swapped out and replaced with another consultancy who would slather the entire client with Oracle products. It was bordering on Oracle Doorbell for all your ding-dong needs.

    There is no way I would ever use a solution that results in a company like that able to mess with my clients. No Microsoft, no Oracle, no IBM, or SAP.

    My favourite is when I have a client who is in the process of throwing them out and they ask, "What will it cost to licence MariaDB." Then when they ask, "Can it handle our Enterprise database?" I will say, "Your $400,000 system has 40,000 rows of data in it. A $25 raspberry Pi could handle your needs." Then they ask about per seat licensing costs. "None." At this point I can see them fishing around in their heads for how they are going to be screwed; suddenly it dawns on them that the screwing is now over. They then go through a list of features that they have built up over time but couldn't afford. When they get the quote for those they pretty much throw up in disgust at how badly they had been treated over the years.

    When they put it all together they realise that their previous consultant hadn't been working for them but effectively for a company like Oracle.

    It has been over a decade since I dumped everything Oracle and will never go back.
    • by irrational_design ( 1895848 ) on Tuesday April 26, 2016 @12:04AM (#51987523)

      We have been using Oracle (legally) for 15 years, but are in the process of switching to Postgres. Postgres has been such a breath of fresh air after Oracle that we keep asking ourselves why we didn't do this years ago?! I have tons of experience with Oracle, but I honestly can't understand why 99% of Oracles current uses can't use Postgres.

      • The reason is that I could probably find 1000 white papers that would fear monger about either open source being a security risk "The source code has been leaked to hackers." or something along the lines of "Good luck without enterprise support." as if this means that a bug found in Oracle tonight will be fixed just for you by tomorrow.

        The few times I ever called Oracle were disappointments, and pretty much all my support was from google searches. With MariaDB, Postgres, etc my support is from google sear
      • Postgres wasn't very good 15 years ago.

        It's a great solution now tho -- it's come a long way.

    • My favourite is when I have a client who is in the process of throwing them out and they ask, "What will it cost to licence MariaDB." Then when they ask, "Can it handle our Enterprise database?" I will say, "Your $400,000 system has 40,000 rows of data in it. A $25 raspberry Pi could handle your needs." Then they ask about per seat licensing costs. "None." At this point I can see them fishing around in their heads for how they are going to be screwed; suddenly it dawns on them that the screwing is now over. They then go through a list of features that they have built up over time but couldn't afford. When they get the quote for those they pretty much throw up in disgust at how badly they had been treated over the years.

      I'll bet it feels really good to help a client like that switch.

  • Just say no (Score:2, Interesting)

    by Anonymous Coward

    An attorney told me that those audit clauses in contracts are effectively unenforceable and you should just refuse to let them audit you.

  • by zerofoo ( 262795 ) on Monday April 25, 2016 @08:05PM (#51986723)

    Boxed software licensing stupidity pushed us into the cloud.

    We are a private school, and we got tired of constantly tracking our licensing status. Do we have enough AV seats? Do we have enough Exchange and SQL cals?

    Enough is enough.

    We put our staff on Mac OS and we put the kids on Chromebooks and Google Apps. Our experience with Microsoft's crazy licensing schemes was one of the reasons we didn't even consider their "cloud" solutions. Yes, an E1 Office 365 is free for schools, but Google Apps and Chromebooks are dead simple and the staff and students really like them.

    We kicked Adobe to the curb for the same reasons. The licensing and compliance costs, even for Edu, were absurd.

  • When I first saw the title of this article, I thought it might be about software vendors auditing their software for bugs and deficiencies. Silly me! Of course, bugs and deficiencies don't matter - the legal small print has all that covered. No liability, whatever happens.

    No, the software audits are all about customers paying full whack for every single copy of the software - whether it works or not.

  • If you assume that many organizations violate software licenses for a variety of reasons -- either outright dishonesty, poor record keeping or something else -- I wonder how often this gets used for workplace revenge by disgruntled employees?

    I would expect the dishonest employer factor and the disgruntled employee factor to correlate pretty well.

You don't have to know how the computer works, just how to work the computer.

Working...