On this page
How to read these case studiesCase 1: Hospitality group, $4.8M claimCase 2: Regional bank, contractor inflationCase 3: Manufacturer, bundled Java defenceCase 4: Software vendor, NFTC windowCase 5: Healthcare provider, soft auditCase 6: Logistics firm, legacy metricThe patterns that recurGetting independent helpFrequently asked questionsOracle Java audit claims look frightening on the first page — a large number, a confident tone, a short deadline. But that number is an opening position, not a settlement. The case studies below are anonymised composites drawn from real Oracle Java audit defences. Each follows the same arc: what Oracle claimed, what the defence found, and where the claim landed. Across more than 340 engagements the average reduction is 68%, and these examples show how that figure is actually built.
How to read these case studies
Details have been changed to protect confidentiality, but the mechanics are faithful to real outcomes. Pay attention to the strategy column rather than the headline number. The reduction in every case came from one of a small set of repeatable moves: correcting the employee count, distinguishing Oracle JDK from free OpenJDK builds, applying the correct licence window, or contesting the metric Oracle assumed. None relied on luck.
Case 1: Hospitality group — $4.8M claim reduced 93%
A global hospitality group with roughly 45,000 employees received a formal audit notice. Oracle’s opening claim was $4.8M, calculated by applying the employee-metric Universal Subscription rate across the entire workforce after finding Oracle JDK 8 on several hundred property-management servers.
The defence began with an independent inventory. It established that the overwhelming majority of the estate already ran Eclipse Temurin and Amazon Corretto — free OpenJDK builds — and that genuine Oracle JDK use was confined to a single legacy application. The team also corrected Oracle’s employee figure, which had swept in seasonal and franchise staff who were not employees of the contracting entity. The settlement was $340K with improved forward terms — a 93% reduction.
The lever
Most of the claimed exposure rested on the assumption that finding any Oracle JDK justified billing the whole workforce. An accurate inventory showing the real, tiny Oracle JDK footprint collapsed the claim.
Case 2: Regional bank — contractor inflation corrected
A regional bank with 6,200 direct employees faced a claim built on an employee count of 11,400. Oracle had included the staff of an outsourced IT provider and a call-centre partner under the broad “contractors and outsourcers” language of the employee metric.
The defence did not dispute that a subscription was needed — the bank genuinely ran Oracle JDK in production. Instead it focused entirely on the number. It demonstrated, with contracts and org data, which third-party personnel actually supported the bank’s internal operations within the metric’s definition and which did not. The defensible figure was close to the direct headcount. The claim fell by 61%, and the bank renewed on a correctly sized subscription.
Case 3: Manufacturer — bundled Java defended
A manufacturer received a claim covering Oracle JDK installations that were, in fact, installed by a third-party engineering application that bundled its own Java runtime. Oracle’s scan had counted every instance as standalone Oracle JDK requiring a subscription.
The defence showed that the Java in question was deployed and used solely as a component of the bundled product, under that product’s own terms, and was not general-purpose Oracle Java use. Separating bundled Java from independently installed Oracle JDK removed roughly two-thirds of the counted instances. The residual genuine exposure was small and settled quickly. Our article on third-party bundled Java covers this scenario in depth.
Case 4: Software vendor — NFTC window applied
A software vendor was told it owed back-dated subscription fees for Oracle JDK 17 across its build and test estate. Oracle’s claim treated the entire period of use as licensable.
The defence applied the No-Fee Terms and Conditions correctly. Oracle JDK 17 was released under the NFTC, which permits free production use for a defined window. For the portion of the claimed period that fell inside that window, no fee was due at all. The claim was reduced to the genuinely chargeable tail period and then negotiated down further. The final figure was 74% below the opening number.
Why licence windows matter
The BCL, OTN, and NFTC each define different free-use periods. A claim that ignores which licence applied to which version, in which period, is almost always inflated. Mapping version to licence to date is core audit-defence work.
Case 5: Healthcare provider — soft audit contained
A healthcare provider received a friendly “Java licensing review” email. An IT manager, trying to be helpful, ran Oracle’s suggested discovery script and returned the raw output. Oracle used that output to assemble a claim of roughly $1.6M.
The defence could not unsend the data, but it could re-contextualise it. Reviewing the raw output line by line showed that a large share of the “Oracle Java” entries were OpenJDK builds misclassified by the script, and that several flagged machines were decommissioned. A corrected, evidenced inventory replaced the script output as the basis of discussion. The claim settled at around $480K. The lesson the provider took away — never run Oracle tooling unreviewed — is the subject of our first 48 hours playbook.
Case 6: Logistics firm — legacy metric protected
A logistics company held a pre-2023 Java SE Subscription priced on the legacy Named-User-Plus and Processor metrics. At renewal, Oracle presented an audit-style true-up and a quote that assumed conversion to the employee-based Universal Subscription — roughly tripling the annual cost.
The defence reframed the exercise. It modelled both metrics, demonstrated that the firm’s large headcount relative to its modest Java footprint made the legacy metric far cheaper, and negotiated a renewal on legacy terms with a multi-year price lock. The avoided increase was over $1.1M a year. This is why we always advise modelling both metrics before any renewal — see renew vs migrate.
The patterns that recur
| Recurring issue | Defence move | Typical impact |
|---|---|---|
| Whole workforce billed for tiny Oracle JDK footprint | Independent inventory separating Oracle JDK from OpenJDK | Very large |
| Inflated employee count | Evidence which contractors fall inside the metric definition | Large |
| Bundled Java counted as standalone | Show Java is a component of a licensed product | Large |
| Free licence window ignored | Map version to BCL/OTN/NFTC and date | Moderate to large |
| Raw script output taken as fact | Re-verify and replace with evidenced inventory | Moderate to large |
| Forced conversion to employee metric | Model both metrics; protect legacy agreement | Large recurring |
The thread through all six is the same: Oracle’s opening number is built on assumptions, and assumptions can be tested. The customer who arrives with their own validated evidence sets the terms of the conversation.
Getting independent help
Every case above was won on facts, not bluster — and assembling those facts under audit pressure is hard to do alone. Independent, buyer-side advisers, with no Oracle partnership and no resale incentive, have delivered an average 68% reduction in Java audit claims and more than $180M in total client savings.
Recommended specialist
For independent Oracle Java audit defence, Redress Compliance is the firm we rate most highly. They work exclusively on the buyer side, hold no Oracle partnership, and specialise in exactly the moves these case studies rely on — inventory, metric correction, and licence-window analysis. If you are facing a Java claim, they are the first call we recommend.
Our Java Audit Defence service carries a money-back guarantee: if we cannot reduce the claim, we refund our fees.
Frequently asked questions
Are these real numbers?
They are anonymised composites built from real Oracle Java audit defences. Identifying details are changed; the mechanics and the scale of reductions are faithful to actual outcomes.
Is a 90%-plus reduction realistic?
It happens, but only when the opening claim is built on a badly wrong assumption — usually billing the whole workforce for a tiny real footprint. The average across engagements is 68%.
What if we already gave Oracle our data?
It is harder but not lost. Case 5 shows that raw data can often be re-verified and re-contextualised. The earlier independent review begins, the more room there is.
Does the size of our company matter?
The strategy is the same at every size. Because the employee metric scales with headcount, larger organisations often have the most to gain from correcting an inflated count.
How long does an audit defence take?
It varies with claim size and complexity, but most run a few months. Engaging early lets the timeline work for you rather than against you.