Software Audit Blog

Whose Job Is It To Manage Software Licensing?

Over the past few years, there has been a large increase in the number of publisher-initiated software audits. The authority for these audits is often a provision in the end user license agreement which entitles the publisher to audit companies’ installations of the software. Audited companies often spend tens of thousands of dollars responding to the audits. With such costly (and often un-accrued for) liabilities a distinct possibility, the question that is begged to be asked is where does it make sense to apportion this responsibility. In other words, whose job is it to manage audit risk?

Be Wary of All Factors Affecting Potential Exposure in Software Audits

Most businesses that try to plan for software audits and to estimate the potential exposure they could incur in the event of those audits know that the primary cost components of that exposure typically are the prices associated with any licenses they may have failed to acquire. For example, if a company determines it has ten installations of Adobe Acrobat Professional for which it does not own licenses, then the exposure associated with those installations may be estimated as the price of ten licenses for Adobe Acrobat Professional.

ISVs Must Attend to Customer Agreements

Independent software vendors and other companies that distribute third-party software products as part of their proprietary solutions often are predictably good at capturing core business terms in their customer agreements, carefully defining the products and scope of services to be delivered. Unfortunately, far fewer are as reliable about including required, third-party license terms in those agreements, which can make an audit particularly uncomfortable if one of those third parties wants to know about software deployed on end users’ computers. And far fewer still include adequate terms in those agreements to address what happens if an auditor finds licensing discrepancies affecting end-user installations.

Beware the Convenient “Intent” of Software Publishers

Most software license agreements used by major publishers like Microsoft and IBM are in many ways vague with respect to license restrictions and metrics. This leaves licensees in the position of having to interpret the agreements based on whatever guidance may be available from the publisher or, often, simply based on the licensees’ own experience and understanding. Unfortunately, that often lands companies in trouble in the context of an audit.

Don’t Buy Software Twice—Ensure Licenses Come from Authorized Resellers

For many small to medium-sized businesses, software license procurement may involve little more than an Internet search for the lowest price. Budgeting constraints often demand it, and especially in the wake of costly software audits by organizations like the Business Software Alliance (BSA) or the Software & Information Industry Association (SIIA), companies may be bordering on desperate to find the best deal available. Unfortunately, that impulse can lead to trouble if the company ends up giving its money to a vendor that is not authorized to resell valid licenses.

Be Wary of Audit Tools Promoted by Software Auditors

Most companies with more than a handful of computers in their IT environments rely on the results of network-inventory tools to gather the deployment data needed for accurate software audits. Without the tools, a business would be required to assign valuable resources to manually looking at the titles installed on each machine. Therefore, it should not be surprising when a vendor requesting an audit suggests or even requires the use of an automated tool to assist with the discovery process

Software-Audit Compliance Demands Often Include “Fuzzy Math”

In defending against software audits initiated by publishers such as Microsoft or IBM, many businesses make the mistake of assuming that those publishers or their designated auditors know what they are talking about when it comes to determining what licenses need to be purchased in order to achieve compliance. After all, the companies that wrote the license rules certainly know how and intend to apply them fairly, right?

Effective Audit-Response Policies Can Be Vital in Responding to Software Audits

Businesses often have close relationshipswith software vendors, and that close-ness usually is in direct proportion tothe extent and importance of those vendors’ software products in thebusinesses’ network environments. However, despite their best marketingefforts, software vendors’ interests always will remain aligned primarily withtheir own bottom line, and that often means that information shared with themcan and will be used against licensees in future transactions or, worse, in thecontext of an audit.

Compliance Documentation After BSA and SIIA Settlements – Three Top Tips

In a previous post, I introduced the concept of post-settlement compliance following the settlement of audits initiated by the Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA). As noted before, the first step to completing the compliance review process is setting a baseline to determine what software is installed compared to what licenses are owned by the business.

Software Compliance After BSA and SIIA Settlements

Your business has just finished spending the last year of its corporate life responding to a software audit demanded by the Business Software Alliance (BSA) or the Software &Information Industry Association (SIIA). It has devoted substantial time and internal resources in an effort to gather an accurate inventory of software installations, together with all available documentation of license purchases. It also has incurred legal fees in order to obtain counsel regarding the audit process and to protect its rights during settlement negotiations. Management understandably is ready to move on.

Your Adobe Software May Be Phoning Home Without Your Knowledge

Increasingly, software publishers are looking for new tools and processes to assist them in their license-enforcement programs. While such efforts are understandable to a degree, they sometimes can include methods that are somewhat dubious at least from a customer-relations perspective, if not from a legal perspective. One provision from Adobe’s most recent end-user license terms provides a good example. (The full EULA is available here

Accurate Inventory Information Crucial to Audit Outcome

Obvious though it may sound, in almost every software audit the most crucial element contributing to a positive outcome is an accurate inventory of what software is deployed. Unfortunately, far too many businesses faced with an audit end up receiving grossly overinflated compliance-purchase demands, because the inventory data received by the auditors and used to calculate a license position is faulty. Here are three top tips for taming the inventory beast:

Software Audits Increase in 2012: What To Do

The number of software audits requested by software publishers and their trade groups including the Business Software Association (BSA) and Software & Information Industry Association (SIIA) will increase dramatically in 2012.

Can a Laches Defense Help in Defense of Software-Copyright Claims?

Copyright remedies can hurt. A copyright owner can force an infringer to pay damages equal to lost licensing fees and profits derived from infringing activities, or it can opt for an award of statutory damages up to $150,000 per copyrighted work, if the infringement is found to be willful. For many businesses, though, much worse than any of that is the threat of an injunction barring use of a software product, or, outside the context of litigation, simply the loss of a license for software deployed for business-critical purposes. If, for example, your business depends on IBM operating systems, middleware (like WebSphere) and database software (like DB2 or Informix) to deliver your products and services to customers, your loss of licensing for that software can cause a severe disruption to your business, if not the end of your business altogether. IBM in particular knows this, and it will not hesitate to use this fact as leverage in the event of an audit.

Supreme Court Allows Pro-Autodesk Decision to Remain Intact in Ninth Circuit

On October 3, 2011, the U.S. Supreme Court declined a request to grant certiorari in the case of Vernor v. Autodesk, in which the Ninth Circuit found that Autodesk could use copyright law to prevent an eBay user from re-selling its software products via the popular auction site. The Supreme Court’s refusal to hear the case means that, at least in the Ninth Circuit, software publishers like Autodesk may continue to seek injunctions and other remedies against those who attempt to distribute copies of a copyrighted software product without a license.

Online Software Purchases – The Good, The Bad and The Ugly

Businesses understandably want to reduce both the time spent shopping for software licenses and the amount to be paid to acquire those licenses. However, efforts to minimize license spends online can have negative unintended consequences. If you are shopping at a software publisher’s own online marketplace (such as Adobe’s or Autodesk’s stores), then you usually can rest assured that you at least have the tools available to purchase the correct kind and quantity of genuine licenses. However, the pricing available at those stores often is higher than the pricing available through third-party resellers.

Who Gets Sued for Software Compliance Violations?

A recent Northern District of Idaho case should shed some light on how to apportion legal liability for copyright infringement damages related to business software usage. In Brasher’s vs. The Software & Information Industry Association, Adobe, Corel, McAfee, Symantec, Idaho Auto Auction, ADP, and Robert Gillespie, plaintiff Brasher’s, the target of an SIIA software audit, filed suit asking the court to determine who is legally responsible for unlicensed software found on its computers during the audit.

Responding to a License Review Request from Oracle License Management Services

As with many software publishers, Oracle seems to be making a push to audit their customer base in search of revenue streams arising from licensing deficiencies. However, Oracle usually does not like to use the word “audit” and instead tends to ask its customers to engage in a “license review,” courtesy of the Oracle License Management Services (LMS) division. LMS generally requests that a customer fill out a Server Worksheet, which is essentially an overview of the company’s Oracle deployments.

BSA Settlement a Reminder of Licensing Requirements for Hosting and Development

The Business Software Alliance (BSA) announced on March 28 that it had reached a $100,000 settlement with an advertising agency in Melbourne, Australia, based on the firm’s allegedly unlicensed use of BSA-member software products. However, unlike the majority of BSA settlements, which typically involve claims that a business has more installations of a particular product than its documented licenses permit, this case apparently included allegations that the company “was insufficiently licensed for its development environment and not properly licensed to provide hosting services for its customers.”

Attachmate Customers Should Prepare for Audit Demands

Businesses deploying software published by Attachmate Corporation should strongly consider making an effort now to review their license-compliance status. Attachmate is a major player in markets for various IT-infrastructure software solutions, and it has demonstrated its willingness to pursue litigation in support of its copyright-enforcement interests. For example, in April 2008, Attachmate pursued and reached a $1.1 million settlement with the State of Montana after an audit revealed unlicensed software use on state-owned computers.

Unauthorized Software: Costly to Your Bottom Line

The Business Software Alliance (“BSA”) and Software & Information Industry Association (“SIIA”) pursue copyright infringement claims against companies accused of installing unauthorized copies of software. Typically, the BSA and SIIA send letters to businesses and request audits of their computer systems.

Adopting Software Use Policies to Protect Against Copyright Infringement Claims

The Business Software Alliance (“BSA”), and the Software & Information Industry Association (“SIIA”) pursue copyright infringement claims on behalf of software publishers, such as Microsoft, Adobe, and Autodesk, among many others. Typically the BSA and SIIA send audit letters to companies believed to be using unauthorized copies of software products. In their letters, they demand that the target companies conduct an internal audit of all computers they own to determine whether the auditing entities’ members’ software products are properly licensed.

Effective Dates in Software Audits are Critically Important

Businesses that receive software audit demand letters from auditing entities such as the BSA or SIIA, or from software companies like Autodesk or Microsoft, often contend they cleaned up their network after receipt of the letter and should be released from any further obligation to conduct an audit or communicate with the auditor. Audited business should keep in mind, however, that the auditing entities typically are focused only on the targeted businesses’ software license-compliance status as of the audit effective date – the date on the first letter those entities send to a targeted business. The auditing entities usually will seek confirmation that the businesses were compliant on the effective date, and on no other date.

Businesses Turn to Open Source Software After Software Audits

The Software & Information Industry Association (SIIA) and the Business Software Alliance (BSA) routinely sends letters to businesses on behalf of many software publishers, including Microsoft, to investigate potential copyright infringement claims based on allegedly unlicensed software. The software audit process can be long and expensive, in part due to the fact that the SIIA and BSA typically require a targeted company to produce dated proofs of purchase for licenses for every software product installed on its computers as of the effective date of the audit, regardless of how many years have passed since the license purchase. Although the IRS generally requires businesses to maintain records for only seven years, the SIIA and BSA allow no such limitation in demanding invoices or receipts for all software license purchases. Businesses often are unable to find the documentation for the purchase of each product, which typically results in a higher payment demanded by the SIIA or BSA to settle the matter.

Consult with Counsel for SPLA Audits

Microsoft’s Services Provider License Agreement (“SPLA”) is a popular licensing framework for businesses delivering hosted or rented software solutions to their customers. However, as with many software license agreements pertaining to resale or other business channel partnership programs, the SPLA typically includes audit rights language giving Microsoft the ability to review a SPLA partner’s records regarding software deployments and entitlements and to demand compensation – usually at a mark-up over standard reseller pricing levels – for any deployments found to be excess of the business’ past monthly SPLA reporting.

Judge Rejects Copyright Damages Compilation Components

In Nature’s Enterprises, Inc. v. Pearson (2010), the U.S. District Court for the Southern District of New York rejected Nature’s Enterprises (“NEI’s”) request for damages for each component part of a compilation. NEI had alleged that Pearson infringed ten of NEI’s copyrighted DVD movies, of which two comprised compilations of films copyrighted by NEI. NEI requested $10,000 for each of the 10 DVDs and $750 for each of the 45 clips contained in the two compilation DVDs.

Costly Software Audit Mistakes

The Business Software Alliance (“BSA”) and the Software & Information Industry Association (“SIIA”) are organizations that represent software publishers seeking to enforce the copyrights in the products they publish. In furtherance of this goal, these entities routinely send letters to businesses they believe may be infringing their members’ copyrights by failing to satisfy the requirements of applicable software license agreements. In the letter, the BSA and SIIA request audits of all member software products installed on all computers and servers owned by the targeted businesses.

Another Court Ruling Against Autodesk in Software Dispute

Many businesses that use software published by Autodesk are familiar with the company’s vigorous copyright enforcement program. Autodesk is one of the most active software publishers when it comes to threatening litigation over allegedly unlicensed use of its well-known computer-aided design products, such as AutoCAD, and it regularly targets businesses of all sizes demanding costly and distracting audits and settlements, often based solely on the word of unidentified informants.

Responding to an Autodesk Audit

The BSA and SIIA are not the only organizations pursuing business for software copyright infringement. Though it is a member of both the BSA and SIIA, Autodesk, which manufactures the popular design software AutoCAD, often pursues audit targets on its own.

Types of Audits in Software License Disputes

A variety of resolution frameworks are available to businesses involved in a software license dispute. An audit is the most common such framework and entails an analysis of the organization’s network for software installations compared against its licenses. The types of audits initiated by software publishers and trade associations include self audits, independent audits, software asset management (“SAM”) engagements, and publisher-staffed audits.

Software Piracy Penalties

Software Piracy penalties are sums collected by software publishers and their trade groups such as the BSA and SIIA in connection with software piracy audit activity.

Software Piracy

Software piracy audits conducted by the BSA and the SIIA threaten small and medium sized businesses. As the economy tightens, software publishers such as Microsoft, Adobe, and Autodesk hide behind software piracy enforcement groups to pursue customers accused of installing more software on corporate computers than they have purchased licenses for.

Business Software Alliance Report by ABC News

Mitigating Negative Publicity from Software Audits

The Business Software Alliance (BSA) recently announced that it entered into a settlement agreement with a small-to-medium-sized motor sports dealer and equipment supplier in Greenville, South Carolina, regarding the dealer’s alleged use of unlicensed, Adobe and Microsoft software. The BSA said that under the settlement, the targeted dealer, which apparently owns only 40 to 50 computers, was required to make a settlement payment of slightly more than $72,000.00 and also to agree “to delete all unlicensed copies of software installed on its computers, acquire any necessary replacement licenses and commit to implementing stronger software license management practices.”

What Constitutes a “Copy” of Software Under Copyright Law?

Software auditors almost always try to find ways to maximize the number of allegedly infringing software “copies” at issue in an audit engagement. It is typical for the Business Software Alliance (BSA), the Software & Information Industry Association (SIIA), and other software publishers to demand that their small-to-medium-sized business targets disclose all installations of relevant software products on all of the computers owned by the target, which number the auditors then use in determining how much money they are going to demand in settlement to keep the matter from going to court.

BSA Ramping Up Piracy Campaign

The Business Software Alliance (“BSA”), a trade association representing a number of software publishers, is launching a new campaign to attract would-be informants to its reward program. The BSA’s new Know it / Report it / Reward it campaign will attempt to attract a larger number of informants through a coordinated effort involving online advertisements, radio advertisements, research reports, and other tools.

Responding to Autodesk Audits

Autodesk Audit: The Importance of Serial Numbers

In many software audits, the auditing entity like the Business Software Alliance or the Software & Information Industry Association requires a dated proof of purchase to demonstrate when a license for a software product was acquired. However, in audits initiated by Autodesk, the serial number can play a crucial role in demonstrating ownership.

When to Buy vs. Uninstall in Software Audits

One of the most common mistakes I encounter in software audits is what I call the post-effective date software buying spree. The buying spree occurs in response to a letter from a publisher or publisher's attorneys requesting a self audit. Many clients are discouraged to learn that software purchases made after the date of the initial letter have no impact in a software audit matter. For this reason, I advise my clients against scrambling to acquire software in response to a software audit.

Unbundling Software Suites in Software Audits

One of the most controversial tactics the software policing agencies use when calculating its settlement demands is its practice of unbundling software suites such as Microsoft Office and Adobe Creative Suite. Unbundling occurs when the target of an agency audit is unable to provide acceptable proof of purchase for one or more installation of a software suite.

Software Audit Time Line

One of the top ten questions asked by my clients is “How long does the self-audit process take from start to finish?” Of course I give the standard lawyer answer: it depends. Here are the steps to a typical software audit.

Common Mistakes in Software Audits

The most common mistake we encounter in software audits is the failure to compile and produce accurate installation information. Like all technology projects, collecting the information to produce in response to a request for an audit can be very complicated and time consuming.

Eight Software Asset Management Predictions For 2008

2007 was an exciting and dynamic year for the software asset management industry. As we enter a new year, the software industry will continue to evolve. Here are my predictions for what will happen in 2008.

License Ambiguities in Software Audits

Without a contractual provision to the contrary, ambiguous terms in a software license will be construed against the software publisher. Provided that there are no other business factors that would make litigation unwise, an ambiguous license agreement is the situation most likely to lead to litigation.

Upcoming Events

CAUCUS IT Procurement Summit

More Events

Recent Projects

Bay area IT services firm retains Scott & Scott, LLP to defend a Microsoft licensing dispute.
Texas oilfield service company selects Scott & Scott, LLP to defend Autodesk audit.
New York City architecture and design firm hires Scott & Scott, LLP to defend Autodesk audit.
Award winning architectural firm chooses Scott & Scott, LLP to defend Autodesk audit.
California architectural firm retains Scott & Scott, LLP to defend Autodesk audit.
Global private club management company selects Scott & Scott, LLP to advise regarding Oracle licensing.
National title agency hires Scott & Scott, LLP to defend Microsoft SAM audit.
Social media technology company chooses Scott & Scott, LLP to defend BSA audit.
Global financial services company retains Scott & Scott, LLP to advise regarding Microsoft Enterprise Agreement renewal.
Global insurance company selects Scott & Scott, LLP to defend Microsoft SAM audit.

Other Blogs

Upcoming Events

Recent Projects