Software licensing has always been tricky but today there are many new risks to guard against.
At Data Summit 2022, Dr. Michael Corey, chief operating officer, LicenseFortress, and Don Sullivan, senior product line marketing manager & chief of staff for Business Critical Applications, Cloud Infrastructure Business Group (CIBG), VMware, presented a session on the rise of software license trolls and simple steps to take to ensure your organization is not their next victim.
Founded in 2014, LicenseFortress provides services to help companies and organizations take control of their software licensing.
According to Corey and Sullivan, the issue of patent trolls who employ litigation tactics as a business model was addressed by the Obama administration in 2013 when it said that in the last 2 years, the number of lawsuits brought by patent trolls had nearly tripled, and accounted for 62% of all patent lawsuits in America. They added that the victims of patent trolls paid $29 billion in 2011 a 400% increase from 2005, not to mention tens of billions of dollars more lost in shareholder value.
Similarly, according to Corey and Sullivan, software license trolls are on the rise and audits are getting more expensive. According to Gartner 68% of enterprises get at least one audit request each year and that number has climbed since 2009. Moreover, an audit can be expensive. Corey and Sullivan cited data from a Flexera report showing that in the last 3 years, 15% of companies paid between $1 million and $5 million in costs and penalties resulting from an audit, and 9% paid more than $5 million.
Corey and Sullivan said that software license agreements are often complicated, and compliance is becoming more challenging, meaning that software users may—despite their best efforts—actually not be in compliance.
Non-compliance is being exacerbated by fluctuating rules and conditions in agreements, the fact that vendors are constantly upgrading and changing their controlling agreements, and the rise of “clickwrap” replacement contracts through which employees may inadvertently accept new terms.
All software vendors have the right to audit your use of their software, and failure to comply with an audit can result in termination of your license, they emphasized.
Requirements for audits may include the mandatory running of scripts, threat of license termination, strict confidentiality provisions, and is a process that exists outside the court system.
Even in a civil copyright case, said Corey and Sullivan, it is the burden of the copyright user to show that it had the right to use it the way it the way it did. For copyrighted software use, this means that not only must the user have a valid license, but the use case must fall within the license terms.
Corey and Sullivan offered advice to organizations facing an audit situation such as choosing one employee as the single point of contact for all information requests, and to prevent audit creep by limiting the scope of access to their systems to what is strictly necessary.
The annual Data Summit conference returned in-person to Boston, May 17-18, 2022, with pre-conference workshops on May 16.
Many Data Summit 2022 presentations are available for review at www.dbta.com/DataSummit/2022/Presentations.aspx.