Choose an Oracle audit defense firm on script discipline and closed-file evidence: whether it controls what Oracle’s collection tooling measures and discloses, and how many reviews it has carried from notice letter to commercial settlement. This guide explains how Oracle’s review machinery works, who defends buyers and on what terms, what to ask candidates and how the work is priced — it names no firms; see the firms that do this work →
Published 30 April 2026 · Last reviewed 14 May 2026
Oracle operates one of the longest-running license review programs in enterprise software, today under the GLAS banner (Global Licensing and Advisory Services, the successor to LMS). A formal review arrives as a notice letter under the audit clause of your Oracle Master Agreement — commonly with around 45 days before fieldwork — and proceeds through data collection, findings, and a resolution discussion. Alongside the formal track runs a softer one: sales-led compliance outreach, most visibly the Java licensing campaign, where an email asking about your Java estate carries no contractual force but plenty of commercial intent. Both tracks deserve a managed response, because both end in the same place: a number, and a negotiation.
What makes Oracle defense its own discipline is where the findings come from. Oracle’s collection scripts read deployment history, not just current state — database options and management packs count as used if the feature was ever enabled, and Partitioning, Diagnostics Pack or Tuning Pack switched on by a DBA years ago surfaces as a finding today. Metric interpretation does the rest: Processor counts under the core factor table versus Named User Plus minimums, and above all the virtualization question, where Oracle’s soft-partitioning position rests on a policy document that is not part of most contracts. A defense firm earns its fee by controlling what runs and what leaves — reviewing script scope before execution, validating outputs before disclosure — and by separating contractual obligations from policy assertions in the findings.
The endgame is commercial. Oracle reviews characteristically resolve into purchases, cloud commitments on OCI, ULA entries or renewals, or restructured support — not courtrooms. Your defense firm therefore needs two registers: the technical one that shrinks the finding on evidence, and the negotiation one that shapes whatever survives into terms you would have considered on their merits.
This guide is general information about selecting an audit defense firm for an Oracle estate, not legal advice for your dispute. Audit defense is one of seven services in this directory. The Oracle firm directory lists providers with balanced pros and cons — listed, not ranked.
1. How many Oracle reviews have you closed in the past three years — formal GLAS audits and sales-led approaches separately — and in how many were you engaged before any scripts had run?
2. What is your protocol for Oracle’s collection scripts: scope review, controlled execution, output validation — and who decides what is disclosed?
3. We run Oracle on VMware. How have you argued the soft-partitioning question, and what did the closes actually look like?
4. Where do you expect our findings to concentrate — options and packs, Processor versus NUP, Java — based on what we have told you about the estate?
5. Describe a settlement you steered away from a back-license purchase and into a structure the buyer preferred. What did Oracle get, and what did the buyer avoid?
6. Does your firm or any affiliate resell Oracle, hold Oracle partner status, or deliver Oracle-commissioned review work? How are the walls enforced?
7. Who works our file day to day, and is the same team in the room for the settlement discussion?
8. If the data shows genuine material under-licensing, how does your approach change — and at what point do you bring counsel in?
The cross-vendor interview script is the foundation guide 20 questions to ask; the candidate’s answers to questions 3 and 5 are where Oracle-specific experience either shows up or does not.
Capability and conflict are separate questions; the table states both factually.
| PROVIDER TYPE | WHAT IT BRINGS TO AN ORACLE REVIEW | THE TRADE-OFF TO WEIGH |
|---|---|---|
| Independent licensing boutique | Oracle defense as core trade, often staffed by ex-LMS/GLAS auditors; deepest bench on script behavior, options history and metric disputes | Smaller teams — verify capacity for your timeline, multi-country reach and who personally runs your file |
| Software licensing law firm | Privilege over internal findings; contract-versus-policy argument is legal home turf; settlement drafting and escalation weight | Most findings are data disputes first — counsel without Oracle metric depth needs a technical partner alongside |
| Big 4 / large advisory practice | Process discipline, global delivery, board-credible reporting, gravitas across the table | The same firms perform vendor-commissioned license reviews elsewhere — ask directly about Oracle audit work and information barriers |
| Reseller / Oracle partner advisory arm | Knows your transaction history; convenient if it already manages the account; fluent on remediation purchasing | Margin and partner standing depend on Oracle — a structural conflict when the defense means disputing Oracle’s numbers |
| SAM tooling services arm | Instrumented discovery of Oracle estates, including options and feature-usage scanning ahead of disclosure | Discovery is not strategy — check who argues interpretation and who negotiates once the data is assembled |
The cross-vendor version of this landscape is the audit defense firm guide; the lawyer-or-consultant fork is mapped in licensing lawyer vs licensing consultant. To see who covers this cell, filter the directory to Oracle.
Files closed on both tracks. Formal GLAS audits and sales-led Java approaches run on different choreography. A firm that has only handled one track will misjudge the other — the soft approach punishes casual disclosure, the formal one punishes missed process. Ask for counts on each, and for the firm’s role: lead negotiator, technical analyst, or observer.
Options-and-packs fluency. The recurring Oracle finding is the feature nobody knew was on. A practiced firm describes, unprompted, how it scans feature-usage views before any disclosure, how it distinguishes enabled from used, and when an inadvertent-enablement argument has actually held.
A position on the virtualization question. Not slogans — closes. The soft-partitioning dispute is decades old and well-mapped; what distinguishes candidates is settlement evidence: what they conceded, what they defeated, and how the close was structured.
ULA and exit literacy. Reviews near certification windows are leverage events on both sides. A firm advising you mid-review should be conversant in ULA mechanics and the certify-or-renew decision, because the settlement Oracle proposes may well be one of them.
Independence, verified. Run the independence test: does the firm or any affiliate earn Oracle margin, hold partner incentives, or take Oracle-commissioned work? Conflicted firms can still be useful — once the conflict is disclosed and priced against an independent alternative.
The shapes mirror the review. Fixed-fee phases tracking the audit’s own stages — notice response and scoping, data control, counter-position, settlement support — keep cost aligned with how far the review actually runs. Day-rate with a cap suits Oracle’s rhythm of long silences and sudden deadlines. Gain-share against exposure reduction appears often in this market because opening findings can be dramatic; it is defensible only against a baseline both sides can audit, and a firm pushing contingency hard has an interest in dramatizing that baseline. Readiness retainers — priced before any letter arrives — buy response speed and are typically credited against engagement fees if a review starts. We publish no prices anywhere on this site; the fee models guide covers what each structure rewards, and when to bring in help argues why the cheapest engagement is the one scoped before the deadline pressure compounds.
Whatever the model, the engagement letter should name each phase’s deliverable and handoff. A defense that ends at “corrected position delivered” when you needed “settlement signed” was mis-scoped, not mis-priced.
“We know people inside Oracle.” Methodology familiarity is valuable; selling access is not a defense strategy. A firm trading on relationships has told you what it does when the relationship matters more than your file.
Scripts authorized casually. Any candidate comfortable letting Oracle’s collection tooling run unreviewed — or returning outputs unvalidated — has surrendered the single most consequential control point in the entire review.
Outcome guarantees. Nobody can promise a finding-free close before seeing your deployment history. Experienced firms quote indicative ranges from comparable files; inexperienced ones promise.
Policy treated as contract. A defense firm that cannot explain, precisely, which Oracle positions are contractual obligations and which are policy assertions will concede arguments you could have won.
The review as a migration pitch. If the proposal pivots from your notice letter to a cloud-migration or tooling engagement, the defense has become a sales channel for something else.
No bench for the endgame. Technicians who deliver a corrected position and exit before the settlement leave the negotiation — where Oracle’s process is strongest — to whoever is left in the room.
Firm-agnostic guides — when you are ready to compare actual firms, the Oracle directory lists them with balanced pros and cons.
The same choice across every vendor →
The settlement Oracle may propose →
Employee metric vs legacy licensing →
The full Oracle selection guide →
See the firms that do this work →
Every field guide on the site →
The audit clause obliges reasonable cooperation; it does not usually prescribe a specific collection tool. What matters is that nothing runs, and nothing leaves, before your side understands what it will report — Oracle’s scripts record feature and option usage history, including options enabled inadvertently. An experienced defense firm reviews script scope, runs collection in a controlled sequence, and validates outputs before anything is returned.
Usually not contractually — most Java outreach is a sales-led compliance approach rather than a formal notice under an agreement. It still deserves a managed response: download records give Oracle real data, the employee-based Java SE Universal Subscription metric makes casual quotes expensive, and informal disclosures travel. Treat the soft approach with the same data discipline as a formal one.
Oracle’s position on soft partitioning comes from a policy document that is not part of most license agreements, and buyers have repeatedly contested findings built on it. The factual questions are what your contract actually says and where the software actually ran. This is a well-trodden dispute area and a precise test of a defense firm’s experience — ask any candidate how they have argued it and what closes they reached.
Most Oracle reviews are disputes about deployment facts and metric interpretation, which is consultancy territory. Counsel earns its place when contract interpretation is genuinely contested, when privilege over internal findings matters, or when settlement terms need drafting. A common structure is a consultancy-led defense with counsel on standby — the lawyer vs consultant guide maps the fork in detail.
Most close commercially rather than in litigation: a negotiated purchase, a cloud commitment, a ULA entry or renewal, or a restructured support arrangement. That is why the firm you pick needs a negotiation record as well as a technical one — the finding is the opening position, and the close is where the money moves.
This guide is firm-agnostic: it explains how to evaluate candidates and names no providers. The Oracle audit defense page lists the firms that actually do this work, each with balanced pros and cons, in neutral alphabetical order — listed, not ranked.
Tell us where your Oracle review stands — notice letter, script request, draft findings or settlement — and we will route your brief to firms with genuine Oracle defense practices. The directory and matching are free for buyers, no vendor ever sees your brief, and we add no markup.
Our weekly dispatch on vendor audit programs, regional developments and one buyer move. Subscribe to The Licensing Radar.