An Oracle audit is run by Oracle GLAS and usually turns on three things: Database option usage you did not know was active, the Java SE per-employee subscription that counts all staff, and Oracle running on VMware. This page explains the mechanics, then lists the firms that defend Oracle audits — each with pros and cons, listed, not ranked.
Last reviewed: 5 June 2026
Oracle audits are conducted by Oracle GLAS (Global Licensing and Advisory Services, formerly LMS). The opening letter cites the audit clause in your OLSA or OMA and requests that you run Oracle's measurement scripts. The findings almost always cluster in a few places: Database Enterprise Edition options and management packs (Partitioning, Diagnostics and Tuning Pack, RAC, Advanced Security) that were enabled but never licensed, named-user-plus versus processor miscounts, and Java.
Java is now the dominant vector. The Java SE Universal Subscription is priced per employee — roughly $5.25 to $15.00 per employee per month in 2026 depending on volume — and counts all staff and contractors, not just the people who use Java. A single download from oracle.com can be treated as acceptance of that metric. Gartner has predicted that one in five Java users will face an Oracle audit by 2026.
Oracle on VMware is the highest-dollar single finding. Oracle's commercial position is that soft partitioning is not recognised, so a few licensed hosts in a vSphere cluster can be argued to require licensing of every host the VM could migrate to. That position is contractual and contested, which is exactly why defense matters: the gap between Oracle's opening number and a defensible position is often very large.
The Oracle-on-VMware and Java positions described here are contractual stances, not settled law, and are contested. Treat this as general information, not legal or licensing advice for your situation.
This page is general information about Oracle licensing and audit defense, not legal, financial or licensing advice for your situation. Vendor programs are described factually. Indicative figures, where shown, are labelled indicative.
Listed alphabetically with pros and cons — a directory, not a ranking. Selected for Oracle coverage plus audit defense work.
Independent US law firm focused on Oracle and multi-vendor software audit defense and licensing disputes, offering legal privilege that consultancies cannot.
Compliance and advisory firm that conducts Oracle and Broadcom/VMware audits on behalf of the vendors, and also offers buyer-side support.
Independent boutique and recognised authority on Oracle running on VMware and in public cloud, the single highest-dollar area of an Oracle audit.
Independent boutique staffed by ex-vendor auditors covering Oracle, SAP, IBM and Microsoft, with no resell, implementation or audit work for vendors.
Independent multi-vendor boutique covering Oracle, IBM, Microsoft, SAP and Tier-2 publishers, with a stated fully impartial position.
Independent, buyer-side boutique combining an Oracle compliance platform with a defense guarantee model, covering Oracle, Microsoft, IBM and VMware.
Independent, buyer-side boutique with the broadest multi-vendor coverage in the directory, including Oracle audit defense, negotiation and ULA work.
Listed alphabetically — not a ranking. Independence is shown as a pro and reseller, Big-Four or vendor-side-audit ties as a con, stated as factual trade-offs for you to weigh. Firm details are compiled from public sources and are unverified (demo) until the verified registry is live.
Indicative — directional patterns from how Oracle audit defense work tends to resolve, not a quote or a guarantee. Specific figures are not published until the verified registry is live.
| LEVER | WHAT IT CHANGES | INDICATIVE EFFECT |
|---|---|---|
| Database option scoping | Establishes what was truly used versus merely enabled | Indicative: removes options never knowingly deployed |
| Java employee-count model | Tests the per-employee basis and download history | Indicative: the largest swing in Java-driven audits |
| VMware partitioning challenge | Contests the whole-cluster licensing position | Indicative: the highest-dollar single finding |
| ULA certification strategy | Decides whether to certify or renew at exit | Indicative: shapes the multi-year cost, not just this audit |
The pattern across Oracle defenses is that the opening claim and the defensible position are far apart, and most of the movement comes from challenging the metric and the VMware scope rather than from a discount. Good defense also resets the contract so the next audit starts from a stronger place.
The same Oracle estate, viewed through the service you need.
The Oracle audit & negotiation operation →
Ongoing Oracle SAM & readiness →
Soft-partitioning & position design →
ULA lifecycle & support repricing →
The service across all vendors →
Oracle audit defense by country →
Under the Java SE Universal Subscription the metric is per employee, counting all full-time and part-time staff and contractors across the organisation, not only the people who run Java. That is why a small Java footprint can produce a very large number, and why testing the basis and the download history is central to the defense.
Commercially, Oracle does not recognise soft partitioning, so its auditors may argue that Oracle running on a few hosts in a vSphere cluster requires licensing of every host a VM could move to. This is a contractual position, not settled law, and it is routinely contested. It is the single highest-dollar finding in most Oracle audits, so how it is handled matters a great deal.
It depends on deployment growth, what is inside versus outside the ULA, and your roadmap. Certifying locks in current quantities and can be the cheaper path if deployment is stable; renewing can make sense if you expect growth. The decision interacts directly with any open audit, which is why it is usually modelled by a buyer-side specialist rather than decided under audit pressure.
Oracle's position is that downloading Java SE from oracle.com brings you under its current licence terms, including the per-employee subscription, even without a separate signed agreement. Whether and how that applies to your situation is contested and fact-specific, which is exactly the kind of question a defense firm tests rather than concedes.
No. This is a directory, not a ranking. Firms are listed alphabetically with balanced pros and cons. Independence is shown as a pro and reseller, Big-Four or vendor-side-audit ties as a con, both stated as factual trade-offs for you to weigh.
No. The directory and the matching service are free for buyers. We take no money from software publishers and add no markup, and no vendor ever sees your brief.
Tell us where the Oracle audit stands — letter, script request or findings — and which products are in scope, and we will route your brief to firms that defend Oracle audits. The directory and matching are free for buyers, no vendor ever sees your brief, and we add no markup.
Our weekly dispatch on vendor audit programs, regional developments and one buyer move. Subscribe to The Licensing Radar.