Over the past year, my Eracent colleagues and I have written multiple articles and white papers talking about the benefits of using Software Bills of Materials (SBOMs). These have been focused on using SBOMs for cybersecurity, vulnerability management and open source license risk purposes. However, a recent conversation with a prospect reminded me of an obvious application, one tied to another trending SAM topic: The Oracle Java SE audit. With Oracle now charging for Java SE under a user-based model with a broad definition of what constitutes a user, many organizations are finding themselves in an unfavorable position. Applications that utilize Java behind the scenes previously had a much narrower or no licensing liability, so SAM teams did not have to manage them as closely from that perspective. It’s difficult to establish a licensing position and take action to minimize the risk of an audit and financial penalties without visibility into what your actual liabilities are.
Oracle-verified discovery tools like Eracent’s ITMC Discovery™ will identify all installations of Java SE, but there are always situations where there is not a direct correlation to the actual applications in which Java SE is embedded. This is where a comprehensive SBOM analysis tool is essential. The Software Bill of Materials for each application lists each component and library that makes up an application, including Java SE. Being able to get a detailed listing – in one place – of every application that utilizes Java SE will enable your SAM team to make the connection between Java installations and the applications that utilize Java. You can be confident that no products are overlooked when protecting your organization from potential fines for being under-licensed. Assisting with Java SE licensing is just one more way that SBOMs can add value to SAM, cyber and risk programs in any organization. Cutting edge SBOM management and analysis tools like the CyberSuite™ Application Risk Management module can help you get the most value from this emerging data source.
– by Terry Divelbliss
Terry Divelbliss is Eracent’s Sr. VP of Marketing & Technical Alliances. He has almost 20 years of experience in the ITAM and SAM industry in product management and customer solution implementation roles, and he is a regular speaker at industry conferences and events.