22:
265:(BSA) as a means of providing an industry approach to control piracy, counterfeiting, and illegal use of software. They publicize campaigns against illegal use of software and reward any employees who notify them of any breaches which result in successful prosecution and/or recovery of license fees.
232:
The audit process itself should be a continuing action, and modern SAM software identifies what is installed, where it is installed, its usage, and provides a reconciliation of this discovery against usage. This is a very useful means of controlling software installations and lowering the costs of
211:
Software asset management is a comprehensive strategy that has to be addressed from top to bottom in an organization to be effective, to minimize risk. A software compliance audit is an important sub-set of software asset management and is covered in the above referenced standards. At its simplest
177:
Finally, some software packages may internally contain fragments of the source code (such as source code of the Oracle Java) that may be provided only for reference or have various other licenses, not necessary compatible with the internal policies of the company. If the software team actually does
130:
The primary benefits a corporation receives from performing a software licensing audit are greater control and various forms of cost savings. The audit is used both as an efficiency mechanism to improve software distribution within an organization and as a preventative mechanism to avoid copyright
236:
From time to time internal or external (by major accounting firms) audits may take a forensic approach to establish what is installed on the computers in an organization with the purpose of ensuring that it is all legal and authorized and to ensure that its process of processing transactions or
154:
If the auditing company self-dependently scans the code base, one of the serious challenges is the license changes between versions. Some software libraries start with one license and later switch into another. The typical examples are switching from the single permissive license to the dual
181:
All these issues are relatively easy to resolve if the auditing group cooperates with the software team that normally should know the used versions and so on. If the software team is not trusted, an incompetent audit may find many "inconsistencies" and "violations" where there are not any.
167:). In such cases it is not enough to detect that some library or code fragment has been used - an exact used version must be correctly identified. Further difficulties may arise if the library owner removes the obsolete versions (that were under different license) from the public sources.
174:) have very different conditions for the simple linking and creating of the derivative works. In such case the proper audit must take into consideration if the library has been linked or the derivative work (custom branch) has been created.
126:
is an important sub-set of software asset management and component of corporate risk management. When a company is unaware of what software is installed and being used on its machines, it can result in multiple layers of exposure.
244:
due to use of unlicensed software. Most vendors permit the company to settle without prosecution though in serious cases, prosecutions certainly occur. In addition with a strict software usage policy the risk of
237:
events is correct. Though one might be confronted with a software vendor audit by fair contractual and legal means, one should know and reserve one's crucial rights in an audit situation as well.
131:
infringement prosecution by software companies. Software licensing audits are an important part of software asset management, but also serve as a method of corporate
289:
284:
39:
335:
377:
405:
86:
241:
178:
not use (or even is not aware) about such fragments, this must be viewed differently from the case if they would be directly linked.
58:
258:
105:
65:
222:
Identifying gaps that may exist between what exists on the installations, and the licenses possessed, and the rights of usage.
43:
72:
240:
Software audits are a component of corporate risk management, and they certainly minimize the risk of prosecution for
54:
279:
262:
32:
191:
204::2005 Information Technology - Security Techniques - Information Security Management Systems - Requirements and
356:
208::2005 Information Technology - Security Techniques - Code of Practice for Information Security Management.
132:
79:
314:
233:
licensing. Large organizations could not do this without discovery and inventory applications.
246:
274:
399:
205:
201:
197:
155:
licensing model (the choice between strong reciprocal or paid commercial) as for
160:
143:
21:
228:
Recording the results in a centralized location with Proof Of
Purchase records.
135:
by ensuring that the company is operating within legal and ethical guidelines.
139:
196:
Software asset management is an organization process, which is outlined in
378:"Vendor Audit – Top 10 Customer Rights From Announcement To Settlement"
164:
219:
Verifying the
Software Assets including licenses, usage, and rights.
159:, switching from more reciprocal to more permissive license (as for
156:
171:
15:
249:
are minimized by preventing uncontrolled software copying.
163:) and open sourcing the previously commercial code (as for
380:. OMTCO Operations Management Technology Consulting GmbH
295:
Australian
Software Asset Management Association (ASAMA)
294:
46:. Unsourced material may be challenged and removed.
257:Vendors subscribe to organizations such as the
290:International Organization for Standardization
285:Software and Information Industry Association
8:
138:Software audits should not be confused with
106:Learn how and when to remove this message
306:
7:
44:adding citations to reliable sources
200:-1. It is also now embraced within
216:Identification of Software Assets.
14:
259:Federation Against Software Theft
225:Taking action to close any gaps.
20:
142:, which are carried out on the
31:needs additional citations for
1:
315:"Software License Management"
406:Information technology audit
212:it involves the following:
422:
280:Business Software Alliance
263:Business Software Alliance
189:
55:"Software licensing audit"
192:Software asset management
186:Software asset management
124:software compliance audit
120:software licensing audit
146:of a software project.
242:copyright infringement
133:reputation management
357:"ISO/IEC 17799:2005"
336:"ISO/IEC 27001:2005"
170:Some licenses (like
40:improve this article
116:
115:
108:
90:
413:
390:
389:
387:
385:
374:
368:
367:
365:
364:
353:
347:
346:
344:
343:
332:
326:
325:
323:
322:
311:
247:computer viruses
111:
104:
100:
97:
91:
89:
48:
24:
16:
421:
420:
416:
415:
414:
412:
411:
410:
396:
395:
394:
393:
383:
381:
376:
375:
371:
362:
360:
355:
354:
350:
341:
339:
334:
333:
329:
320:
318:
313:
312:
308:
303:
275:License manager
271:
261:(FAST) and the
255:
194:
188:
152:
112:
101:
95:
92:
49:
47:
37:
25:
12:
11:
5:
419:
417:
409:
408:
398:
397:
392:
391:
369:
348:
327:
305:
304:
302:
299:
298:
297:
292:
287:
282:
277:
270:
267:
254:
251:
230:
229:
226:
223:
220:
217:
190:Main article:
187:
184:
151:
148:
114:
113:
28:
26:
19:
13:
10:
9:
6:
4:
3:
2:
418:
407:
404:
403:
401:
379:
373:
370:
358:
352:
349:
337:
331:
328:
316:
310:
307:
300:
296:
293:
291:
288:
286:
283:
281:
278:
276:
273:
272:
268:
266:
264:
260:
253:Organizations
252:
250:
248:
243:
238:
234:
227:
224:
221:
218:
215:
214:
213:
209:
207:
206:ISO/IEC 17799
203:
202:ISO/IEC 27001
199:
198:ISO/IEC 19770
193:
185:
183:
179:
175:
173:
168:
166:
162:
158:
149:
147:
145:
141:
136:
134:
128:
125:
121:
110:
107:
99:
88:
85:
81:
78:
74:
71:
67:
64:
60:
57: –
56:
52:
51:Find sources:
45:
41:
35:
34:
29:This article
27:
23:
18:
17:
382:. Retrieved
372:
361:. Retrieved
351:
340:. Retrieved
330:
319:. Retrieved
309:
256:
239:
235:
231:
210:
195:
180:
176:
169:
153:
137:
129:
123:
119:
117:
102:
93:
83:
76:
69:
62:
50:
38:Please help
33:verification
30:
317:. Dell KACE
161:Qt Extended
144:source code
140:code audits
363:2008-03-23
342:2008-03-23
321:2012-07-06
301:References
150:Challenges
66:newspapers
96:July 2007
400:Category
269:See also
165:OpenJDK
80:scholar
384:4 June
359:. 2005
338:. 2005
82:
75:
68:
61:
53:
157:iText
87:JSTOR
73:books
386:2013
172:LGPL
59:news
122:or
42:by
402::
118:A
388:.
366:.
345:.
324:.
109:)
103:(
98:)
94:(
84:·
77:·
70:·
63:·
36:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.