Fortify perpetual maintenance reinstatement in a finding
When a Fortify finding lands, the seat count is rarely the only number on the page. Underneath it sits a second charge that buyers often miss until it is too late: back maintenance and reinstatement on perpetual licenses. On a noncompliance finding the licensee is deemed to have acquired licenses at then current list price, and the remedy stacks back maintenance and support plus the first year of maintenance on the new licenses on top of that list figure. For perpetual Fortify estates, this maintenance layer is where a finding quietly doubles. Understanding Fortify perpetual maintenance reinstatement in a finding is what lets a buyer separate the defensible license figure from the support charges piled on after it.
This article explains how the maintenance layer is assembled, why reinstatement charges inflate, and how a buyer holds them to what the contract actually supports. It supports our Fortify and AppSec audit defense practice and links up to the complete OpenText audit defense playbook for 2026.
Why maintenance sits on top of a perpetual finding
A perpetual license does not expire, but the maintenance and support attached to it is a recurring entitlement that can lapse. When a finding asserts that a buyer used more perpetual seats than it was entitled to, the remedy is not just the list price of the extra seats. It is the list price plus the maintenance that would have been paid on those seats for the period they were in use, plus the first year of forward maintenance once the licenses are deemed acquired. The result is that a seat overclaim on perpetual Fortify drags a maintenance tail behind it, and that tail is frequently the larger of the two figures. The mechanics of the seat count itself are covered in what counts as a Fortify developer seat in an audit.
The maintenance layer is derivative. It is calculated from the seat figure, so when the seat figure is wrong, the maintenance and reinstatement charges built on it are wrong by the same proportion or worse.
Where the reinstatement charge inflates
The recurring inflation points on a perpetual maintenance layer are consistent across engagements:
- Back maintenance on a disputed seat count. If the seat overclaim is inflated, the back maintenance calculated against it inflates in lockstep. The maintenance figure inherits every error in the seat number.
- Reinstatement priced as if support never lapsed. A finding may assume continuous support obligations across a period when no support was active, charging for coverage that was never delivered.
- List price applied to the maintenance base. The deemed acquisition runs at then current list price, and maintenance is then calculated as a percentage of that list figure rather than any discounted or historical rate.
- Compounding across multiple years. A long lookback multiplies the maintenance tail year on year, so the period the vendor chooses to measure has an outsized effect on the total. The cost mechanics are examined in how much does a Fortify seat overclaim finding cost.
Reading the perpetual versus term distinction
Whether a maintenance reinstatement charge applies at all depends on the license model. A perpetual license carries separable maintenance that can lapse and be reinstated. A term or subscription license bundles support into the term fee, so the reinstatement logic does not apply in the same way. A finding that treats a term estate as if it carried lapsed perpetual maintenance is applying the wrong remedy, and a finding that treats perpetual seats as if support had always been current is applying the wrong base. The buyer establishes which seats are perpetual and which are term before accepting any maintenance figure, a distinction set out in Fortify perpetual versus term license positions.
Reconstructing the maintenance base from the buyer's records
The defensible approach is to rebuild the maintenance layer from the buyer's own contract and support history rather than accept the vendor's derived figure. The buyer assembles its perpetual license entitlements, its support renewal history, the dates support was active or lapsed, and the seat reconstruction that establishes the true license position. From these records the maintenance charge can only be calculated against seats that are genuinely out of compliance, for periods support was genuinely obligated, at rates the contract genuinely supports. This reconstruction is part of reconciling Fortify entitlements before an audit, and it removes the speculative layers a vendor calculation tends to add.
How the four Rs take the maintenance layer down
The maintenance and reinstatement charge runs through the method end to end. In the reconstruct stage the firm rebuilds the perpetual license position and the support history independently, before any vendor measurement script runs, so the maintenance base is the buyer's documented reality rather than the vendor's assumption. In the rebut stage every line of the maintenance calculation is challenged: the seat count it derives from, the lookback period it spans, the rate it applies, and whether support was genuinely obligated across the measured window. In the resolve stage the settlement is struck on the corrected figure and converted forward into a clean agreement whose maintenance terms are defined rather than open to later reinterpretation. The earlier the support history is reconstructed, the smaller the maintenance tail the finding can sustain.
A representative outcome
In a recent engagement, a Fortify finding paired a developer seat overclaim with a substantial back maintenance and reinstatement charge that, taken together, made up the bulk of the headline figure. By mapping actual scan submitters to bring the seat count down to its defensible level, and then recalculating the maintenance layer against only the seats genuinely out of compliance for only the periods support was obligated, the maintenance tail collapsed alongside the seat figure. The matter settled well below its opening number, consistent with our E-02 case file, where a technology company brought a Fortify developer seat overclaim down by 80 percent. The lesson is that the maintenance layer rarely survives once the seat count it depends on is corrected.
The reinstatement discipline in one line
Fix the seat count first, then hold the maintenance and reinstatement charge to the seats genuinely out of compliance, the periods support was genuinely obligated, and the rates the contract genuinely supports. That is how a buyer stops a derivative charge from inheriting and amplifying an inflated seat figure. For the line by line method that produces this result, see defending a Fortify developer seat finding line by line, and to put your support history to work you can open a case with our team.
Stop the maintenance tail from doubling the finding
We reconstruct the perpetual license position and the support history, then recalculate back maintenance and reinstatement against only the seats genuinely out of compliance. Open a case to start.
Open a case →For the underlying seat methodology that drives the maintenance base, read the Fortify seat counting white paper.
If an OpenText or Micro Focus audit notice has reached your desk, the first seven days carry more weight than any week that follows. OpenText Audit Defense is an independent, buyer side practice founded in 2020 by former vendor compliance leadership. We have defended more than 200 audits, brought the average finding down by 68 percent, and mitigated more than $90M in claims against vendor positions. We do not resell OpenText software and we are not affiliated with OpenText Corporation. To open a case, use the contact form on this site.