Java Is Still Full of Surprises After 28 Years

Java has been a mainstay of application and infrastructure development for decades since its introduction in 1995. We ran the Azul State of Java Survey and Report 2023 to serve as a guide to understanding Java adoption and various trends, including how one of the world’s most widely used programming languages is navigating a series of challenges led by Oracle’s fourth major update to their pricing or licensing in as many years. Other challenges include rising costs as enterprises migrate Java-based applications to the cloud and critical security vulnerabilities like Log4j.  

With over 2,000 Java users from across the globe weighing in, we think we achieved our objective! We hope you enjoy the analysis of the State of Java Survey and Report provided in this blog by the only company 100% focused on Java; but if you read no further, please do take advantage of the full report here. So, without further ado, let’s talk about what we learned. 

Java adoption

We were not at all surprised to see that Java is alive and well. In fact, 98% of companies we surveyed use Java, with 57% saying it is the backbone of most of their application and infrastructure estate. 

DevOps teams use Java-based languages like Kotlin, libraries like Log4j, and infrastructures like Spring Boot to help them do critical work. When you throw these technologies into the mix, the percentage of companies using Java is actually much higher. 

It’s not surprising really. Java is not some legacy language like COBOL that has not evolved and still exists only because of older code still waiting to be rewritten. Java remains one of the most in-demand coding languages today, and it continues to move into new areas such as AI and the cloud. 

Java remains one of the most widely used programming languages in the world thanks to its versatility, reliability, stability, and continuous evolution to address the needs of the DevOps community. Hallmarks of Java include:

• Open nature: Java is defined through the Java Community Process (JCP) and developed under the open-source OpenJDK project. 
• Updates: It’s updated every six months, including every two years with a version that has long-term support. 
• Strong backward compatibility: Java-based applications that run on new versions of Java can usually run on older versions too (with a few very rare exceptions), reducing the need to be on an update hamster wheel. 
• Write once, run everywhere ethos: Developers need to write only a single code base to execute their program on any platform, meaning both the operating system and the hardware.

Oracle’s waning market share

Oracle threw the Java licensing landscape into turmoil when it moved to an employee-based pricing and licensing model in January 2023, and chose to define “employee” this way:

(i) all of Your full-time, part-time, temporary employees, and (ii) all of the full-time employees, part-time employees and temporary employees of Your agents, contractors, outsourcers, and consultants that support Your internal business operations. The quantity of the licenses required is determined by the number of Employees and not just the actual number of employees that use the Programs. 

Our survey bares out that 82% of respondents are concerned about the pricing model change and 72% are actively looking at alternatives to Oracle Java SE. As the percentage of companies using Oracle’s JDK drops – from more than 70% in 2020 according to other studies to 42% in our State of Java Survey and Report – other distributions are growing. In other words, if you’re not happy with your current Java SE or OpenJDK provider, you have choices. 

With Oracle’s pricing, why aren’t more companies looking for an alternate JDK? In our survey, 26% of those participants said it’s too much effort. The truth is that in most cases, moving to an OpenJDK alternative is pretty straightforward. Simon Ritter, Azul’s deputy CTO and Java Champion, quite literally wrote the book on Oracle JDK migration.

Roy Wasse, Managing Director of Java consultancy group OpenValue, confirms the routine nature of most migrations. “After many JDK migrations, even the ones we did for large-scale multinational clients were finished within nine months,” Wasse says. “Our Azul partnership enables us to successfully complete even the most complex migrations in a straightforward way.”

Cloud and the cloud revolution

Java is growing in the cloud too, as more than 90% of organizations in our survey are running applications in the cloud. While Java was really picking up steam at a time before cloud adoption was widespread, its “write once, run anywhere” ethos lends itself quite well to cloud. If you thought Java was primarily limited to on-premises use, think again. 

Like applications written in other programming languages, Java applications that run on the cloud are not immune to rising cloud costs. In our survey, 95% of participants have taken steps to reduce cloud costs in the last year. Why? Because 70% of our survey participants are paying for cloud capacity they are not fully utilizing, and more than 40% say they use less than 60% of the public cloud compute capacity they’re paying for. Enterprises often provision any amount of capacity to ensure their essential business applications are successfully serving loads with an acceptably low failure rate. However, teams lack confidence to increase the utilization of the cloud compute capacity they are paying for due to a range of concerns including:

• Operational issues
• Maintaining service levels at higher loads
• Inability to minimize disruption from turning application instances on and off to better match demand as loads fluctuate

One trend we were delighted to observe that is that 46% of respondents are using a high-performance Java platform to reduce cloud resources and optimize cloud spend. An enhanced JVM eliminates outliers, jitters, and pauses for greater operational stability at high CPU utilization, giving teams the confidence to set autoscaling thresholds higher and gain greater efficiency from each dollar of compute capacity while still meeting service level expectations.

Over the last year, what actions has your organization taken to reduce public cloud costs for your Java-based applications and infrastructure? Select all that apply.

Enhanced JVMs execute code faster with less CPU through superior compiler optimizations, resulting in higher transactions per second, fewer compute instances needed, and more cost savings achieved. Additionally, high-performance JVMs accelerate Java warmup by slashing the time for Java applications to get to full speed when starting new JVM instances, improving practical elasticity. Teams can thus better match capacity to demand while minimizing disruption. 

Limiting the costs of doing business in the cloud is a complicated challenge, and various solutions can be right for companies in different circumstances. For some, even repatriating services from the cloud back to on-premises can be more cost-effective; but by using a more performant JVM, we believe companies can leave their services in the cloud and lower costs without taking such drastic steps.

Azul Platform Prime, our flagship JDK/JVM, is an enhanced build of OpenJDK and a critical component of many companies’ success stories. Check out Bazaarvoice, Payara, Supercell, Taboolah, Workday, and many other customer case studies on our website. 

Java Security

Speaking of short-sighted solutions, a lot of executives could have stopped using the Log4j library after it was infected with the Log4Shell vulnerability in 2021. Instead, it remains one of the most popular Java-based technologies, according to our survey respondents.  

However, participants in our survey do recognize the danger of third-party and open-source applications and services. About 67% said they are the most concerning sources of common vulnerabilities and exposures (CVEs). 

One notable result was that 80% of organizations were impacted by Log4j. The common narrative was that companies were affected indirectly because engineering teams had to invest so much time in protecting against potential attacks. Most organizations didn’t know all the places the Log4j library existed in their environments and whether it was patched.

In addition, 30% were directly affected by Log4j, either by unsuccessful attempts to exploit the vulnerability (17%) or – more alarmingly – successful attempts (13%). It makes you wonder what the next Log4Shell has in store for DevOps teams and their ability to react quickly and effectively.

What impact did the Log4Shell vulnerability have on your company?

Azul Vulnerability Detection was released in November 2022 and has seen tremendous success. Had it been available in December 2021, companies using it would have known exactly where the Log4Shell vulnerability was in production (both currently and historically) and could have patched it much more efficiently. Instead they used a shotgun approach because they didn’t know which applications were vulnerable.

Conclusion

We were pleased (yet not surprised) to see that Java’s adoption continues to be so strong. Java’s staying power is built on its adaptability and evolution, not its legacy. In the coming weeks you will see additional insights into the results of our first survey, including webinars, blog posts, and infographics. These new assets will uncover still more learnings around Java, the impact of Oracle’s licensing and pricing changes, cloud costs, and security. We hope you will join us.