Azul has released its first annual Azul State of Java Survey & Report to understand the current pulse, trajectory and sentiments surrounding Java. Areas explored in the survey include Java adoption trends, the effect of Oracle’s latest Java pricing change, the migration of Java apps to the cloud and how companies are optimizing cloud costs, as well as security considerations for common vulnerabilities and exposures (CVEs).

Of all the businesses surveyed for this report, an overwhelming 98% use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone of most of their applications. When including Java-based frameworks, libraries and other languages that use the Java Virtual Machine (JVM), the data shows that Java continues to play a fundamental role in today’s enterprises.

Oracle Java’s Licensing Changes Have Enterprises Looking Elsewhere

More than 8 out of 10 respondents (82%) using Oracle Java said they are concerned about the new Java SE Universal subscription pricing introduced in January. The fourth major licensing/pricing change in four years, the cost of Oracle Java changed from being based on the number of processors used by Java applications to the total number of employees and contractors in the organization. More than 7 out of 10 (72%) respondents said they were considering open-source alternatives such as OpenJDK; of those who were not, 14% said it didn’t occur to them that they could.

While Oracle remains a strong player in the Java market, with 42% of respondents indicating they still use at least one instance of Oracle Java, 74% of those organizations stated they also use a JDK from at least one OpenJDK provider. About 60% of companies have chosen an OpenJDK distribution over Oracle Java SE.

Other key findings of the State of Java Survey & Report 2023 include:

Java Plays a Critical Role in Cloud Cost Optimization

90% of respondents are using Java in a cloud environment: public (48%), private (47%) or hybrid (40%). The cloud landscape is rapidly transforming, with organizations continuing their advance to the cloud for scalability, flexibility, productivity and agility – yet cost and security remain two of the leading challenges. In a telltale sign of overprovisioning cloud resources, nearly 70% of companies say they are paying for cloud capacity that they are not using.

As expected in uncertain economic times, the majority of companies (95%) have taken steps to lower their cloud costs in the past year. To reduce public cloud costs, 46% of businesses are taking advantage of a high-performance Java platform to use cloud resources more efficiently.

Log4Shell Vulnerability Had Widespread Security Impact on Organizations

The widespread impact of a single compromised Java-based logging library (Log4j) emphasizes the ongoing threat of security vulnerabilities in Java applications. Almost 80% of respondents reported being affected by Log4Shell, which the Department of Homeland Security called “one of the most serious software vulnerabilities in history.” Nearly half were impacted by the extra time required of their engineering teams to address this vulnerability, and 30% were impacted by attempts to exploit the vulnerability.

Third-party and open-source applications and libraries are the most concerning sources of CVEs – nearly two out of three survey respondents say exactly that, with 57% listing open-source libraries and applications as the most concerning sources of CVEs, and 51% specifying that third-party libraries and applications are the most concerning sources of CVEs.