Why Java Remains Dominant: Insights from the 2023 State of Java Survey

Azul released its first annual State of Java report, surveying 2,062 Java professionals and application users worldwide. The study examines Java adoption trends, the impact of Oracle's recent pricing changes, migration of Java applications to the cloud, cloud cost optimization, and common security concerns such as CVEs.

The results show Java adoption remains robust: 98% of respondents use Java in their software or infrastructure, 57% report that at least 60% of their applications are Java‑based, and 66% of companies pay for Java support.

Java 11 (released September 2018) and Java 17 (released September 2020) are the most widely used versions, with adoption rates of 48% and 45% respectively, followed by Java 8 at 40%. Overall, 85% of respondents use LTS versions and 64% run multiple Java versions.

Oracle's Java market share is declining. Among Oracle Java users, 82% are concerned about the new Java SE subscription pricing introduced in January, and 72% are considering open‑source alternatives such as OpenJDK. Only 14% have not considered open‑source options because they had not thought of it.

Nevertheless, Oracle remains a strong player: 42% still use at least one Oracle Java instance, and 74% of those organizations also use at least one OpenJDK distribution. Approximately 60% of companies prefer OpenJDK releases over Oracle Java SE.

Cloud usage is pervasive: 90% of respondents run Java in public (48%), private (47%) or hybrid (40%) cloud environments. While cloud migration promises scalability, flexibility, productivity, and agility, cost and security remain major challenges.

Nearly 70% of companies admit they are paying for at least 20% of unused cloud capacity, indicating over‑provisioning. In the past year, 95% have taken steps to reduce cloud costs, and 46% are leveraging high‑performance Java platforms to use cloud resources more efficiently.

The Log4Shell vulnerability has had a broad impact: about 80% of respondents were affected, nearly half allocated extra engineering time to address it, and 30% experienced exploitation attempts.

Two‑thirds of respondents consider third‑party and open‑source libraries the most concerning sources of CVEs, with 57% citing open‑source components and 51% pointing to third‑party libraries.