Latest news with #2025StateofJavaSurvey&Report
Techday NZ
2 days ago
- Business
- Techday NZ
Java Independence is now a board-level priority - Driving cost savings, cloud efficiency and strategic agility
Chances are every time you stream content, buy something online or check your bank balance, you're interacting with Java-based systems. Java powers mission-critical systems across industries. Netflix runs its entire streaming infrastructure on Java-based microservices, processing millions of concurrent viewers. Global payment networks validate credit card transactions in milliseconds across hundreds of countries using Java applications. While the Java community has expanded to over 10 million developers worldwide, enterprises face mounting cost pressures from multiple directions. For the enterprises powering these essential services, 2025 represents a critical decision point: continue paying escalating costs for Oracle Java, potentially impacting profit margins or customer pricing as well as the potential for future price hikes, or seek alternatives. Java independence gives businesses control, choice, and confidence in how they build and run Java applications. Azul's recent 2025 State of Java Survey & Report reveals an enterprise Java ecosystem in transition, driven by mounting cost concerns, market preference for open-source solutions, and ongoing uncertainty around Oracle's licensing policies. This watershed moment stems from Oracle's shift to employee-based pricing in January 2023, which fundamentally disrupted enterprise Java strategy. Oracle's licensing practices have significantly increased Java-related expenditures, with the company generating billions annually from Java licensing and support. This shift isn't just about cost savings, it's about mitigating risk and enhancing agility. Java independence has become a board-level priority in an era where digital transformation drives market leadership. The oracle Java challenge The new Oracle pricing model detaches Java costs from actual usage, creating an unsustainable scenario: a 10,000-employee company running a handful of Java applications pays the same as a similarly sized organisation running thousands of Java-based services. For global businesses, this represents both a financial challenge and a strategic imperative to maintain competitive advantage. Our research reveals that two-thirds of organisations found Oracle's licensing model more expensive than alternatives, and an overwhelming majority reported successful migrations away from Oracle Java. With 25% of companies citing audit risk as a key migration driver, the urgency to transition has become a business priority rather than just an IT concern. The OpenJDK success story The success of OpenJDK adoption has shattered Oracle Java migration concerns. The data tells a compelling story: 84% of companies found the transition easier than expected or as planned, with three-quarters completing migrations within 12 months. This rapid timeline reflects both the maturity of available solutions and the robust support ecosystem around OpenJDK migrations. OpenJDK distributions have emerged as preferred alternatives to Oracle Java. These enterprise-ready solutions match Oracle Java SE's core capabilities while offering enhanced support and performance options. Successful migration hinges on three key components: Organisational momentum - Technical expertise, discovery & inventory tools and project planning assistance from a commercial OpenJDK provider can significantly help secure and maintain executive support, ultimately impacting a successful transition. Comprehensive Java mapping - Identifying all Java deployments across an organisation is essential. With 83% of organisations requiring commercially supported Java in production, this mapping phase is critical. Governance and compliance - Maintaining independence from Oracle Java licensing requires robust governance. Success means partnering with OpenJDK providers offering comprehensive protection, from IP safeguards to indemnification. The immediate financial benefits are substantial — most organisations report a 50-70% reduction in Oracle Java-related costs. Perhaps even more compelling, additional value lies in regaining control over Java technology strategy. Cloud cost optimisation Organisations are grappling with rapidly escalating cloud infrastructure costs, as annual global cloud spending is nearing a trillion dollars and continues to grow at double-digit rates. Our research reveals that 71% of organisations overpay for cloud compute capacity, highlighting an opportunity to reduce costs while improving application performance. Companies that select non-Oracle optimised Java platforms can save 20%+ on cloud computing costs. This is because high-performance Java runtimes deliver more stable Java applications and infrastructure while consuming fewer computing resources, creating compelling advantages beyond just licensing considerations. Powering AI innovation with Java Emerging technology demands amplify the need for change, particularly in AI and cloud computing. Half of the surveyed companies from our State of Java report already build AI functionality using Java — from financial institutions developing fraud detection systems to retailers leveraging machine learning for customer personalisation and inventory management. As computational demands grow, organisations require Java platforms that can deliver both performance and efficiency. These advanced workloads highlight the need for solutions that provide more scalable and stable applications while consuming fewer computing resources, enabling AI initiatives to be deployed successfully without excessive infrastructure investments. Oracle Java independence is not just a technical evolution — it's a strategic imperative that gives organisations the freedom to innovate, control costs, and build their technology future on their own terms.
Techday NZ
19-06-2025
- Business
- Techday NZ
Azul & Chainguard partner on zero-CVE Java containers
Azul and Chainguard have announced a partnership focused on strengthening container security for Java workloads through combined commercial Java support and secure container images. The collaboration will see Chainguard create Java container images built from source, incorporating Azul's commercially supported build of OpenJDK from the Azul Platform Core. This approach is designed to allow enterprises to deliver production workloads more efficiently while addressing the complexities of securing the full software stack for Java applications. Complexity in Java security Java remains integral to a wide range of enterprise applications, with growing challenges around ensuring timely access to secure builds. Securing Java workloads requires reliable updates and consistent patching, traditionally necessitating expertise and timely intervention by vendors. Azul aims to fulfil this role by delivering fully supported OpenJDK builds intended as a direct replacement for Oracle Java, enabling organisations to maintain compliance and security while reducing expenditure and freeing development teams from remediation tasks. Chainguard Containers supports customers by securing operating systems and application runtime environments. The combination targets gaps in current protection practices that too often see engineering and security teams handle numerous vulnerability disclosures, deal with inconsistent patching, and attempt to harden containers without slowing developer productivity. For Java workloads, which require both rapid security response and commercial support, these difficulties are particularly pressing. Recent research from NetRise indicates that the average container carries 604 known vulnerabilities in underlying software components. Notably, over 45% of these CVEs are two to ten years old. This accumulation of unaddressed vulnerabilities increases risks for organisations that depend on containerised apps. Findings from Azul's 2025 State of Java Survey & Report further highlight the impact of security issues. According to the report, 33% of respondents stated their DevOps teams spend more than half their time addressing false positives from Java-related vulnerabilities. Additionally, 49% of surveyed companies reported they are still encountering vulnerabilities from Log4j in production environments, nearly three years after the initial disclosure. The need to secure all layers, from operating systems to toolchains, forms a critical part of the software development lifecycle. Hardened, zero-CVE Java containers The partnership between Azul and Chainguard is positioned as a direct response to challenges identified by industry research. The joint offering will deliver zero-CVE containers for Java versions 21 and above, built from Azul's source code and supported commercially through Azul's Java expertise. Customers are expected to benefit from a streamlined way to secure Java application foundations, reducing overall risk exposure and enabling more consistent, reliable deployments. The new container images will be constructed entirely from source and tested in accordance with the Java Compatibility Kit, providing assurance of compatibility and feature parity. Azul's approach to stabilised, security-only Critical Patch Updates gives engineering teams the opportunity to deploy updated Java images more efficiently, minimising manual patching and testing efforts. This is intended to help organisations redirect development resources away from platform maintenance and towards application delivery. "Our customers need solutions that reduce risk and build trust at every layer of their modern software deployment stack," said Dan Lorenc, co-founder and CEO at Chainguard. "Today, we're bringing Chainguard's expertise in building minimal, zero-CVE images and Azul's expertise in Java together to create the most secure, commercial-grade containers for cloud-native workloads." Scott Sellers, co-founder and CEO at Azul, added: "Choosing a hardened container shouldn't mean sacrificing timely security-only updates and commercial support services for your Java runtimes. Today, we're excited to offer enterprises best-in-breed hardened Java containers from Chainguard while leveraging world-class commercial support from Azul." Customers adopting Azul Java container images through Chainguard Containers will have access to commercial Java support within the Azul Platform Core portfolio. This ensures ongoing access to patches and direct assistance for Java runtime issues in critical enterprise environments.
Techday NZ
11-06-2025
- Techday NZ
Azul unveils Java tool to cut false positives by up to 99%
Azul has unveiled a new class-level Java vulnerability detection capability within its Intelligence Cloud platform intended to improve the accuracy of identifying security threats in Java applications in production environments. The latest enhancement utilises runtime data to identify only those code paths that are actually executed in production, rather than simply identifying the presence of potentially vulnerable components based on file names or software bill of materials (SBOM) information. Traditional application security (AppSec) and application performance monitoring (APM) tools often generate a significant number of false positives, as they typically flag vulnerabilities if a component is present within an application regardless of whether the vulnerable portion of code is used. According to Azul, its new approach enables organisations to focus only on executable code paths, delivering a reported 100x to 1,000x reduction in false positives compared to other tools. Reducing false positives Azul referenced data from its own "2025 State of Java Survey & Report," which found that 33% of organisations say more than half of their DevOps teams' time is spent dealing with false positives from Java-related Common Vulnerabilities and Exposures (CVEs). This, the company states, not only overwhelms teams but also makes it difficult to prioritise genuine security issues and disrupts developer productivity. Java components, such as Log4j, often comprise Java ARchive (JAR) files, each containing multiple classes. It is therefore possible for applications to include components where the vulnerable class exists but is never invoked, meaning the associated vulnerability is not an actual risk. Azul argues that prioritising detection down to the class level can help Java teams correctly identify components that need patching, thereby eliminating unnecessary remediation efforts. Class-level analysis The new Vulnerability Detection capability in Azul Intelligence Cloud reportedly maps CVEs to Java classes observed at runtime, allowing organisations to pinpoint which components are in use and which are vulnerable. By relying on production runtime data, Azul claims this feature eliminates up to 99% of false positives. A cited example involves the 'Critical' severity vulnerability CVE-2024-1597, affecting certain versions of the pgjdbc PostgreSQL Java Database Connectivity (JDBC) driver. The vulnerability, which carries a CVSS score of 9.8 out of 10, only applies in specific non-default configurations. Traditional tools tend to flag the presence of the vulnerable component regardless of usage, potentially resulting in unnecessary security work. Azul states that its platform determines at runtime if any of the 11 vulnerable classes (among a total of 470 in the component) are actually used in production, enabling more precise prioritisation for remediation. "The improved Vulnerability Detection features strengthen the proposition of Azul's Intelligence Cloud analytics SaaS offering as a way to increase DevOps productivity and recover developer capacity by reducing the need for full-time employee time spent wasted on security false positives and inefficient triage," said William Fellows, Research Director at 451 Research, part of S&P Global Market Intelligence. Additional capabilities Azul states that its Intelligence Cloud platform provides several key benefits for enterprise Java security management. These include the ability to efficiently triage new vulnerabilities in real time, enabling DevOps teams to focus on the most pressing issues during high-impact events. The platform offers both real-time and historical vulnerability analysis, with forensic capabilities to determine whether vulnerable code was executed before the associated threat was identified. The underlying knowledge base that supports Azul Vulnerability Detection is updated with newly published vulnerabilities using AI-based processes, and it operates across all OpenJDK-based Java Virtual Machines (JVMs), including those provided by vendors such as Oracle, Amazon, Microsoft, Red Hat, and others. Azul notes that its approach has no measurable impact on application performance as it leverages runtime data already generated by the JVM. Azul also highlights that the system is designed to help teams recover capacity lost to unnecessary security triage, by illuminating only those vulnerabilities present in live production environments. "Our mission is to help enterprises focus their security efforts on what matters, real risk, not noise," said Scott Sellers, Co-Founder and Chief Executive Officer of Azul. "By eliminating up to 99% of false positives and pinpointing vulnerabilities in Java applications with 100x – 1000x greater accuracy than traditional tools, Azul Intelligence Cloud enables capacity recovery across DevOps and security teams. As a result, teams can dramatically reduce noise, prioritise real risk and accelerate remediation, all with zero impact to performance and without slowing innovation."
Business Wire
13-05-2025
- Business
- Business Wire
Azul and Moderne Announce Partnership to Boost Java Developer Productivity
SUNNYVALE, Calif. & MIAMI--(BUSINESS WIRE)-- Azul, the only company 100% focused on Java, and Moderne, the automated code refactoring and analysis company, today announced a technical partnership to help Java development teams identify, remove and refactor unused and dead code to improve productivity and dramatically accelerate modernization initiatives. This collaboration integrates Azul's deep runtime visibility and Java expertise with Moderne's powerful platform for automated, multi-repository, rules-based code refactoring. Together, they enable organizations to continuously secure, maintain and modernize their Java applications with unprecedented scale and precision. Azul + Moderne product integration automatically identifies and removes unused and dead code based on production runtime information Share According to Azul's 2025 State of Java Survey & Report, 62% of survey respondents report that unused or dead code affects DevOps productivity, and 33% cite that more than half of their DevOps team's time is wasted addressing false positives from Java-related security vulnerabilities. To address this, Azul and Moderne have integrated their solutions to bridge runtime insight with automated code remediation. Code Inventory, a feature of Azul Intelligence Cloud, identifies unused or dead code based on production Java runtime data. The Moderne Platform then uses this intelligence via an OpenRewrite recipe to earmark deprecation status and drive precise, large-scale removal of unused code. This integration can save enterprise development teams significant amounts of manual work updating source code and fixing vulnerabilities as part of major Java upgrades and framework migrations. Many organizations are seeking to upgrade and modernize their applications to keep them secure and on supported frameworks and runtimes, but codebases can contain unused or dead code, third-party libraries and open-source components. Over time, teams have added features but not retired code that is no longer run in production, making ongoing maintenance and modernization more difficult and costly. This complicates an organization's innovation efforts and impacts migration speeds and developer productivity. Considering the millions of Java applications being run across enterprises today, this results in a significant amount of developer time lost updating meaningless code that must be constantly maintained and secured. 'This partnership is about more than identifying unused and dead code—it's about removing the barriers to meaningful modernization,' said Jonathan Schneider, co-founder and CEO of Moderne. 'By combining Azul's production-aware insights with Moderne's ability to safely and automatically transform code at scale, we're giving Java teams a clear path from understanding to action. It's a model for how runtime data and automated execution can work together to keep codebases lean, secure and ready for what's next.' 'Application maintenance is not a sexy task for Java developers but is an essential part of keeping applications secure and running on supported modules and infrastructure,' said Scott Sellers, co-founder and CEO at Azul. 'By providing developers with a solution for remediating unused or dead code that is 100% accurate based on production application runtime data, Java teams can focus on updating, migrating and modernizing only the application code that matters, dramatically increasing developer productivity.' For more information on Azul's partnership with Moderne, click here. About Moderne Moderne automates mass-scale code modernization that's critical to the progress and success of enterprise companies today—making a difference in minutes, not months. Moderne is based in Miami, and its investors include Acrew Capital, Intel Capital, True Ventures, Mango Capital, Allstate Strategic Ventures, Morgan Stanley, Amex Ventures, and TIAA Ventures, among other investors and advisors. To learn more, visit About Azul Systems Inc. Headquartered in Sunnyvale, California, Azul provides the Java platform for the modern cloud enterprise. Azul is the only company 100% focused on Java. Millions of Java developers, hundreds of millions of devices and the world's most highly regarded businesses trust Azul to power their applications with exceptional capabilities, performance, security, value, and success. Azul customers include 36% of the Fortune 100, 50% of Forbes top 10 World's Most Valuable Brands, all 10 of the world's top 10 financial trading companies and leading brands like Avaya, Bazaarvoice, BMW, Deutsche Telekom, LG, Mastercard, Mizuho, Priceline, Salesforce, Software AG, and Workday. Learn more at and follow us @azulsystems.
