COMPAREX
Java Self-Assessment

Have You Solved 
the Java Puzzle?

From 16 April 2019 Oracle charges for Java updates. Are you prepared?

How can I find out which of my applications run on Java?

“We have thousands of Java installations in our company, for which applications are they being used?”

How do I handle Java applications on virtual machines?

“We use VMware 6 in our organization. How shall we consider Java applications on our virtual machines within our license forecast?”

Is the free Open Java Development Kit (JDK) an option for our organization?

“We have not budgeted additional spend for our Java subscription. We want to make the best decision for our corporate use. What risks are we exposed to if we use the free version?”

Have you already implemented a structured Java Assessment?

Make fact-based decisions about your future with our vendor-independent Java Self-Assessment.

Our structured guide, built on experience and knowledge that we’ve gathered from numerous different customer engagements, brings clarity to your Java complexity while helping you assess your Java landscape step by step.

Why Act? New Rules Around Java

Oracle decided that patches and updates are no longer freely available for Java version 8 for commercial, external and internal use and must be purchased either by subscription or with a license. This applies to Oracle Java Development Kit (JDK) and the Oracle Java Runtime Environment (JRE), which is a subset of the JDK.

On April 16th, 2019 only enterprises with an active Oracle Java Subscription or license will receive the next critical security update for Oracle JDK 8.

Gartner estimates 80% or more large enterprise IT organizations use Java for mission-critical workloads.

Additionally, Oracle defined a new support roadmap based on a 6 months release cycle and a “Long Term Support” (LTS) release every 3 years. JDK 8 and 11 are the current LTS releases.

Starting with Oracle JDK 11, the underlying license agreement is the Oracle Technology Network, while previous Java versions are covered by the Oracle Binary Code License Agreement. Key difference: all Oracle JDK 11 installations for commercial purposes require an active Oracle Java subscription.

Release Type of agreement Release date
(GA date)
Premier support
until
Extended support
until
Long term support
available 
Java 6
Binary Code License Agreement December 2006  December 2015  December 2018  No 
Java 7
Binary Code License Agreement
July 2011 July 2019  July 2022  No
Java 8 Binary Code License Agreement March 2014 March 2022 March 2025 Yes
Java 9 Binary Code License Agreement
September 2017 March 2018 Not available No
Java 10 Binary Code License Agreement
March 2018 September 2018  Not available  No 
Java 11 Oracle Technology Network * September 2018 September 2023 September 2026 Yes
Java 12 Oracle Technology Network *
March 2019 September 2019 Not available No 
* can only be used in non-commercial environments and not for internal business operations

What Does This Mean to You? You Have Three Main Options:

Pay for a subscription and gain full access to security patches and updates

Take a security risk by continuing to run Java on the current version without updating it or downloading security patches

Move to open JDK and look for alternative support providers

What Risks are You Exposed to?

Not updating your Java installations regularly will likely lead to performance, stability and security issues affecting the applications running on your machine.

Based on cvedetails.com, 590 vulnerabilities have been reported for Oracle JDK since 2007, 7 of them related to Java 8 (affecting updates 121 and 192). Each new update includes additional security features: Update 191 includes, for example, 31 bug fixes.

Older versions of Java do not support the latest transport and encryption algorithms (e.g. TLS vs SSL). Only Java 11 supports the current TLS version 1.3. This creates a massive attack surface within an organization for hackers to exploit. So now not only are your systems at risk, but your data can be stolen while on the move.

Time to Solve the Java Puzzle - Start off with Your Three-Step Self-Assessment

Begin to solve your Java Puzzle with our Three-Step Java Self-Assessment:

  1. Detect your Java installations with an inventory solution
  2. Assess your applications, identifying all necessary information to make decisions around your future Java strategy
  3. Interpret your findings that you gathered during your Java Self-Assessment

If you require consulting or advice on the results of your findings, we offer a chargeable consultancy service.

What You Get From Us?

No Inventory Solution?

Why are We Offering Free Access to Profiler?

Our Guided 3-Step Approach

Java Installation Discovery

  • Based on your own Inventory Data
  • Find out which Java distributions, versions and components are installed
  • Identify your Java installations incl. vendor, version numbers, installed patch levels, etc.
  • Map your Java installations to the respective desktops and servers
  • Get the overall picture of your Java landscape

Application Assessment

  • Get a factual overview of your Java installations
  • Understand usage of Java from application perspective
  • Know what to ask your application vendors
  • Differentiate desktop vs. server Java applications
  • Estimate total number of desktops and servers’ processor cores with JDK installations

Interpretation

  • Focus on where you are responsible for Java licensing and support
  • Secure your business-critical applications
  • Evaluate your compliance position
  • Reduce risks of running older Java installations
  • Define long-term Java strategy

More Details

Java Installation Discovery

Application Assessment

Interpretation

Request your Java Self-Assessment Guide today

Make fact-based decisions about your future with our Java Self-Assessment.