The new Oracle Java SE Universal Subscription introduced in 2023 will significantly impact medium-sized businesses and large corporations. According to the House of Brick evaluation, the annual Java expenses might soar by 1,400%. Consequently, many enterprises now consider leaving the Oracle ecosystem.
As Java is an open-source platform that evolves under the auspices of the OpenJDK project, other vendors offer JDK distributions based on the OpenJDK code. But how safe and reliable are they?
This article will compare Oracle Java and OpenJDK to gain clear insights into their differences and value for enterprises running Java applications.
What is OpenJDK?
The OpenJDK project came into existence in 2006 when Sun Microsystems released Java Hotspot and compiler under the GNU General Public License, following its initial promise to make Java open source. Since then, more portions of the Java code have been made available. OpenJDK is now a free Java Standard Edition (SE) implementation, the foundation for language development. A large community led by Oracle, composed of individual developers and technology corporations, takes part in OpenJDK (i.e., Java) enhancement by fixing bugs, eliminating vulnerabilities, and implementing new features.
Oracle Java and OpenJDK have the same codebase, but in this case, what is the difference between the two?
While from the technological perspective, they are mostly similar (except for several features discussed below). The OpenJDK performance is equal to that of Oracle Java, proven by industry-standard benchmarks and OpenJDK microbenchmarks.
The critical discrepancy hinges on licensing, support options, and prices.
Oracle Java vs OpenJDK licensing conditions
OpenJDK is distributed under the General Public License, version 2, with the Classpath Exception (GPLv2+CPE). GPL means the code is available to everyone to study, change, and share. Still, the classpath exception enables the developers to use GPL-licensed and proprietary code in one application without opening up the latter to the public. Therefore, OpenJDK can be utilized for developing closed-source applications without compromising the integrity of intellectual property.
Oracle Java is closed-source software, and companies must purchase a license to receive updates for the Java runtime. Right now, Oracle Java is distributed under different licenses depending on the version:
- Oracle JDK 8 and 11 are provided under My Oracle Support for commercial Oracle customers and Oracle Technology Network (OTN) for Java SE for personal, development, and other users. Personal use implies that the Java runtime is installed on a personal PC and used for running personal applications, playing games, etc.
- Oracle OpenJDK 11+ is available for free under the GPLv2 + CPE. These builds are updated for six months, after which users must purchase a commercial license to continue receiving security patches and bug fixes.
- Oracle JDK 17+ is under the No-Fee Terms and Conditions (NFTC) license, which permits free commercial and production use of the runtime under several restrictions specified in the license. The users receive free updates for one year (feature releases) or three years (LTS releases). After that, they have to migrate to a newer version or purchase the OTN to continue using the older version with support and patches.
Features and security
Most Java components were released into the OpenJDK project. Some features remain closed-source but have free, open-source implementations. For instance, Java Web Start can be substituted with IcedTea-Web or OpenWebStart. In addition, several OpenJDK vendors offer additional functionality, such as low-latency Shenandoah GC not shipped with Oracle builds or OpenJFX and JFR absent in newer (after JDK 11) Oracle Java versions.
Finally, OpenJDK vendors offer more installation methods than Oracle (whose builds are only available on the official website): Docker Hub or GitHub container registries, Linux repositories, package managers (Homebrew, Sdkman, etc.), or Discovery API.
As for security, most OpenJDK distributions receive quarterly Critical Patch Updates (CPU) in line with Oracle’s schedule. Provided that you update the software regularly, there are no security risks to the corporate Java runtime environment. In addition, prominent OpenJDK vendors offer commercial support at affordable prices with emergency patches.
OpenJDK as a viable alternative to Oracle Java
To summarize, OpenJDK builds are just as performant, functional, and secure as Oracle Java. Enterprises can use them for free or work with a reliable OpenJDK vendor. The comparison of OpenJDK distributions calls for a separate discussion, but in general, developers should take the following aspects into account when selecting a Java runtime for corporate development:
- TCK verification for seamless migration,
- Support for all system configurations (OSs, hardware, clouds) and Java versions utilized at the company,
- Adherence to the quarterly CPU release schedule,
- Support from Java engineers without a man in the middle and based on strict SLA,
- Availability of additional tools required for development (JavaFX, Web Start implementation, JFR, etc.),
- Clear licensing conditions.
By choosing a solution that suits all business needs, companies can reduce IT expenses, unify the Java stack, and avoid potential issues related to sudden changes to license agreements.