Java Licensing Analysis
Oracle JDK vs OpenJDK: The True Cost Comparison Every CTO Needs
In January 2023, Oracle fundamentally changed Java licensing. What was free became expensive. Understand the $5M+ decision your enterprise is unknowingly making.
The January 2023 Problem That Changed Everything
Oracle removed the free tier of Java SE subscriptions effective January 2023. Any company running Oracle JDK versions 8u202 and later on production servers now falls under the Oracle Java SE Subscription licensing model, which is calculated using the Oracle "Employee Metric" — a controversial billing mechanism that counts the total number of employees in your company, not the number of servers or users consuming Java.
Oracle JDK vs OpenJDK: Complete Comparison
| Criteria | Oracle JDK | OpenJDK (Temurin) | Amazon Corretto | Azul Zulu |
|---|---|---|---|---|
| License Cost | $260/employee/yr | Free | Free | Free |
| Billing Metric | Employee Metric | None | None | None |
| Audit Risk | Very High | None | None | None |
| Security Updates | Monthly | Quarterly | Monthly | Monthly |
| LTS Support Duration | 5-10 years | 4 years | 8 years | 5-10 years |
| Commercial Support | Yes (Oracle) | Community | Yes (AWS) | Yes (Azul) |
| Migration Complexity | N/A | Low | Low | Low |
| Recommended For | Legacy single-vendor lock | Most enterprises | AWS-native shops | Performance-critical |
Key insight: The only genuine technical difference between Oracle JDK and OpenJDK distributions is Oracle's brand. All modern OpenJDK distributions are production-ready, actively maintained, and pass the Java Compatibility Kit (JCK). The Oracle JDK license cost reflects Oracle's commercial support tier, not superior technology.
Which OpenJDK Distribution Should You Choose?
Each OpenJDK distribution is maintained by different organizations, but all are production-grade. Your choice depends on your infrastructure and support preferences.
Best for: Enterprises wanting vendor-independent Java
Support: Community-backed, commercial support via partners
Key: True open governance model, no corporate lock-in
Best for: AWS-native environments and hybrid AWS deployments
Support: AWS enterprise support, 8-year LTS
Key: Optimized for AWS infrastructure, tightly integrated with ECS/EKS
Best for: Performance-critical applications, financial services
Support: Commercial support with performance guarantees
Key: Zulu Falcon JVM optimizations, fastest GC, predictable latency
Best for: Azure-native workloads
Support: Microsoft enterprise support
Key: Optimized for Azure, integrated with Visual Studio, Azure DevOps
What Triggers an Oracle Java Audit? The Employee Metric Trap
Oracle audits identify Java usage through network discovery, application scanning, and employee tip-offs. Once identified, any Oracle JDK deployment triggers the Employee Metric calculation regardless of actual usage levels.
Oracle JDK Version 8u202 or Later
Any build released after January 2023. Older versions (8u201 and earlier) technically have a free license, but Oracle's auditors will pressure you to upgrade to a supported version, at which point the subscription applies. The compliance risk of running unsupported software is severe.
Development and Testing Machines Count
Oracle's contract language is intentionally vague about whether development copies are licensed. Their auditors routinely argue that every development machine running Oracle JDK counts. You're technically liable for developer laptops if they have Oracle JDK installed for compilation.
Docker Containers Are Individual Instances
Each containerized instance of Oracle JDK is a separate license trigger. A Kubernetes cluster with 200 Oracle JDK containers doesn't change your Employee Metric cost — you still pay per employee — but it's absolute proof of Oracle JDK usage in a production environment.
Employee Metric Counts All Employees
The audit covers your entire company headcount. A 5,000-person company with Java on 50 servers pays for 5,000 employees, not 50 servers. This is why the cost becomes untenable so quickly. You're not paying for Java usage; you're paying to exist as a company that uses Java somewhere.
Audit Triggers: Network Discovery Tools
Oracle actively monitors tech vendor communities, GitHub, Docker Hub, and infrastructure scanning tools. They purchase discovery data from security vendors and use port scanning (Java runs on port 8080, 8443, etc.) to identify companies likely using Java. One network discovery hit can trigger a mandatory audit letter.
The Financial Reality: A Real Migration Example
Consider a typical mid-market enterprise with 5,000 employees running Oracle JDK across 200 application servers (development, staging, production).
Annual Cost Comparison
Migration breakdown: Testing and validation (2-3 weeks), application compatibility testing (1-2 weeks), staging deployment (1 week), production rollout (1-2 weeks). Most enterprises complete the migration in 4-8 weeks. The payback period on your migration investment is measured in weeks, not months.
Hidden Oracle JDK costs not included above: Legal review of audit letters ($15K-$30K), negotiated settlement costs (often 30-50% of the calculated liability), audit defense support ($100K+), contract renegotiation, and the cost of maintaining compliance going forward. The true Oracle JDK cost is often 40-60% higher than the stated Employee Metric fee.
Migration Risks: How to Manage Them
OpenJDK migration is low-risk, but requires structured planning. These are the real concerns your engineering team will raise, and how to address them.
Application Compatibility (Lowest Risk)
OpenJDK passes Oracle's Java Compatibility Kit (JCK). The difference between Oracle JDK and OpenJDK at runtime is zero for standard applications. Risk occurs in: GraalVM-specific features, proprietary Oracle extensions (rare in practice), legacy application quirks. Mitigation: Comprehensive testing in staging for 2-3 weeks before production rollout.
Performance and Latency (Usually Positive)
Amazon Corretto and Azul Zulu often outperform Oracle JDK due to community optimizations. Eclipse Temurin matches Oracle JDK performance. Risk: Your team may discover previously hidden performance issues in your own code. Mitigation: Use your existing APM/monitoring tools during staging. Performance usually improves.
Support and Security Updates (Medium Risk)
OpenJDK distributions have committed SLAs for security updates. Temurin: 4-year LTS, Corretto: 8-year LTS, Zulu: 5-10 year LTS depending on tier. Risk: Your organization loses direct access to Oracle support (which 90% of enterprises don't use anyway). Mitigation: Choose a distribution with commercial support if needed (AWS, Azul, or partner-backed Temurin).
License Compliance (Zero Risk with OpenJDK)
OpenJDK distributions carry open-source licenses (GPL v2 with classpath exception) with no compliance burden for usage. You can deploy to unlimited servers, in unlimited regions, with unlimited employees. The compliance nightmare disappears entirely. Mitigation: None needed. This is a net reduction in risk.
Organizational Inertia (Highest Real Risk)
Your organization is probably running Oracle JDK because "that's what we've always used." There's no technical barrier to migration; the barrier is organizational. Getting buy-in from architecture committees, infosec teams, and operations can take longer than the technical migration. Mitigation: Build a business case focused on cost savings and audit risk reduction. Get security clearance early.
How We Help Enterprises Navigate Java Licensing
Oracle Licensing Experts is an independent advisory firm. We are not affiliated with, endorsed by, or partnered with Oracle Corporation. Our sole focus is defending enterprise interests against aggressive Oracle licensing practices.
Java Licensing Assessment
We audit your current Java deployment (Oracle JDK versions, distribution counts, container workloads, employee metrics), calculate your current exposure, and model the cost delta of migration to OpenJDK. Delivered with financial modeling and audit risk scoring.
Learn about Java assessmentsMigration Planning & Execution
We work with your engineering and infrastructure teams to plan OpenJDK migration, validate compatibility in your staging environment, and execute phased production rollout. We provide post-migration support and performance validation.
See migration servicesOracle Audit Defense
If you've received an Oracle audit letter, we negotiate with Oracle on your behalf. We challenge inflated employee counts, argue for favorable license interpretations, and structure settlements that minimize your financial exposure.
View audit defenseJava Licensing Optimization
For enterprises that must maintain some Oracle JDK usage (legacy systems), we design hybrid architectures that minimize your Employee Metric exposure while maintaining necessary Oracle compatibility.
Explore optimizationRelated Resources
Oracle Java Licensing Complete Guide
In-depth explanation of Oracle Java SE subscriptions, Employee Metric calculations, SLA compliance, and why Oracle's model favors aggressive auditing.
Read the guide →Java Licensing Survival Guide
For CFOs and CTOs. Explains the financial impact of Oracle Java licensing, migration ROI, and how to position Java licensing decisions to the board.
Download whitepaper →Java Licensing Services
Assessment, migration planning, audit defense, and ongoing optimization. Tailored to your enterprise's Java footprint and risk profile.
View services →Frequently Asked Questions
Yes. All OpenJDK distributions are licensed under the GNU General Public License v2 with the Classpath Exception (GPLv2+CPE). The Classpath Exception explicitly permits linking OpenJDK from commercial applications without licensing those applications. You can deploy OpenJDK in unlimited commercial environments, on unlimited servers, with no licensing fees or compliance burden. The only requirement is that if you modify OpenJDK's source code itself, you must share those modifications under the same license.
The Employee Metric is Oracle's billing mechanism for Java SE subscriptions. It charges based on the total number of employees in your company, not the number of servers, containers, or instances running Java. Oracle's logic is that employees collectively create the business value that Java generates, so all employees should be licensed. A 5,000-person company running Java on 50 servers pays as if all 5,000 employees need a Java license. This model is deliberately abstract and difficult to dispute during audits, which is why it's so profitable for Oracle.
Yes, absolutely. Amazon Corretto is a free, production-grade OpenJDK distribution. It passes the Java Compatibility Kit (JCK) and is 100% compatible with Oracle JDK at runtime. The only reason to use Oracle JDK instead of Corretto is if you need direct Oracle support (rare) or have legacy applications with undocumented Oracle-specific dependencies (very rare). Most enterprises migrating from Oracle JDK choose either Corretto (if AWS-native) or Eclipse Temurin (if they want vendor independence).
Oracle doesn't audit for "wrong" Java versions — they audit to convert free users to paying customers. If Oracle discovers you're running Oracle JDK versions 8u202 or later, they will send an audit letter regardless of whether you knew you needed a license. The audit is an aggressive sales mechanism. Oracle's discovery methods include network scanning, GitHub repository scanning, Docker Hub scanning, and purchasing discovery data from security vendors. Once detected, you'll receive a mandatory audit notice claiming a specific financial liability.
Oracle Java SE subscriptions cost approximately $260 per employee per year (pricing varies by region and discount negotiation). This is the per-Employee-Metric cost. A 1,000-person company is billed $260,000 per year. A 5,000-person company is billed $1,300,000 per year. The cost does not scale with actual Java usage; it scales with company size. This is why the decision to migrate to OpenJDK typically pays for itself in weeks to months.
Free Research
Download our Oracle SaaS Subscription Negotiation Guide — expert analysis from former Oracle insiders, 100% buyer-side.
Download the SaaS Negotiation Guide →