Your devops teams are likely wasting half their time on work that delivers zero business value. According to our 2025 State of Java Survey & Report, 62% of organizations report that dead code is hampering their devops productivity, while 33% admit their teams waste more than half their time chasing false-positive security alerts. Meanwhile, 72% of companies are paying for cloud capacity they never use.
This isn’t just inefficiency—it’s a hidden tax on innovation that’s silently killing your ability to compete. In my 25+ years working with Java, from JDK 1.0 in 1996 to today, I’ve witnessed how these mounting inefficiencies have become the single biggest barrier to innovation for Java-based enterprises. And with nearly 70% of companies reporting that more than half their applications run on Java, this isn’t a niche problem—it’s a crisis hiding in plain sight.
The three pillars of devops debt
Code bloat: The growing burden of digital hoarding
Dead code—portions of your code base that are never executed but still sit in production—creates a cascade of problems that extend far beyond wasted storage. The productivity impact only hints at the deeper issue: This digital hoarding forces developers to navigate unnecessarily complex systems. Our research reveals that organizations with high levels of dead code report development cycles that are, on average, 35% longer than those with streamlined code bases.
This problem compounds over time as Java versions become dated and obsolete. For example, 10% of organizations still run applications on Java 6, a 20-year-old version that Oracle ceased providing updates for in December 2018.
Security false positives: The endless chase
Beyond wasted development time, security false positives consume an enormous amount of devops resources. The “better safe than sorry” approach to security scanning has led to alert fatigue, with one-third of teams spending the majority of their time investigating issues that turn out to be non-threats.
The problem is particularly acute in Java environments, where 41% of organizations encounter critical production security issues on a weekly or daily basis. Despite having had more than three years to address Log4j, half of the companies surveyed are still experiencing security vulnerabilities from Log4j in production. This persistent vulnerability highlights a broader challenge: distinguishing between theoretical vulnerabilities and actual threats.
Our research indicates that approximately 70% of security alerts in Java environments are ultimately determined to be false positives or vulnerabilities in code paths that are never executed in production. When devops teams can’t efficiently separate real threats from hypothetical ones, innovation inevitably grinds to a halt.
Cloud waste: Paying for idle capacity
The financial dimension of devops debt manifests in cloud resource inefficiency. Beyond the headline figure of widespread waste, we’ve found that many organizations are dramatically over-provisioning their Java applications due to uncertainty about performance requirements and inconsistent load patterns.
For Java-based organizations, this problem is particularly significant because nearly two-thirds report that more than 50% of their cloud compute costs stem from Java workloads. Additional analysis shows that optimizing Java Virtual Machine (JVM) configurations alone could reduce cloud costs by 25% to 30% for the average enterprise.
This waste essentially functions as a direct financial penalty—you’re literally paying for capacity you don’t use, just like interest on a financial debt. Across the enterprise landscape, we estimate this represents over $10 billion in annual wasted cloud spending.
Breaking free of devops debt
As Java applications continue to modernize, with nearly half of organizations (49%) now running either Java 17 or Java 21, this transition creates a perfect opportunity to address these underlying inefficiencies.
Code hygiene automation
Implement automated tools that identify and safely remove dead code, integrated directly into your CI/CD pipeline to prevent new accumulation. Just as we continuously monitor JVM performance metrics, apply the same rigor to identifying unused code patterns.
Leading organizations are now incorporating runtime usage analysis to identify code paths that haven’t been executed in production for extended periods. This data-driven approach has helped some enterprises reduce their code bases by up to 40% without any functional impact.
Consider implementing policies that require deprecated code to have sunset dates, ensuring that temporary workarounds don’t become permanent technical debt. Regular code reviews focused specifically on identifying unused components can help keep your code base lean and maintainable.
Runtime intelligence for security
Traditional security scanning produces too many alerts with too little context. Modern approaches incorporate runtime intelligence to prioritize vulnerabilities based on actual usage patterns rather than theoretical exploitability.
Organizations should invest in tools that distinguish between code paths actually executed in production versus those that exist but aren’t used. This runtime intelligence approach transforms security from theoretical vulnerability hunting to practical risk management, dramatically reducing false positives and freeing your teams to focus on innovation.
Companies that have adopted this approach report up to an 80% reduction in security alert volume while actually improving their security posture by focusing resources on genuinely exploitable vulnerabilities.
Resource optimization
Adopt tools and practices that optimize cloud resource allocation through advanced auto-scaling, high-performance JDKs, and established finops practices that align technology with business objectives.
Our report shows that forward-thinking organizations are already addressing this: 38% have implemented new internal rules for cloud instance usage, 35% are using more efficient compute instances and processors, and 24% have adopted high-performance JDKs specifically to enhance performance and reduce costs.
The most successful organizations are implementing cross-functional finops teams with representation from engineering, operations, and finance to holistically address resource optimization. These teams establish metrics and governance processes that balance innovation speed with cost efficiency.
The innovation imperative
The cost of devops debt goes far beyond wasted engineering hours. When teams spend half their time managing false positives and navigating bloated code bases, your competitors who’ve addressed these issues can innovate twice as fast. Top developers seek environments where they can create value, not manage legacy messes. Every hour spent on activities that don’t add value represents features not built, customer needs not addressed, and market opportunities missed.
Just as we’ve seen organizations seek alternatives to inefficient Java deployments, I predict we’ll see a similar movement toward addressing devops debt as awareness of its costs grows. The organizations that move first will gain significant competitive advantage.
The question isn’t whether you have devops debt—it’s whether you’ll start paying it down before your competitors do. The tools and practices exist today to dramatically reduce these inefficiencies. Those who act now won’t just improve their engineering productivity; they’ll fundamentally transform their ability to innovate in an increasingly competitive marketplace.
Simon Ritter is deputy CTO of Azul.
—
New Tech Forum provides a venue for technology leaders—including vendors and other outside contributors—to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all inquiries to doug_dineley@foundryco.com.