In December of 2021, Tidelift fielded our annual survey of technologists who use open source to build applications at work. Nearly 700 people shared how they use open source software today, what holds them back, and what tools and strategies help them use it even more effectively.
In this post, we share the third of seven key findings. If you don’t want to wait for the rest of the results, you can download the full survey report right now at the link below.
In these surveys, we regularly check in to see which open source programming languages are most popular with development teams. In the past, we’ve found that the top three languages (JavaScript, Java, and Python) stand apart in terms of popularity from all of the rest.
This year was more of the same, with Python, JavaScript, and Java separated from the next highest response by over 25%. But one thing changed slightly this year; whereas in our last survey JavaScript was the top language, used by 79% of respondents and well above Python at 52% and Java at 42%, this year, the gap narrowed substantially, and Python took over the top position with 62% of respondents naming it a most-relied-upon language. JavaScript was second, dropping almost 20% to 60%, with Java coming in third, at 50%.
Most of the other languages stayed pretty stable, with the biggest jump going to C++, increasing its percentage of mentions from 14% to 25%. Go, which went from seventh (17%) in our previous survey up to fifth (24%) this year was the other big positive mover.
We also took a closer look at the results by organization size. The larger organizations relied more on Java, while the smaller rely less on Java. The opposite was true of JavaScript, with large organizations relying on it less than smaller ones. But the top three languages remained the same, regardless of organization size.
A new angle we wanted to explore this year was to see if there were differences in how confident respondents were about whether the components they were using in these languages were up-to-date, secure, and well maintained.
Respondents were most confident about Python, with 81% of respondents reporting they were extremely or somewhat confident and only 19% not very or not at all confident.
Next came Java, with 76% extremely or very confident and only 25% not very or not at all confident. JavaScript was third, with 72% extremely or very confident and 28% not very or not at all confident. Notably, JavaScript had the highest percentage of not very or not at all confident responses of all of the languages we asked about (28%) and second lowest percentage of extremely confident responses (20%).
In particular we also wanted to see if confidence in Java was hurt by the Log4Shell vulnerability in Log4j, a Java logging component, so we examined the answers that came in before and after the vulnerability was reported in early December.
We saw that 78% of respondents who completed our survey prior to Log4Shell reported being extremely or somewhat confident in Java security and maintenance, and that number dropped slightly to 73% after Log4Shell. Meanwhile the percentage of respondents reporting being not very or not at all confident in Java security in maintenance rose after Log4Shell from 22% to 27%. Most notably, the percentage of respondents reporting that they were not at all confident more than doubled, from 3% pre-Log4Shell to 7% afterwards.
We hope you found some useful and actionable information in this blog post. If you’d like to get notified as future posts come out, please sign up for our blog digest here. Or if you don’t want to wait, download the full survey results today!
50 Milk St, 16th Floor, Boston, MA 02109