Nassim Nicholas Taleb’s “Antifragile” book has a very powerful observation applicable to software development:
Sensitivity to harm from volatility is tractable, more so than forecasting the event that would cause the harm.
Taleb, Nassim Nicholas (2012-11-27). Antifragile: Things That Gain from Disorder (Incerto) (Kindle Locations 339-340). Random House Publishing Group. Kindle Edition.
There are many software development measures to indicate the quality/wellness/adaptability/correctness of the code: cohesion, coupling, bug density, # of unit tests, code coverage, etc. Many software developers, managers & executives simply look to these measures as being academically interesting, but of little or no business value.
Taleb’s statement directly supports the value of software measures.
For argument’s sake, code coverage gives a measurement of the testing completeness. If code coverage is not measured or is close to zero, clearly any change is very high risk. As code coverage approaches a meaningful number (assume 80%), it’s easy to see that the volatility of the system is much more under control than the zero case.
Let’s take the opposite approach: no or little code coverage with reliance on hunches or guesses as to the ability to predict an event that breaks the system. In other words, the culture is to be completely reactive to bugs, customer complaints and so on.
In today’s world, software attacks are a totally new burden on the development team. This non-trivial burden is the last thing a team needs and fits the case where naive hunches regarding the vulnerability of software are 100% wrong. We have no idea where the next attack is coming from and do not have the time or resources to fix them. (But they must be fixed.)
The need for software development metrics is higher than ever.