SE Notes
Measuring software quality through quantitative metrics.
Software quality metrics are quantitative measurements that help teams assess, monitor, and improve the quality of their software products and development processes. You cannot improve what you cannot measure, and without metrics, quality discussions devolve into subjective opinions. Metrics transform "I think our code is getting worse" into "our defect density increased from 2.1 to 3.4 defects per KLOC this quarter, primarily in the payment module." This objectivity enables data-driven decisions about where to invest improvement efforts, whether quality is trending in the right direction, and when software is ready for release.
Categories of Quality Metrics
Product Metrics measure characteristics of the software artifact itself—the code, documentation, and design. These include size metrics (lines of code, function points), complexity metrics (cyclomatic complexity), and structural metrics (coupling, cohesion).
Process Metrics measure characteristics of the development and maintenance processes. These include defect discovery rates, review effectiveness, test efficiency, and time-to-fix statistics.
Project Metrics measure project-level characteristics like schedule adherence, effort variance, and productivity rates. While important for project management, they indirectly reflect quality through their impact on process discipline.
Key Product Metrics
Defect Density measures the number of confirmed defects relative to software size:
| Example | 45 defects found in a 15 KLOC module |
| - Average commercial software | 1-25 defects per KLOC |
| - High-quality software | < 1 defect per KLOC |
| - Safety-critical (space shuttle) | 0 defects per KLOC (aspiration) |
Cyclomatic Complexity measures the number of independent paths through a module's source code. Higher complexity indicates code that is harder to understand, test, and maintain:
| - 1-10 | Simple, low risk |
| - 11-20 | Moderate complexity, moderate risk |
| - 21-50 | Complex, high risk |
| - 50+ | Untestable, very high risk - refactor immediately |
Code Coverage measures the percentage of code exercised by automated tests:
- Statement coverage: Percentage of code lines executed during testing
- Branch coverage: Percentage of decision branches (if/else) taken during testing
- Path coverage: Percentage of execution paths tested (most thorough, often impractical for complex code)
Typical targets: 80% statement coverage minimum, with critical modules requiring 90%+. However, 100% coverage does not guarantee correctness—it means every line was executed, not that every logical scenario was tested.
Technical Debt Ratio quantifies the cost of remediation relative to the cost of rebuilding:
Key Process Metrics
Defect Removal Efficiency (DRE) measures what percentage of defects are found before release:
DRE = Defects found before release / Total defects (pre + post release) × 100%
Example: 180 defects found during development, 20 found by customers
DRE = 180 / (180 + 20) = 90%
World-class organizations achieve DRE > 95%Mean Time To Failure (MTTF) measures average operating time between failures, indicating reliability. Mean Time To Repair (MTTR) measures average time to fix failures once detected. Together they define system availability:
Review Effectiveness measures the percentage of defects caught by code reviews versus testing:
Real-World Example: Metrics Dashboard for a Banking Application
A banking software team tracks these metrics monthly:
| Metric | January | February | March | Target |
|---|---|---|---|---|
| Defect Density (per KLOC) | 2.8 | 2.3 | 1.9 | < 2.0 |
| Code Coverage | 72% | 78% | 83% | > 80% |
| Cyclomatic Complexity (avg) | 14.2 | 12.8 | 11.5 | < 12 |
| DRE | 88% | 91% | 93% | > 95% |
| MTTR (hours) | 8.5 | 6.2 | 4.8 | < 4 |
| Technical Debt (hours) | 340 | 290 | 255 | Decreasing |
The trend shows quality improving—the team's investment in code reviews, automated testing, and refactoring is paying off. The DRE target of 95% has not been reached yet, suggesting further investment in pre-release defect detection (perhaps more thorough code review coverage or additional integration testing).
Using Metrics Effectively
Set baselines before setting targets. Measure current performance before declaring what "good" looks like. Without baselines, targets are arbitrary.
Track trends, not snapshots. A single measurement tells you little. Trends over time reveal whether quality is improving, stable, or deteriorating.
Combine multiple metrics. No single metric tells the complete story. High coverage with high defect density suggests the tests exist but are not effective. Low complexity with low coverage suggests simple code that is not verified.
Avoid gaming. When metrics become targets, people optimize for the metric rather than the underlying quality. If you reward code coverage percentage, developers write trivial tests that execute code without verifying behavior. If you penalize defect counts, people stop reporting defects.
Common Pitfalls
Measuring too much (drowning in data without actionable insights), measuring the wrong things (lines of code as productivity—encourages verbosity), using metrics punitively (blaming developers for high defect counts discourages reporting), and ignoring context (a module handling complex financial calculations will naturally have higher complexity than a simple CRUD interface). Metrics are tools for improvement, not weapons for blame.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Quality Metrics.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Software Engineering topic.
Search Terms
software-engineering, software engineering, software, engineering, quality, assurance, metrics, quality metrics
Related Software Engineering Topics