What is code quality and why is it important?

min readpublished onupdated on

Understanding the quality of code within a company's tech portfolio is an essential aspect of assessing a company’s long-term value and stability. This article delves into the multifaceted concept of code quality,or code hygiene, exploring its relevance to financial performance, operational efficiency, and investment decision-making. 

Source code quality
What is code quality and why is it important?
Table of contents

What is code quality?  

Code quality is synonymous with software that is maintainable, efficient, reliable, and secure.  For a programmer, high quality code means, in its simplest form, source code that can be understood quickly.   
For a company or investor, high quality code represents a strategic asset that underpins operational efficiency, market agility, and financial stability. It signifies a software foundation that not only meets current needs but is also poised for future growth and adaptation, ensuring the company's long-term competitiveness and profitability. 

Case Studies in Code Quality 

Google is a prime example of a high quality code company known for its robust, scalable and efficient code. Google's engineering practices are widely respected, and its commitment to high quality source code has been a key factor in its ability to scale its services and maintain leadership in search, advertising, and various other tech domains.   

Github is another example.  As a platform hosting millions of code repositories, GitHub not only provides tools for code management but also maintains high standards for its own codebase. Its acquisition by Microsoft was seen as a testament to its value, driven in part by the quality of its platform. 

On the other hand, the Boeing 737 Max is a prime example of poor code quality. The software issues which led to two fatal crashes, are an example of the catastrophic consequences of poor code quality [1]. This not only resulted in a significant financial loss for Boeing but also severely damaged its reputation and investor confidence.   

The Cost of Neglecting Code Quality 

Organisations might compromise source code quality for various reasons. Many startups in their early stages often focus on rapid development and feature rollout, which can lead to compromised code hygiene. In more established companies, it could be a strategic decision to expedite the release of a feature, or it might occur when the business's needs evolve, rendering the existing design obsolete or inadequate. In some cases, the initial design might have been flawed from the beginning. 

Regardless of the underlying cause, the consequence of neglecting code quality is consistent: the organisation is left with a codebase that is more challenging and costly to maintain than it ought to be. This situation necessitates extra resources for ongoing maintenance, potentially leading to increased operational costs and impacting the software's adaptability and efficiency in the long term. 

The Business Case for Investing in Code Quality 

Investing in high-quality code is not just a technical decision but a strategic business choice. The benefits extend beyond the IT department, impacting customer satisfaction, operational efficiency, and the overall financial health of the business. 

Impact on EBITDA: A significant portion of a developer's time, estimated to be between 23-42%, is often consumed in managing technical debt and rectifying poor source code[2]. This inefficiency leads to inflated operational costs and diminished productivity, adversely affecting EBITDA. Low-quality code not only escalates software maintenance expenses but also necessitates increased resource allocation for bug fixes and prolongs product development cycles. Conversely, high quality code can dramatically reduce these overheads, enhancing the company’s financial performance. 

Synergy Generation in M&A: When companies merge, the integration of systems and software is a critical factor. High quality code enhances this integration process, making it smoother and more cost-effective. This directly contributes to the realisation of synergies post-merger, as well-executed integrations are less likely to encounter costly delays and technical setbacks.  

Quantitative Impacts: Research has quantitatively linked code hygiene to business performance. Studies indicate that low-quality code harbours up to 15 times more defects than high quality code[3]. Resolving issues in such code demands considerably more effort, taking about 124% longer in development[4]. This inefficiency not only adds unpredictability to project timelines but also imposes a substantial drain on resources.  

In summary, code quality should be viewed by investors not as a mere technical detail but as a vital component of a company's operational efficacy and growth trajectory. Its influence extends well beyond the confines of software development, shaping key financial metrics and overall business health and competitiveness. For savvy investors, recognising the strategic importance of code hygiene is essential in evaluating a company’s long-term viability and success. 

Assessing Code Quality: A Dual-Faceted Approach 

To assess code quality effectively, it’s essential to leverage the distinct yet complementary insights provided by Git history analysis and automated source code scans. Together, these methods offer a comprehensive evaluation of both the development process and the current state of the codebase. 

Delving into Git History Analysis 

The examination of Git history delves into the development practices and team dynamics. It reveals the patterns and frequencies of commits, which illuminate how the team collaborates and distributes work. This history provides a narrative of the code's evolution, showcasing how the team has responded to various challenges and implemented new features over time. It also highlights the individual contributions of team members, offering insights into areas of expertise and code ownership. 

Leveraging Automated Source Code analysis 

In contrast, automated code scans focus on the current state of the codebase. These tools perform a thorough analysis against a range of quality metrics, identifying issues such as security vulnerabilities, performance bottlenecks, and potential bugs. They also assess maintainability by detecting duplicate code and areas that lack sufficient testing. This aspect of the assessment is critical for understanding the immediate technical health of the project. 

Integrated Approach for Comprehensive Assessment 

Combining these approaches provides a comprehensive view of both the process (how the team works and manages the code) and the product (the quality and state of the code itself). This holistic assessment is key to uncovering not just the technical issues but also the underlying patterns and trends in the development process. It enables a nuanced understanding of the project's overall health and trajectory. 

For investors, this dual approach offers a nuanced understanding of the technological potential of the company they are evaluating. It goes beyond surface-level analysis, allowing them to make informed decisions based on both the operational and technical facets of the company's software development practices. 

Cybersecurity in Code Quality: Beyond Risk Mitigation 

A discussion on source code quality would not be complete without addressing cybersecurity. Security in code refers to the measures and practices put in place to protect software from malicious attacks and unauthorised access. This includes writing code that is not only functional but also secure against known vulnerabilities, such as SQL injection, cross-site scripting, and buffer overflows. 

To ensure the security and sustainability of an investment, a thorough examination of the company's cybersecurity measures is a strategic necessity. This includes an in-depth analysis of the organisation's approach to security, verifying adherence to secure coding best practices, and the implementation of robust security protocols. Essential to this process are regular penetration testing, or pen testing, comprehensive security audits, and the prompt application of security patches and updates.  

The future of an investment hinges not only on its potential earnings but also on its ability to mitigate losses and risks. A breach due to vulnerable code can have far-reaching consequences, including regulatory fines, legal liabilities, loss of customer trust, and significant remediation costs.  In this way, evaluating cybersecurity is not just about averting threats but also about preserving and enhancing the long-term worth of the investment. 

Harnessing Code Quality for Informed Investments 

In conclusion, code quality assessment is not a mere formality but a critical component of investment strategy, offering deep insights into the potential risks and rewards associated with a prospective investment. By employing a team of experts skilled in examining Git history and conducting automated source code analysis, investors can gain an objective and all-encompassing view into the technological infrastructure of a target company.  

These experts are not just evaluating lines of code; they are delving into the very DNA of the company's technological capabilities and practices. Their analysis provides a 360-degree view, encompassing everything from the operational dynamics of the development team to the security posture and overall code hygiene. This thorough approach ensures that investors are not just basing their decisions on surface-level information but are empowered with a detailed understanding of the technical robustness and future potential of their investment.  

Contact us for more information on our Source Code Scan


[1] https://spectrum.ieee.org/how-the-boeing-737-max-disaster-looks-to-a-software-developer (last visited 31 January 2024).

2 https://www.infoq.com/articles/business-impact-code-quality/ (last visited 31 January 2024)

3 Id.

4 Id.




Kristin Avon Senior Legal Officer Vaultinum
Kristin A.Kristin is a registered US attorney specializing in the areas of IP and technology law. She is a member of Vaultinum’s Strategy and Legal Commissions charged with overseeing and implementing the policies and processes related to the protection of digital assets.

Recommended for you