Software maintenance introduces more bugs. Through an analysis of the debugging progresses and the program fixes, it was clear that systems deteriorate over time. As a part of an ongoing research and analysis of software risk metrics, I have been analysing bugs and vulnerabilities as a function of coding practices for a number of companies.
What we see is that the first iteration of bug fixes leads to a second and subsequent series of fixes. In each set of fixes, there is a 20-50% (mean of 34% 8%) of the fix creating another round of bugs. This drops on the second round of fixes, but starts to rise on the 3rd and subsequent rounds. In a smaller set of code, the low overall volume of bugs limits the number of iterations, but the larger code samples led to up to 6 iterations. This would be expected to be even larger on extremely large programs (such as an Operating System).
What we see is a slow deterioration of the code. As fixes occur, these introduce more and more bugs. On top of this, as new bugs are being introduced, old ones are still being uncovered.
 95% Confidence Interval or