Ongoing Maintenance

Custom software requires ongoing maintenance long after launch. Security updates, dependency updates, bug fixes, and infrastructure maintenance are non-optional. Budget 15–20% of your original build cost annually as a baseline.

Why Maintenance Is Non-Optional

Software doesn't become "done" and then sit idle. It operates in a changing ecosystem. Dependencies release security patches. Operating systems update. Cloud infrastructure changes. User expectations evolve. Ignore maintenance and your software becomes a liability.

Security patches: Libraries and frameworks you depend on discover vulnerabilities. You must patch them. A zero-day vulnerability in a popular library might require immediate patching across all your applications.

Dependency updates: Node.js, React, Python, Rails—frameworks release major versions with breaking changes. You must upgrade or get stuck on old versions that no longer receive security support.

Infrastructure upkeep: Servers need patching. Databases need optimization. SSL certificates expire. Cloud costs change. Someone needs to manage this.

Bug fixes: Users discover bugs you missed. Features break in production. You need developer time to diagnose and fix issues.

Performance: As your user base grows, performance degrades. Database queries slow. Pages load slower. Users complain. You need optimization work.

Typical Maintenance Budget: 15–20% Annually

A reasonable baseline is 15–20% of your original build cost per year in maintenance. If you built your application for $100,000, budget $15,000–$20,000 per year for ongoing maintenance.

This covers: security patches, critical bug fixes, dependency updates, performance optimization, and monitoring. It does not cover new feature development.

Example: your SaaS app cost $150,000 to build. Annual maintenance is $22,500–$30,000. That's roughly 150–200 hours per year at $150/hour. Over 12 months, that's 3–4 hours per week.

The percentage varies: simple applications need less maintenance (10–15%); complex applications with many integrations or high traffic need more (20–30%+).

Maintenance vs. Enhancement

Maintenance: Keeping the system working. Patching security vulnerabilities, fixing bugs, updating dependencies, optimizing performance. Maintenance is reactive—things break, you fix them.

Enhancement: Adding new features or improving existing ones. Building new reports, adding user types, integrating new services. Enhancement is proactive—you decide to improve.

Typically, you allocate your budget to both. 20% maintenance, 80% enhancement. But that ratio fluctuates. During a security crisis, you might spend 50% on maintenance. During a feature push, you might spend 90% on enhancement.

Retainer Models for Ongoing Development

A retainer is a monthly fee for a guaranteed amount of developer time. Example: $4,000/month for 20 hours per week of development.

Retainers work well for ongoing maintenance and feature development. You get predictable costs and predictable availability. The developer is familiar with your codebase and can context-switch quickly.

Pricing: experienced developers charge 20–30% less per hour for retainers vs. hourly billing because of the predictability. A developer charging $200/hour for hourly work might offer $150/hour for a retainer.

Monthly allocation: allocate enough hours for maintenance plus planned enhancements. Too little and nothing gets done. Too much and you waste money on unused hours. Start with 15–20 hours/week and adjust based on needs.

Emergency Support SLAs

Sometimes you need developer response faster than typical maintenance windows. Emergency SLAs define response and resolution times.

Critical bug SLA: "Response within 4 hours, resolution target 24 hours." Your application is down; you need immediate attention.

High priority SLA: "Response within 24 hours, resolution target 1 week." A feature is broken; business is impacted.

Standard SLA: "Response within 1 week, resolution target 2 weeks." Normal maintenance and bug fixes.

Emergency SLAs cost more: 1.5–2× normal rate. You're paying for guaranteed availability and fast response.

For most applications, you don't need emergency SLAs. For mission-critical systems, they're worth the investment.

What Happens If You Stop Maintaining Software

Let's say you launch your SaaS application and it's successful. You stop investing in maintenance to save money. What happens?

Year 1: Your application works fine. No issues.

Year 2: A security vulnerability is found in a library you depend on. Your application is vulnerable. You need a developer to patch it. You scramble to find one.

Year 3: Node.js releases a major version. Your application was built on version 14; version 20 is now standard. Your hosting provider drops support for version 14. Your application stops working. You need a developer to upgrade the entire codebase.

Year 4: Users complain about slow performance. The database is bloated. Queries are timing out. You need a developer to optimize. But no one understands the codebase anymore. It takes weeks to get up to speed.

Year 5: You find a critical bug. It takes days to reproduce because no one remembers how the system works. The fix takes weeks.

By year 5, you're facing a partial or full rewrite. Cost: $200,000–$500,000. You could have spent $100,000 in maintenance over 5 years and avoided this crisis.

Major Dependency Updates

Node.js major versions: Typically release every 6 months; every even-numbered version gets 3 years of LTS (long-term support). If you're on Node 14 and it reaches end-of-life, you must upgrade or run unsupported software.

React major versions: React 17 to 18 usually requires minimal code changes. React 16 to 17 required some refactoring. Upgrading typically costs 20–40 hours of developer time.

Python versions: Python 3.8 to 3.9 to 3.10—similar story. Compatibility is usually good, but dependencies need updates. Budget 10–20 hours per major upgrade.

Database versions: PostgreSQL 12 to 13 to 14. Updates are usually backward compatible, but performance tuning might be needed. Budget 5–10 hours.

Framework updates: Django, Rails, Laravel—major versions come with breaking changes. Budget 40–100+ hours depending on complexity.

Plan for one major framework update every 18–24 months. Each update costs $5,000–$15,000 in developer time.

Database and Infrastructure Maintenance

Database backups: You must have automated, tested backups. If your database fails, you need to recover. Backup testing is ongoing work.

Database optimization: As your data grows, queries slow. You need to add indexes, refactor queries, or migrate to a more suitable database. This is continuous work.

SSL certificates: Expire every 1–2 years. Auto-renewal is common, but renewal can fail. Someone needs to monitor and fix failures.

Cloud infrastructure: If you use AWS, Azure, or GCP, costs change as you scale. You might need to optimize instance sizes, move to managed services, or architect for better cost efficiency.

Monitoring and alerting: You need to know when your system is failing before your users do. Monitoring tools cost money; configuring them costs developer time.

Feature Enhancements vs Maintenance Budget Allocation

For a mature application, a typical allocation looks like:

70% development (new features, enhancements)

20% maintenance (security, patches, performance)

10% technical debt paydown (refactoring, architecture improvements)

This ratio shifts: during security crises, maintenance spikes. During a launch push, enhancement dominates.

A common mistake is under-allocating to maintenance and technical debt paydown. This creates a snowball effect: debt accumulates, velocity slows, you need more developers to keep up, costs spiral.

Hosting and Infrastructure Costs Over Time

Hosting is often separate from development. Your AWS bill or hosting provider bill is distinct from developer maintenance costs.

Typical progression for a growing SaaS:

Year 1: $500–$1,500/month (low traffic, small database)

Year 2: $1,500–$5,000/month (growing traffic, more storage)

Year 3: $5,000–$15,000/month (scaling, redundancy, caching)

Year 5: $15,000–$50,000+/month (high traffic, geographically distributed, managed databases)

Infrastructure costs grow with usage. Plan for this in your business model. If your gross margins don't account for growing infrastructure costs, profitability erodes.

Planning Maintenance Costs in Your Business Case

When you decide to build custom software, factor in 10-year total cost of ownership:

Build cost: $100,000

Year 1 maintenance: $15,000

Year 2–10 maintenance: $15,000 × 9 = $135,000

Hosting year 1–10 (average): $2,000 × 12 × 10 = $240,000

Total 10-year cost: $475,000

This 10-year lens shapes your decision. If you can't afford $475,000 over 10 years, you can't afford custom software. Buying SaaS might be cheaper.

Maintenance Service Level Comparison