Technical Quality
You can ship on a steady cadence, keep a team that doesn't burn out, and stay up around the clock, and still be in trouble. The trouble lives under the surface. It shows up the day a small feature that should have taken two days takes two weeks, and nobody can quite explain why. The explanation is technical quality, or the lack of it. The codebase has started to fight back.
This is the accountability founders understand least, because it's the only one with no obvious customer-facing symptom until it's expensive. Delivery, you can watch. Reliability, your users report. Quality rots silently. By the time you feel it, you're paying interest on a debt you didn't know you'd taken on.
What it actually means
Technical quality is a measure of one thing: how much it costs to change the system tomorrow. A high-quality codebase is one where a sensible change is a small change. A low-quality one is where every change ripples, breaks something three modules away, and demands a day of testing to prove you didn't make it worse.
Two forces eat quality over time. The first is technical debt: shortcuts taken to ship faster, which is often the right call, until the bill comes due and nobody's been paying it down. The second is security, the slow accumulation of unpatched dependencies, weak handling of credentials, and access nobody's reviewed since the company was a third its current size. Both are invisible right up to the moment they're catastrophic. Debt becomes the rewrite. Security becomes the breach notification.
Here's the distinction that matters for you as a non-engineer: neither of these is a one-time event you can buy your way out of. They're not a project. They're a practice: a set of decisions made, or skipped, on every single piece of work. That's why this is an execution accountability, not an advice one. A consultant can tell you your debt is high. Only someone hands on keyboard pays it down.
The failure mode: the system everyone's afraid to touch
Nobody decides to let quality rot. It happens by accumulation, one reasonable shortcut at a time, each defensible on the day it was taken. Then one morning you ask for a change that sounds trivial and your best engineer winces.
The wince is the tell. It means the change touches a part of the system that's tangled, undertested, or understood by exactly one person who may or may not still work for you. You've heard the name for that last risk already in this book: the bus factor of one. In a low-quality codebase, the bus factor isn't a property of the team. It's baked into the code itself. The system has memorised who can safely change it, and the answer is "almost no one."
The numbers on what happens next are not kind. Flyvbjerg and Budzier, looking across 1,471 IT projects, found an average cost overrun of 27%. The figure that should worry you is the tail: one in six runs 200% over budget with a roughly 70% schedule overrun (Flyvbjerg & Budzier, HBR 2011). The average is bad. The tail is where companies die. And the projects that fall into the tail are rarely the ones that were badly planned on day one. They're the ones built on a foundation that had already quietly rotted, so every estimate was wrong before anyone wrote it down.
When quality goes unmanaged, the symptoms compound. Estimates stop meaning anything, because no one can predict what a change will disturb. Good engineers leave, because nobody enjoys working in a codebase that punishes them. The remaining ones grow conservative, refusing changes that should be routine, and the roadmap slows to protect a system that's too fragile to evolve. You end up running a company that can no longer change its own software. That is the quiet death this chapter is about.
What reliable execution looks like
The fix is not heroic. It's the opposite. Quality holds when it's maintained deliberately, in small increments, as a normal part of doing the work, rather than deferred until it demands a rescue.
Standish found that small projects succeed 61% of the time against just 6% for the largest ones (Standish CHAOS 2015). The same logic that governs how you ship governs how you maintain. Small, scoped, verifiable changes are the ones you can reason about, test, and reverse if they go wrong. A quality practice is just that discipline pointed at the existing system: you pay debt down in the same small units you use to add features, and you never let any single change grow so large that nobody can see the bottom of it.
What does that look like in practice? A definition of done that includes more than "it works on my screen." Security treated as a checklist item on routine work, not a panicked audit after an incident. And a small, visible budget for paying down debt, a slice of every cycle spent leaving the system a little cleaner than you found it, so the cost-to-change line stays flat instead of climbing.
Below is what a debt-paydown task looks like as a ticket. It's the same shape as any other task in this book, which is the point: maintenance isn't a separate, scary category of work. It's just work, scoped the same way.
| Field | Entry |
|---|---|
| Title | Replace ad-hoc auth checks in the billing module with the shared permission layer |
| Context | Billing has three hand-rolled permission checks that drifted from the rest of the app. Each new billing feature has to re-implement them, slowing delivery and creating two known access bugs. |
| Scope | The billing module only. Migrate its three checks to the shared layer. No new features. No changes outside billing. |
| Definition of done | All three checks use the shared layer; the two known access bugs are gone; existing billing tests pass; one new test covers the previously unguarded path. |
| Acceptance check | A non-billing user is correctly denied on all three paths; a billing user passes; reviewer confirms no duplicated permission logic remains in the module. |
Notice there's no application code on the page, and you don't need any to evaluate it. You can read the context, you can see the scope is bounded, and you can check the acceptance criteria were met. That's the founder's whole job on technical quality: not to assess the code, but to insist that the practice exists and is visibly running on every cycle.
How this gets covered
When you buy reliable execution rather than a title, quality stops being something you hope the senior hire cares about and becomes something the operating model enforces. Task-based delivery already works in small, scoped, verifiable units, with a definition of done and an approval gate before the next task begins. That's the same machinery that keeps quality from rotting, applied by default. Debt gets paid down as tasks, not as an annual emergency. Security shows up in the acceptance check, not in a breach notification. The codebase stays cheap to change because cheap-to-change is built into how every change is made, and you can see it ticket by ticket without ever reading a line of the code itself.
Quality only earns its keep if you're building the right thing in the first place, and that's not an engineering question at all.
Download the full PDF for free?