PVS-Studio ROI

From time to time we are asked what benefit the company will receive in monetary terms from using the PVS-Studio analyzer. We decided to draw up the answer in the form of an article and give tables that show how the analyzer can be useful. We cannot prove the absolute reliability of all calculations in the article, but we think the reader will agree with our thoughts, and this will help to make a decision on the issue of acquiring a license.

First, we wanted to implement a ROI calculator on the site and post a detailed description of its working principles. However, having prepared the description, it became clear that the calculator is superfluous. Enough of those tables that were given in the explanation. Therefore, we simply framed this explanation in the form of the article that you are reading now. We hope that it will help to make sure that the regular use of the PVS-Studio static code analyzer is rational.

PVS-Studio is a tool for detecting errors and potential vulnerabilities in the source code of programs written in C, C ++, C # and Java. It runs on Windows, Linux, and macOS.

Let's calculate the return on investment from using the PVS-Studio static code analyzer in the “skeptic” mode during the development process, and then in a more realistic version.

Programmer Hour Value

To determine how much money PVS-Studio will return, first you need to calculate what the real cost (value) of the programmer’s work hours is.

The fact is that it’s not enough just to take the monthly salary of a programmer and divide it by 160 (the average number of hours in a month at 40 hours of work week).

Firstly, programmers, like employees in any other field, bring in more money than they get paid, otherwise the business will work at a minus. Programmers need to be provided with a workplace, pay rent for premises, buy cookies for them, provide them with the Internet, and so on. Oh yes, there are still bonuses, corporate parties, various bonuses.

At the same time, the use of a programmer should be profitable, that is, he must directly or indirectly bring net profit to the company. In practice, this means that the work of a programmer, depending on the situation, brings 2-10 times more money than is spent on his salary. We emphasize once again that programmers here are no different from any other employees. Outsourcing has some features, but this is a different story.

For skeptical readers, we take the coefficient 2. That is, the programmer brings in 2 times more money than is spent on his salary. In fact, a company with such ratios is on the verge of breaking even. It is more honest to take a coefficient equal to at least 3.

What does all this mean? If the programmer fell out of the development process for 1 hour, the company did not receive the amount equal to the hour of its work, but 2 or 3 times more.

There is a second factor affecting the price of a real working hour. The fact is that an employee does not program 8 hours a day at all. It is impossible to imagine that a person came in the morning and sat down, so for 8 hours, without stopping, he is engaged in code. The programmer works with Trello, participates in meetings, answers letters in the mail, participates in code-review. In the end, he still needs to go to the toilet and drink tea :). In the best case, it will work directly with the code for 6 hours. And if you are not reading this text in skepticism, then you understand that in fact 4 hours is a much more believable time.

So it turns out that the cost of an hour needs to be additionally multiplied by 8/6 = 1.33 (skeptic mode) or by 8/4 = 2 (an option closer to reality).

Now we multiply the two considered coefficients and get the final coefficient by which you need to multiply the cost of the programmer’s hour of work:

• coefficient for skeptics: 2 * 1.33 = 2.66
• coefficient closer to reality: 3 * 2 = 6

In practice, the coefficients will be slightly larger, since we do not take vacation into account in our calculations.

Let’s now see what it means for a company to drop out a programmer with a salary of 100,000 rubles from the workflow for 1 hour.

Note. For understanding, we note that in fact the company spends more than 100,000 rubles on salary payments. It should be noted that the company makes contributions to various funds (“payroll taxes”). And on hands after deduction of 13% of the tax, a person receives 87,000 rubles. To simplify the calculations, we will not take into account deductions and assume that the company spends only 100,000. We decided to note this to show that we are not rounding up in favor of PVS-Studio.

With a salary of 100,000 rubles, the rate of 1 hour of work will be 625 rubles. It turns out that if the programmer was distracted for 1 hour to correct the error, then the company will not be able to earn because of this:

• for a skeptic: 625 rubles / hour * 2.66 = 1660 rubles / hour
• in reality more than: 625 rubles / hour * 6 = 3750 rubles / hour

This is the real value (value) of one hour of the programmer when he is busy with useful work.

How many hours does PVS-Studio save

It is very difficult to say how many hours per year PVS-Studio will save by finding errors in the early stages. Errors are very different. Some of them are immediately noticed by the programmer and immediately corrected. And sometimes a bug can distract the programmer from useful activities for several days .

For empirical reasons for a skeptic, we say that the analyzer will save at least 2 hours of programmer work per week, eliminating the need to look for bugs found by unit tests or the testing department. Yes, fixing the bug usually takes minutes, but attempts to reproduce the problem, correspondence in the bugtracker, test runs, merges, and so on, will easily eat these 2 hours.

The above two hours is a skeptical option, in fact, there may be more. Considering that sometimes the analyzer can prevent the appearance of hard-reproducing heisenbags , it is quite possible to indicate an average value of 3 hours.

There are approximately 52 weeks in a year. In a year, the analyzer saves the following hours of real programmer work:

• skepticism about static analysis: 2 hours * 52 = 104 hours saved
• positive attitude: 3 hours * 52 = 156 hours saved

It's time to count the ROI

Then the use of PVS-Studio by one programmer with a salary of 100,000 rubles will return to business per year:

• If you are a skeptic: 1,660 rubles / hour * 104 hours = 172,640 rubles
• Really: 3750 rubles / hour * 156 hours = 585,000 rubles

Now let's take a typical development team of 10 people. Having implemented PVS-Studio, we can expect that thanks to the time saved, the team will be able to perform useful work at a cost of:

• Skeptic: 1,726,400 rubles
• Reality: 5 850 000 rubles

Final formula

So, let's now combine everything into a single formula.

We denote the monthly salary of the programmer as S. The

number of programmers in the team is denoted by N.

• The formula for the skeptic: N * (S / 160) * 2.66 * 104
• Real Formula: N * (S / 160) * 6 * 156

Now we present in the form of tables calculations for teams of other sizes. The table shows the predicted amount of money that the development team for the company can earn if during the year instead of editing bugs it will be busy creating something new. These numbers should be compared with the cost of the license.

Description of the table. Top line: monthly developer salary. Left column: number of programmers in a team. Table cell: how much money the team will earn for the company during the year if, instead of editing the bugs that PVS-Studio finds, it will do useful programming.

Table for skeptics:

Table N1. Skeptic. Red: use of PVS-Studio may be unjustified. Green: Using a static analyzer is justified and useful. Blue: use is clearly beneficial.

Real table:

Table N2. Reality. Red: use of PVS-Studio may be unjustified. Green: Using a static analyzer is justified and useful. Blue: use is clearly beneficial.

The second table, in our opinion, is reliable, and it is reasonable for her to be guided in assessing the economic feasibility of acquiring a license.

Note

Of course, the above calculations are not always and not always relevant. For example, if the price of errors and vulnerabilities for a project is extremely high, then there is no point in associating the value from using PVS-Studio with the salaries of a programmer. In such projects, possible monetary and reputational losses should be assessed and should already be associated with a reduction in risk when using a code analyzer. This is a separate story, and we do not yet know how to approach it from the point of view of calculations.

Also, calculations may not work for outsourcing companies. This may not sound very nice, but such companies are interested in selling as many hours as possible for development, testing and maintenance. In a sense, using an analyzer can only reduce their revenue. This is indirectly confirmed by the fact that there are no outsourcing companies among PVS-Studio clients. Plus, strange processes can sometimes occur in such companies at first glance. A company at a time of low workload can take on some kind of project, even at a loss. This is better than letting some developers go on vacation. Let them be better at work and busy with something.

By the way, the above calculations and tables are different from those given in the English version of the article. We have to take into account a different salary level, at which it turns out that PVS-Studio is useful for almost any team. Well, probably the way it is. This is indirectly confirmed by the fact that the USA and Europe give us much more orders than Russia, although in Russia they know more about us.

Conclusion

So, although the calculations may not be suitable for all companies, we hope that we were able to demonstrate how to approach the assessment of the effectiveness of using PVS-Studio from the point of view of the business as a whole.

If you want to share this article with an English-speaking audience, then please use the link to the translation: Andrey Karpov. PVS-Studio ROI .