Software Maintenance Costs: What to Budget After the Build

TL;DR

• Plan for annual maintenance at roughly 15–25% of build cost; legacy systems and AI-heavy stacks push higher.

• Stripe's Developer Coefficient found developers lose 17.3 hours a week to technical debt and bad code.

• Maintenance covers security patches, breaking API changes, dependency rot, and the small features that keep users.

• Unsupervised AI-generated code raises the maintenance curve; supervised AI code, with review gates, does not.

• By year three, cumulative maintenance typically exceeds the original build for any app still in active use.

How much does software maintenance cost?

The honest answer: budget 15% to 25% of your original build cost per year, every year the software is alive. A $120K custom app costs roughly $18K–$30K a year to keep healthy. A $400K platform costs $60K–$100K. Those bands hold for most well-scoped web and mobile apps in our client work, and they widen fast once you add regulated data, mobile OS churn, or AI components calling third-party model APIs.

Most agencies quote the build and stay quiet about the rest. That's how a 12-month engagement turns into a 36-month surprise. This piece publishes the numbers we wish every operator had during procurement: the percentage bands, what the line items actually include, and the 2026 wrinkle that's already showing up in repos — AI-generated code accumulating debt faster than human-written code when nobody is reviewing it.

If you're sizing the build itself, the companion piece on custom software development cost in 2026 walks the upfront side. This one picks up the day you ship.

1. Why the build quote is half the story

A build quote answers one question: what does it cost to get version 1.0 into production? It does not answer the question your CFO will ask in month four — what does it cost to keep it working?

Stripe's Developer Coefficient report (Stripe, 2018) put a number on this that hasn't aged: developers spend about 42% of their working week — 17.3 hours — on technical debt and bad code. Not building. Not shipping features. Maintaining what already exists. That ratio is the single most important data point in any software budget conversation, and almost no agency proposal references it.

The implication is uncomfortable. If you're paying a team to build, you're implicitly committing to pay another team — or the same team — to maintain. The maintenance bill is not optional. It's deferred.

2. The budget rule of thumb — and the three places it breaks

The 15–25% annual rule holds for most custom apps in steady-state. Here's where it breaks, in order of how often we see it:

Regulated data. If you're handling PHI, PCI, or anything that triggers an audit, maintenance climbs to 25–35% because of patch cadence, log retention, and the dependency upgrades you can't defer.

Mobile. iOS and Android push breaking changes on an annual cycle. A native mobile app with no maintenance for 18 months is, in practice, broken. Budget closer to 25–30% for anything with a mobile client.

AI components. If your app calls an LLM API, embeds a vector store, or runs an agent loop, the underlying providers shift pricing, deprecate models, and change rate-limit behavior on a quarterly cadence. We're seeing 30%+ on AI-heavy builds in our 2025–2026 engagements.

The rule of thumb is a starting point, not a contract. The right number is whatever your actual surface area demands.

Cumulative maintenance approaches or exceeds the original build by year three on any app in active use.

3. What annual software maintenance budget actually covers

When operators see a maintenance line item, the reasonable next question is: what am I paying for? Here's the honest breakdown.

Security patches. Your dependencies have CVEs. Node, Python, your container base images, your CI runners. Patching isn't optional, and the work is small but constant — typically a few hours every two to four weeks, more after a major disclosure.

Breaking API changes. Stripe deprecates an endpoint. Twilio renames a parameter. Auth0 sunsets a flow. Every integration you depend on will push a breaking change within 24 months. The fix is usually a day of work — if you catch it before the deprecation date, not after the outage.

Dependency rot. Packages go unmaintained. Frameworks release majors that change behavior under the hood. Left alone, this compounds — three years of skipped upgrades becomes a six-week rewrite. Quarterly dependency hygiene is the cheapest way to avoid the cliff.

Small features and fixes. The button that needs to move. The report that needs a new column. The edge case in onboarding that one customer keeps hitting. These are not the product roadmap, but ignoring them is how churn starts.

Infrastructure. Hosting, monitoring, logging, backups. Usually 10–20% of the maintenance line, separate from labor.

4. The 42% stat: what full-time developers really spend their week on

Return to the Stripe number for a second: 17.3 hours per week, per developer, on technical debt and bad code. If you have a five-person engineering team, you are spending the equivalent of two full-time engineers, every week, on maintenance — whether or not it's labeled that way on the org chart.

This is the actual unit economics of software. Maintenance is not the tail. It's the body.

With U.S. developer median pay at $133,080 (BLS Occupational Outlook Handbook), even 10 hours of monthly maintenance bought hourly runs $8,000–$15,000+ per year, depending on rate and seniority. For a small custom app, that's the floor — not the ceiling. The ceiling is whatever your dependency graph and integration surface require.

5. How AI-generated code bends the maintenance curve (both directions)

This is the 2026 question every operator should ask before greenlighting an AI-assisted build.

GitClear's analysis of 211 million lines of code (GitClear, 2025) found AI-assisted codebases accumulating 48% more duplication with 60% less refactoring than human-written baselines. That's a measurable, repository-level signal that unsupervised AI code raises the future maintenance bill. Duplication compounds. Skipped refactors compound. Two years from now, somebody has to pay it back.

The nuance matters. Unsupervised AI code — accept the suggestion, ship it, move on — is what produces the GitClear pattern. Supervised AI code — generated, reviewed by a senior engineer, refactored into the existing patterns of the codebase — produces output indistinguishable from hand-written code, often faster.

The bet at Entropy is straightforward: AI code generation cuts build cost meaningfully when the review gate is non-negotiable. Skip the gate and you're financing the savings with a larger maintenance bill that comes due in 18 months. We wrote more on this pattern in AI-generated code and technical debt.

If an agency is selling you a build that's faster and cheaper because of AI, the diligence question is simple: who reviews the generated code, and against what standard? No answer, no deal.

6. Retainer vs hourly vs in-house for upkeep

Three common ways to staff custom app ongoing costs. Each has a cleanest fit.

Hourly with the build agency. Cleanest for small apps under $150K build cost. You pay only for what you use. The risk: response time degrades when the agency is busy with other builds, and small maintenance work tends to get deprioritized.

Monthly retainer. Cleanest for mid-sized apps in active use. A fixed monthly fee buys a defined hours bucket plus an SLA on response time. Predictable for budgeting, and the team stays warm on your codebase. Most of our software development engagements move to retainer six months after launch.

In-house hire. Cleanest once you have multiple apps or one large app that warrants a dedicated owner. At BLS median pay of $133,080 plus benefits and overhead, fully loaded cost is typically $180K–$220K per year for one senior engineer. That math works above roughly $400K of build inventory under active maintenance, not below.

The failure mode we see most often: a $250K custom app, no retainer, no in-house owner, and a CTO who assumes maintenance will happen when something breaks. It does — at 3x the cost, after the outage.

7. A 3-year total cost of ownership worksheet

Here's the math we walk every client through before they sign a build contract. Numbers are illustrative; substitute your own.

Year 0 (build): $200,000

Year 1 (maintenance at 20%): $40,000 — heavier in months 1–3 as you stabilize, lighter after

Year 2 (maintenance at 20%): $40,000 — typically when the first major dependency upgrade lands

Year 3 (maintenance at 22%): $44,000 — small features and platform-level upgrades start adding up

Three-year total cost of ownership: $324,000. The build is 62% of the bill. Maintenance is 38%. By year five on the same trajectory, maintenance has crossed the build.

That's the unit economics of custom software. Treating maintenance as a discretionary line item is how good products get abandoned 30 months in, after $200K of work, because nobody planned for the $40K a year that keeps them alive.

FAQ

How much does software maintenance cost per year as a percentage of build?

Plan for 15–25% of original build cost annually for most custom web and mobile apps. Regulated data, mobile clients, and AI components push the band to 25–35%. The number reflects security patching, breaking API changes from third-party providers, dependency upgrades, and small feature work. Steady-state apps trend toward the lower band; actively evolving apps trend higher.

What does the software maintenance cost percentage actually include?

Four buckets: security patches against CVEs in your dependencies, fixes for breaking API changes from integrated services, dependency and framework upgrades to avoid version cliffs, and small features or bug fixes that keep existing users. Hosting and monitoring infrastructure typically adds 10–20% on top of labor, and should be budgeted separately for clarity.

Does AI-generated code raise my annual software maintenance budget?

Unsupervised AI code does. GitClear's 2025 analysis of 211 million lines found 48% more duplication and 60% less refactoring in AI-assisted codebases, both of which compound into higher future maintenance load. Supervised AI code — generated, reviewed by a senior engineer, refactored to fit existing patterns — does not show the same degradation. The review gate is the deciding variable.

Should I hire in-house or use a retainer for custom app ongoing costs?

Retainer fits most companies with one app and a build cost under $400,000. In-house fits portfolios above that threshold or single apps in active daily evolution. Fully loaded cost for one senior engineer at U.S. median pay of $133,080 typically runs $180,000–$220,000 per year, which is the breakeven line against most retainer arrangements.

What happens if I skip maintenance for a year?

Nothing visible for about six months. Then dependencies start failing audits, a third-party API deprecation breaks a flow, and small bugs accumulate until users notice. The repair bill is typically 2–3x what steady-state maintenance would have cost, plus whatever revenue impact the outage caused. Deferred maintenance is the most expensive kind of maintenance.

If you're scoping a build right now, do one thing this week: ask the agency to quote year-one maintenance alongside the build, in writing, as a percentage of build cost. The answer — or the absence of one — tells you everything about how the next three years will go.

When you want a second read on the numbers, we're here.