Many companies plan a software project up to launch and treat go-live as the finish line. In reality, the longest and, in total, most expensive phase starts afterwards. Over a product's life, operations account for 50 to 80% of total cost. Development happens once; maintenance runs for years.
That is why companies search for "software maintenance", "software support contract" or "software maintenance cost". The need is rarely just technical support. It is about keeping a web app, platform, mobile app or internal tool secure, stable and extendable over time — with a clear budget instead of emergencies.
Why operations cost more than the launch
Software is not a finished building — it runs in an environment that changes constantly. Dependencies receive security updates, browsers change behaviour, APIs adjust limits, users find edge cases and internal processes evolve. That is exactly why the cost centre shifts from building to running.
Without clear ownership after launch, predictable problems appear: bugs surface only after customers report them, updates are postponed until they become risky, small issues accumulate into technical debt, and nobody remembers the original architecture decisions. That is expensive: according to an ITIC survey, a single hour of downtime costs more than $300,000 for over 90% of the larger organisations surveyed. A good software agency therefore plans not only the first version, but the operating model that follows.
What professional maintenance includes
Maintenance keeps the system healthy — continuous development increases its value. That distinction is the most important budget decision, because otherwise mandatory work and growth compete for the same money. A marketing website may only need a lean setup; a B2B platform with login, roles, files and integrations needs more operational responsibility.
Typical maintenance services include:
- monitoring errors, uptime and performance
- security updates for frameworks, libraries and infrastructure
- bug fixing and technical analysis
- dependency updates and compatibility checks
- backups and regular recovery tests
- deployment support plus log and alert review
- API and integration support and change documentation
- technical consulting for the roadmap
A continuous-development retainer goes further: product planning, new features, refactoring, QA and regular releases. For many companies the combination works best — a base budget for maintenance plus a flexible budget for prioritised development.
What software maintenance costs
The most reliable planning figure is not an hourly rate but a share of the build cost. The decades-stable rule of thumb is 15 to 25% of the original development cost per year — toward the lower end for clean, well-documented software, and closer to 30 to 40% for legacy code with high technical debt. Translated into monthly models, that gives the following ranges:
| Model | Suitable for | Typical range |
|---|---|---|
| Basic maintenance | website, small web app, few changes | €500–2,000 per month |
| Product maintenance | customer portal, internal app, regular updates | €2,000–6,000 per month |
| Product-team retainer | active roadmap, UX, development, QA, operations | €6,000–20,000 per month |
| Critical operations with SLA | high availability, several systems, fixed response times | individual, often from €10,000 |
These figures are planning ranges, not a price list. A simple content project costs less than a platform with roles, payments, ERP integration and sensitive data. Building cheaply upfront means paying twice — why that happens is covered in why cheap software gets expensive.
Security updates: why postponing gets expensive
Modern software is largely made of other people's code — and that code ages. Frameworks, packages, APIs and cloud services save development time but need care. The pace is high: in 2025 alone, more than 40,000 new vulnerabilities (CVEs) were published — a record year and about 127 per day.
At the same time, runtimes fall out of support: Node.js 18 has been end-of-life since 30 April 2025, and PHP 8.1 since the end of 2025. Staying on those versions means no more security fixes. Good maintenance therefore checks regularly whether there are critical vulnerabilities, whether frameworks are still supported, whether builds pass after updates, and whether secrets and certificates need rotation. In the EU, the European Accessibility Act has applied since 28 June 2025, requiring many web apps and shops to stay accessible — see our accessibility checklist. Ignoring updates for years is paid back later with an expensive migration; with legacy software this is one of the most common cost drivers.
From operations to roadmap: the maintenance loop
Maintenance works as a loop, not as a stack of isolated tickets. Without monitoring, operations are blind: a system can be online and still fail in business terms — emails are not sent, payments get stuck, an API import silently stops. Useful signals are uptime, backend and JavaScript errors, failed jobs, API limits, slow queries and Core Web Vitals. Those signals drive prioritisation, implementation and release — and each release produces new data.
Prioritisation belongs in an SLA (Service Level Agreement). Not every application needs strict response times — an internal tool with a few users has different requirements from a booking portal:
| Priority | Example | Response |
|---|---|---|
| Critical | system unavailable, login down, data loss risk | immediately or within a few hours |
| High | core feature broken, many users affected | same business day |
| Medium | bug with workaround, individual users affected | within a few business days |
| Low | cosmetic issue, small improvement | after prioritization |
Response time is not resolution time: a team can react quickly, but full resolution depends on the cause, access, third-party providers and testing effort. The best roadmap then works on three levels: mandatory (security, bug fixes, stability, privacy), improvement (UX, performance, automation) and growth (new features, integrations).
Make technical debt visible
Technical debt is not a sign of bad work — it is a balance-sheet item you have to know. It results from conscious MVP decisions, time pressure or new requirements. According to McKinsey, technical debt makes up around 40% of the IT balance sheet, and companies pay an additional 10 to 20% "interest" on new projects to carry that legacy along.
Typical examples are missing tests for critical flows, tight coupling between frontend and backend, manual deployments, unclear permission logic and data models that no longer fit the product. Not every debt needs paying immediately — but it should be visible, so refactoring can be planned instead of handled as an emergency. The best way into an existing application is a software audit that understands risks before anything is rebuilt.
Maintenance contract or continuous-development retainer?
The two models answer different questions — and most products need a mix. A maintenance contract answers: who keeps the system stable? It includes defined response times, agreed support channels, updates, security checks, analysis and monitoring. A continuous-development retainer answers: who improves the product every month? It adds product planning, new features, refactoring, QA and regular releases.
For smaller systems, a lean maintenance model is often enough. For growing products, an experienced product team beats isolated ad-hoc tickets, because maintenance touches several disciplines: backend, frontend, infrastructure, security, UX and QA. An external agency is especially worth it when internal capacity or technical breadth is limited, or an existing application needs to be taken over.
Next steps
Three questions clarify your operating model faster than any list of services:
- Criticality: What is allowed to happen if the system is down for an hour — and which response times do you really need?
- Ownership: Who prioritizes bugs and new requirements, and is there a fixed monthly budget for continuous development?
- Condition: Are monitoring, backups, updates and technical debt known — or do you need an audit first?
Unsure which model fits your product? We take over operations and continuous development in projects regularly — pragmatically and with an eye on roadmap and budget. Take a look at our web app development or book an intro call.
