Skip to content
エンタープライズ

Remediation by Hand vs. Governed Remediation Fleets: A Cost-Per-Fix Breakdown

A cost-per-fix breakdown of manual remediation versus governed remediation fleets, where agents propose and humans authorize. Built from first principles.

Zof Reliability Team · エンジニアリング & プロダクト

2025年8月12日 · 読了時間 8 分 · 2025年8月12日 更新

Share
01

What a fix actually costs, broken into parts

A "fix" is not one activity. It is a pipeline of distinct labor, and most cost models only count the cheapest stage. Decompose mean-time-to-resolve into the work it actually contains:

  • Detect and triage. Confirm the defect is real, reproduce it, decide who owns it. This is mostly waiting and context-switching, not coding.
  • Locate. Find the responsible code across services, dependencies, and config. On a large system this is the longest single stage, and it scales with system complexity, not defect difficulty.
  • Author the change. Write the patch. This is the stage everyone pictures when they say "fix," and it is increasingly the smallest.
  • Validate. Prove the fix works and breaks nothing downstream. This is where cost hides, because incomplete validation is what produces the *next* defect.
  • Authorize and ship. Review, approve, merge, deploy, watch.

The labor cost of a manual fix is the loaded hourly cost of your engineers multiplied by the wall-clock time across all five stages, plus the carrying cost of the defect while it sits unresolved. The second term is the one finance never sees and engineering always feels: a reachable vulnerability or a latent regression accrues risk every hour it stays open.

The trap is optimizing only stage three. Faster authoring, including AI-assisted authoring, compresses the cheapest stage while doing nothing for locate, validate, or authorize. Worse, it can inflate them.

02

Why manual remediation is getting more expensive, not less

The composition of the work is shifting under the industry's feet. Roughly 41% of codebases are now AI-generated, and industry research suggests around 45% of AI coding tasks introduce a critical flaw or security issue. Read those two numbers together: the *supply* of code is exploding while the *defect rate per change* is climbing. More changes, each carrying more risk, all funneling into a remediation process that still runs at human pace.

Manual remediation does not scale against that curve for a structural reason. The authoring stage gets cheaper with better tools, but locate, validate, and authorize scale with system complexity and change volume, and those are exactly the dimensions that AI-generated code is inflating. You end up spending less time writing each fix and far more time figuring out what to fix, whether the fix is safe, and who is allowed to ship it.

There is a second tax. When remediation is slow and process-heavy, people route around it. Around 80% of developers admit to bypassing policy or guardrails when those guardrails get in their way. Every bypassed control is a fix that shipped without evidence, which becomes a future incident with its own cost-per-fix. Manual remediation does not just cost what it costs. It generates the rework that creates the next bill. This is the mechanism behind the headline figure that the cost of poor software quality now runs around $2.41 trillion, most of it is not the original defect, it is the remediation and re-remediation it spawns.

03

Governed remediation fleets: where the money moves

A governed remediation fleet does not replace the engineer. It changes which stages a human spends time on. The principle is fixed: agents propose, humans authorize. Unsupervised autonomous fixing is reckless; the governance, policy, approval, and audit, is the engineering work, not a wrapper around it.

Here is how the cost moves stage by stage:

  • Locate collapses. A live System Graph maps services, dependencies, and CI/CD into one change-aware model, so the fleet starts from the dependency context instead of grepping for it. The longest manual stage shrinks the most.
  • Authoring is proposed, not performed by hand. The fleet drafts the change. Your engineer's time moves from typing to judging.
  • Validation is built in, not bolted on. Coordinated Testing Fleets exercise the changed paths and what depends on them, so the proposed fix arrives carrying evidence rather than a hope.
  • Authorization concentrates. Instead of reviewing everything at the same depth, the human spends attention only where blast radius warrants it. Low-risk, fully-validated fixes are authorized fast; the dangerous minority gets real scrutiny.

The cost structure inverts. Manual remediation is mostly variable cost: every fix consumes a near-constant slice of engineer time across all five stages. Governed remediation shifts the heavy stages, locate and validate, toward fixed, amortized infrastructure cost, leaving humans a smaller, higher-leverage variable cost: the authorization decision and the genuinely hard fixes the fleet escalates.

### The cost-per-fix comparison

StageRemediation by handGoverned remediation fleet
Detect / triageEngineer hours, high context-switch taxFleet triages; human confirms
LocateLongest stage; scales with complexityGraph-driven; largely amortized
AuthorHuman writes every patchAgent proposes; human edits the hard cases
ValidateOften skipped or partialChange-aware evidence attached by default
Authorize / shipUniform review depthRisk-tiered; attention where blast radius is real
Dominant cost typeVariable, per-fixFixed infra + thin variable human judgment
Failure modeBypassed controls, reworkBad policy or stale graph, not bad code shipping silently

The comparison is not "humans versus no humans." It is "humans on every stage of every fix" versus "humans on the decisions that actually carry risk." The second is cheaper per fix *and* safer, because the safety lives in evidence and policy rather than in a tired reviewer's eyeball.

04

Where the crossover sits, and where manual still wins

Governed fleets are not free, and a serious cost model should say where manual remediation is still the right call.

Manual remediation wins when volume is low and the system is small enough that locate is cheap. If you ship a handful of changes a week against a system one person holds in their head, the fixed cost of standing up governed remediation will not pay back. The crossover arrives with scale and complexity: high change volume, many services, regulated surfaces, and a meaningful share of AI-generated code where the per-change defect rate is high. That is precisely the environment where manual locate-and-validate costs explode.

Two economic levers move the crossover earlier than most teams expect:

  • Reachability-based prioritization. Triaging by whether a flaw sits on an actually reachable path can mean 70 to 90% less exploitable exposure to remediate. You are not fixing fewer real problems; you are not paying to fix theoretical ones. That alone reprices your remediation backlog.
  • Rework avoided. Every fix that ships with real validation evidence is a future incident that never happens. The governed model's return is dominated by the rework it prevents, not the keystrokes it saves.

A caution: governed remediation introduces its own failure modes, and they are governance failures, not coding failures. A stale System Graph misjudges blast radius. A miscalibrated policy either over-escalates (recreating the bottleneck) or under-escalates (authorizing risk it should have paused). These are real costs, but they are *legible* costs, they live in Governance as policy and audit you can inspect and tune, not in an undocumented patch a developer pushed past the guardrail at 2 a.m.

05

What to do Monday morning

You cannot compare two models you have not measured. Start with instrumentation, not procurement.

  1. Decompose your MTTR. For two weeks, tag each resolved defect with time spent in detect, locate, author, validate, and authorize. Most teams discover locate and validate dwarf authoring.
  2. Price the bypass. Count fixes that shipped without validation evidence and trace which incidents traced back to them. That is your rework line item, and it is your real cost-per-fix.
  3. Pick one high-volume, well-bounded surface. Run governed remediation on it where the fleet proposes and a human authorizes, and compare cost-per-fix against your manual baseline.
  4. Tier authorization by blast radius, so human attention stops getting spent on changes that never needed it.
06

The bottom line

関連ガイド

続きを読む

01Zof Console

姿勢、操作、次に注意が必要なことを 1 つの面で確認できます。

エンジニアリング、QA、SREの各チームが毎日開く認証済みのホーム。品質の姿勢、進行中の実行、モジュールごとのカバレッジ、そして次に注目すべきことが分かります。

運用上の KPI

実行数、カバレッジ、リスク

出荷先のあらゆる環境に対応します。

ワークスパイン

仕様・テスト・スケジュール

仕様から計画された回帰まで。

ガードレール

RBAC・SSO・監査

指定された人間に起因するすべての行為。

LIVE/console
Zof AI ホーム コマンド センターには、94% パスでの 12 件の実行、3 つの未解決の重大な問題、84% のカバレッジ、4 つのモジュール トレーサビリティ バー、仕様パイプライン、今後のスケジュール、アクティブ実行サイドバー付きの推奨される次のアクションが表示されます。
ホーム ビュー · チェックアウト サービス · ステージング · 製品からライブでキャプチャ。
  • 01 · RUNS · 24H

    94% pass

    12 runs across staging

  • 02 · COVERAGE

    84%

    Across four modules

  • 03 · ACTIVE RUNS

    3 running

    Live on this branch

  • 04 · NEXT ACTIONS

    Recommended

    Triage gaps, new spec

Remediation by Hand vs. Governed Remediation Fleets: A Cost-Per-Fix Br