This assessment evaluates a software product across six critical dimensions — product-market fit evidence, feature completeness, technical debt, scalability, security posture, and UX quality — to produce a quantified maturity score. It is designed for product leaders, CTOs, investors, and consultants who need a structured diagnostic before making decisions about product investment, technical roadmaps, or acquisition due diligence. The output is a scored profile that identifies the weakest dimensions and routes to specific improvement playbooks. [src1]
What this measures: The strength and depth of evidence that the product solves a real problem for a defined market segment willing to pay for it.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | No systematic PMF measurement; founders believe in the product based on vision alone | No retention data, no user surveys, fewer than 10 paying customers |
| 2 | Emerging | Some positive signals but inconsistent; early customers exist but churn is high | Sean Ellis score below 25%, month-3 retention under 20%, NPS below 0 |
| 3 | Defined | Clear PMF in one segment; retention curves flatten but growth relies on founder-led sales | Sean Ellis score 25-39%, month-3 retention 20-40%, NPS 10-30, repeatable use cases documented |
| 4 | Managed | Strong PMF with measurable retention, organic growth signals, and expanding use cases | Sean Ellis score 40-55%, month-3 retention 40-60%, NPS 30-50, DAU/MAU ratio above 20% |
| 5 | Optimized | Dominant PMF with high retention, strong word-of-mouth, and multi-segment expansion | Sean Ellis score above 55%, month-6 retention above 50%, NPS above 50, negative churn achieved |
Red flags: Founders cannot name their top 3 customer segments by revenue. No retention cohort analysis exists. Customer acquisition is entirely paid with no organic channel. [src3]
Quick diagnostic question: "What percentage of users would be very disappointed if this product disappeared tomorrow?"
What this measures: How well the product's feature set covers core user workflows relative to market expectations and competitive parity.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | MVP-level; only one core workflow is functional, significant gaps block adoption | Feature requests outnumber active features 5:1, users require workarounds for basic tasks |
| 2 | Emerging | Core workflow complete but adjacent workflows missing; frequent feature-gap churn | Top 3 churn reasons are missing features, competitive win rate below 30% on features |
| 3 | Defined | Core and secondary workflows covered; feature parity with competitors on must-haves | Feature gap analysis shows 70%+ coverage of must-haves, churn from missing features under 15% |
| 4 | Managed | Feature-complete for primary segments; differentiated features create competitive moats | Feature-driven win rate above 50%, integration ecosystem covers top 10 tools in category |
| 5 | Optimized | Feature leadership in category; platform capabilities enable third-party extensions | Feature requests focus on enhancement not gaps, API/extension ecosystem active, negative feature churn |
Red flags: No feature prioritization framework exists. Product roadmap is entirely customer-driven with no strategic bets. Feature utilization data is not tracked. [src1]
Quick diagnostic question: "What are the top 3 reasons customers choose a competitor over your product?"
What this measures: The accumulated cost of shortcuts, deferred maintenance, and architectural compromises that slow down future development velocity.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | Crippling debt; most development time spent on firefighting, deploys are risky events | Test coverage below 20%, deploy frequency less than monthly, mean time to recovery above 24 hours |
| 2 | Emerging | Significant debt acknowledged but no systematic remediation; velocity declining quarter over quarter | Test coverage 20-40%, tech debt ratio above 15%, critical dependencies on deprecated libraries |
| 3 | Defined | Tech debt tracked and prioritized; dedicated allocation (15-20% of sprint capacity) for remediation | Test coverage 40-65%, tech debt ratio 5-15%, code quality tools in CI pipeline, documented architecture decisions |
| 4 | Managed | Tech debt under control; architecture supports current scale with clear upgrade paths | Test coverage 65-85%, tech debt ratio below 5%, automated dependency updates, regular architecture reviews |
| 5 | Optimized | Minimal debt with proactive prevention culture; architecture enables rapid iteration | Test coverage above 85%, near-zero critical debt, deploy multiple times daily, architectural fitness functions automated |
Red flags: No developer can explain the system architecture end-to-end. Build times exceed 30 minutes. "Don't touch that code" zones exist. Engineers estimate 3x time for changes near legacy components. [src2]
Quick diagnostic question: "What percentage of engineering time is spent on unplanned work, bug fixes, and infrastructure maintenance versus new features?"
What this measures: The product's ability to handle growth in users, data volume, and transaction throughput without degrading performance or requiring architectural rewrites.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | Single-server architecture; performance degrades noticeably under modest load increases | No load testing, monolithic database, manual scaling, p95 latency spikes above 5 seconds under 2x load |
| 2 | Emerging | Basic horizontal scaling exists but untested; known bottlenecks with no remediation plan | Some caching, no auto-scaling, database queries not optimized, capacity planning is guesswork |
| 3 | Defined | Architecture handles 5-10x current load with known scaling path; key bottlenecks documented | Load testing in CI, auto-scaling configured, database read replicas, CDN for static assets, p95 under 500ms at current load |
| 4 | Managed | Architecture handles 50x current load; multi-region capable; performance budgets enforced | Microservices or modular monolith with clear boundaries, queue-based async processing, sub-200ms p95, capacity planning automated |
| 5 | Optimized | Elastic architecture handles 100x+ surges; cost-efficient scaling with infrastructure-as-code | Multi-region active-active, chaos engineering practiced, cost per transaction optimized and tracked, zero-downtime deployments |
Red flags: No load testing has ever been run. Database is the application (all logic in stored procedures). Single points of failure exist with no failover. Cost scales linearly or worse with user growth. [src1]
Quick diagnostic question: "What happens to your application if traffic doubles overnight — do you know, or is that an untested scenario?"
What this measures: The maturity of security practices across the software development lifecycle, from design through deployment and incident response.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | No security practices; secrets in code, no access controls, no vulnerability scanning | Credentials in git history, no HTTPS enforcement, no security training, OWASP Top 10 vulnerabilities present |
| 2 | Emerging | Basic security hygiene exists but reactive; security addressed only after incidents | Secret management tool adopted, basic auth implemented, annual penetration test, but no SSDLC integration |
| 3 | Defined | Security integrated into development process; OWASP Top 10 addressed; incident response plan exists | SAST/DAST in CI pipeline, dependency vulnerability scanning, SOC 2 Type I or equivalent, security champions in engineering teams |
| 4 | Managed | Proactive security program; threat modeling for new features; compliance certifications maintained | SOC 2 Type II, regular penetration testing, bug bounty program, security metrics tracked (MTTD, MTTR), SAMM score 2+ across domains |
| 5 | Optimized | Security-first culture; automated compliance; real-time threat detection and response | ISO 27001 or equivalent, DevSecOps fully automated, SAMM score 3+ across all domains, zero critical vulnerabilities in production |
Red flags: No one owns security as a responsibility. Last penetration test was more than 18 months ago. No incident response plan exists. Customer data handling policies are undocumented. [src4]
Quick diagnostic question: "When was your last security audit or penetration test, and what percentage of findings have been remediated?"
What this measures: The quality of the user experience as measured by usability, design consistency, accessibility, and user satisfaction metrics.
| Score | Level | Description | Evidence |
|---|---|---|---|
| 1 | Ad hoc | No UX design process; developer-built UI with no user research or usability testing | No design system, inconsistent UI patterns, no accessibility compliance, task completion rates unknown |
| 2 | Emerging | Designer on team but reactive; UI improvements are cosmetic rather than research-driven | Basic style guide exists, some user feedback collected but not systematized, WCAG compliance partial |
| 3 | Defined | UX research informs major decisions; design system covers 70%+ of components; usability tested quarterly | Design system adopted, user research cadence established, SUS score 60-70, task success rate above 75%, WCAG 2.1 AA partial |
| 4 | Managed | Data-driven UX optimization; A/B testing infrastructure; accessibility baked into development process | SUS score 70-80, onboarding completion above 80%, support ticket volume declining, WCAG 2.1 AA compliant |
| 5 | Optimized | UX is a competitive moat; users cite ease of use as top differentiator; continuous experimentation culture | SUS score above 80, NPS driven by UX, time-to-value under industry median, full accessibility compliance, design system public |
Red flags: No usability testing has been conducted in the past 12 months. Onboarding completion rate is below 50%. Support tickets dominated by "how do I do X" questions rather than bugs. [src6]
Quick diagnostic question: "What is your onboarding completion rate, and how long does it take a new user to reach their first value moment?"
Overall Score = (PMF Evidence x 2.0 + Feature Completeness x 1.5 + Tech Debt x 1.5 + Scalability x 1.0 + Security Posture x 1.5 + UX Quality x 1.5) / 9.0
Critical override: If Security Posture scores 1, cap overall score at 2.9.| Overall Score | Maturity Level | Interpretation | Recommended Next Step |
|---|---|---|---|
| 1.0 - 1.9 | Critical | Product has fundamental gaps across multiple dimensions. Not ready for scaling investment. High risk of failure or major rework. | Triage the lowest-scoring dimension first. Pause feature development for foundation work. |
| 2.0 - 2.9 | Developing | Product shows promise in some areas but has significant weaknesses. Suitable for continued iteration with focused improvement. | Address any dimension below 2 urgently. Create 90-day remediation plan for bottom 2 dimensions. |
| 3.0 - 3.9 | Competent | Product is market-viable with defined processes. Ready for deliberate scaling with targeted improvements. | Optimize highest-leverage dimensions. Invest in scalability and security before aggressive growth. |
| 4.0 - 4.5 | Advanced | Product is mature with strong foundations across dimensions. Focus on differentiation and efficiency. | Fine-tune weakest dimension. Shift focus from building to optimizing and platform extensibility. |
| 4.6 - 5.0 | Best-in-class | Product is a category leader with mature practices. Maintain excellence and innovate at the frontier. | Maintain through continuous improvement. Invest in emerging technology and market expansion. |
| Weak Dimension (Score < 3) | Fetch This Card |
|---|---|
| PMF Evidence | Product-Market Fit Validation Playbook |
| Feature Completeness | Product Roadmap Prioritization Framework |
| Technical Debt | Tech Debt Remediation Playbook |
| Scalability | Scalability Architecture Decision Framework |
| Security Posture | Security Maturity Improvement Playbook |
| UX Quality | UX Maturity Improvement Playbook |
| Segment | Expected Average Score | "Good" Threshold | "Alarm" Threshold |
|---|---|---|---|
| Pre-seed / Seed | 1.8 | 2.5 | 1.3 |
| Series A | 2.5 | 3.2 | 1.8 |
| Series B-C | 3.2 | 3.8 | 2.5 |
| Growth / Late-stage | 3.8 | 4.2 | 3.0 |
| Public / Enterprise | 4.2 | 4.5 | 3.5 |
Fetch when a user asks to evaluate their product's overall health, diagnose why growth is stalling despite product investment, prepare for fundraising or M&A due diligence, onboard a new CTO or CPO who needs a baseline, or decide whether to invest in scaling versus fixing foundations.