Decision guide
Rebuild vs refactor: when to modernize legacy software
When to rewrite aging software from scratch and when to refactor it instead: the cost of technical debt, the rewrite trap, the Strangler Fig alternative, and what AI did and didn't change in 2026.
Refactor when your software still serves the business but carries technical debt; rebuild only when the architecture itself blocks where you need to go. Most owners reach for a full rewrite too fast, and big rewrites are the classic trap. The safer middle path is the Strangler Fig pattern: modernize incrementally alongside the running system instead of betting everything on one cutover.
Key facts
- The rule
- Refactor when the code still works for the business; rebuild only when the architecture itself is the limit.
- Technical debt
- Technical debt equals 20 to 40 percent of the typical company's tech estate.
- AI on legacy
- A 2025 study found experienced developers 19 percent slower using AI on mature codebases.
- Rewrite risk
- Large IT rewrites run about 45 percent over budget on average.
- Legacy upkeep
- Around 80 percent of federal IT budgets go to maintaining existing systems.
- Mainframe exits
- Gartner predicts more than 70 percent of 2026 mainframe-exit projects will fail on over-hyped AI.
Sources: Stripe's The Developer Coefficient, McKinsey Digital, the US Government Accountability Office, McKinsey & Company with the University of Oxford, METR (2025), and Gartner (June 2026). Get a free codebase audit. Last updated .
Refactor or rebuild: the decision most owners get backwards
There are two ways to modernize aging software. Refactor means improving the code you already have, in place, without changing what it does for users. Rebuild means starting over from an empty file. The two words get used loosely, but they carry wildly different risk and cost. The honest default is refactor. Most owners reach for rebuild too fast, usually because the code looks ugly, when ugly and broken are not the same thing.
When software gets old and painful, the instinct is to want a clean slate: tear it down, build it right this time. It's an emotionally satisfying plan and, most of the time, the wrong one. The reason is simple. Working software, however ugly, is worth more than you think, and a rewrite throws that value away on day one in exchange for a version that, at launch, does less than what you already had.
So the real question isn't "is the code bad?" It almost always is; that's what technical debt looks like up close. The question is why it hurts. If the system still does what the business needs and the pain is maintenance cost, slow changes, or fragility, that's a refactoring problem, and you fix it in place. If the pain is a hard ceiling, the architecture can't scale, the platform is unsupportable, you can't hire anyone to touch the stack, then and only then is the architecture itself the constraint, and a rebuild earns its risk.
Getting that distinction right is worth a lot, because the wrong call is expensive in both directions: refactor something that genuinely needed rebuilding and you pour money into a dead end; rebuild something that only needed cleaning up and you take on the single riskiest project in software. Here's the vocabulary this guide uses, in plain English:
- Legacy system
- Software that still runs the business but is old enough that it's hard to change safely: an unsupported framework, a language few people want to touch, or an architecture built for a smaller, simpler version of the company. Legacy doesn't mean broken. It usually means expensive to maintain and slow to extend.
- Technical debt
- The accumulated cost of shortcuts, aging dependencies, and decisions that made sense at the time but now slow every change down. Like financial debt, a little is normal and useful; too much means you pay interest on every new feature in the form of extra time and risk.
- Refactor
- Restructuring and cleaning up existing code without changing what it does for users, so it's cheaper to maintain and safer to extend. It's the lowest-risk way to make a deep change, because the system keeps working the whole time and every hard-won fix stays in place.
- Rebuild
- Rewriting the software from scratch, keeping the same scope but starting from an empty file. Also called a rewrite. It's the most disruptive deep-change option, because you re-earn every edge-case fix the old system already learned, and users get nothing new until the new version catches up.
- Strangler Fig pattern
- A way to modernize incrementally: build new components alongside the running legacy system and migrate behavior piece by piece, so the old system is gradually replaced rather than switched off in one risky cutover. Named by Martin Fowler, and published as a standard pattern by both AWS and Microsoft.
- Big-bang migration
- Replacing the whole system at once, then flipping everyone over on a single go-live date. Conceptually simple and operationally dangerous: the new system has to match years of accumulated behavior on day one, and there's no partial fallback if it doesn't.
The cost of technical debt, and why it forces the question
Nobody modernizes software for fun. They do it because the old system has become expensive to run and slow to change, which is what technical debt feels like from the inside. The figures below skew toward large enterprises and government, so treat them as directional benchmarks rather than small-business medians, but the direction is unmistakable: unpaid debt quietly becomes the biggest line item in a software budget.
Technical debt isn't a metaphor for "bad code." It's the accumulated cost of past shortcuts and aging dependencies, and you pay interest on it in real time, as extra hours and extra risk on every change. Three numbers frame how large that interest bill gets:
developers lose to maintenance and technical debt, out of a roughly 41-hour week.
of the entire tech estate's value that CIOs attribute to technical debt.
of the US federal IT budget spent operating and maintaining existing systems.
Stripe's survey of developers and executives found the average developer loses about 17 hours a week to maintenance and dealing with bad code, and pegged the global drag from bad code at roughly $85 billion a year116. McKinsey's survey of CIOs put technical debt at 20 to 40 percent of the value of their entire technology estate, with a further 10 to 20 percent of new-product budgets quietly diverted to servicing it, and 60 percent of CIOs saying the debt had grown noticeably over the prior three years2.
The government number is the hardest anchor of all, because it's audited rather than self-reported: the US Government Accountability Office found that around 80 percent of the federal IT budget goes to operating and maintaining existing systems, out of more than $100 billion in annual spend3. A small business isn't the federal government, and your exact split will differ, but the shape holds everywhere: left unaddressed, keeping the lights on eats the budget that should be funding new capability. That's the pressure that puts rebuild-versus-refactor on the table in the first place.
The rewrite trap: why starting over usually backfires
The most seductive answer to a painful codebase is also the most dangerous one. Joel Spolsky called rewriting working software from scratch the single worst strategic mistake a software company can make, and the track record backs him up: Netscape lost roughly three years and its market to a rewrite, and large projects in general run about 45 percent over budget while delivering 56 percent less value than promised. A rewrite is where those odds bite hardest.
In 2000, Joel Spolsky wrote what remains the definitive warning on this. Rewriting code from scratch, he argued, is "the single worst strategic mistake that any software company can make." His example was Netscape, which decided to rewrite its browser and then shipped no major release for roughly three years, handing the market to Internet Explorer while it rebuilt4. The company effectively took itself off the field to redo work it had already done.
Spolsky's deeper point is the one that catches teams out. That old, ugly code you want to throw away looks ugly precisely because it works. "Each of these bugs took weeks of real-world usage before they were found," he wrote; the messy conditionals and odd special cases are years of hard-won fixes for edge cases you've long since forgotten. A rewrite silently discards every one of them, then rediscovers each as a brand-new bug in production. You don't start from zero; you start from below zero.
average budget overrun on large IT projects, the ones a rebuild resembles.
less value than predicted that those same large projects deliver on average.
large projects becomes a company-threatening cost and schedule blowout.
McKinsey and the University of Oxford, studying more than 5,400 large IT projects, found an average 45 percent budget overrun, a 7 percent time overrun, and 56 percent less value than predicted, with one in six turning into a "black swan" that threatened the company's existence5. A ground-up rebuild is exactly the kind of long, all-or-nothing project that produces those numbers. That doesn't make rebuilding always wrong. It makes it a decision that has to clear a high bar, not a default you drift into because the code offends you.
The Strangler Fig: modernize without the big-bang bet
Most teams think the choice is binary: limp along with the old system or bet everything on a rewrite. There's a third way that's become the industry-standard middle path. The Strangler Fig pattern, named by Martin Fowler and published as a standard pattern by both AWS and Microsoft, modernizes incrementally: you build the new alongside the old and migrate behavior piece by piece, so you never stake the business on a single go-live.
Martin Fowler named the pattern after a vine that grows around a host tree and gradually replaces it. Applied to software, you build new components "on top of, yet separate to" the legacy system, then move functionality across a piece at a time, so "investment and returns occur gradually and visibly" instead of arriving, or failing to arrive, in one enormous cutover7. The old system keeps running and shrinking until, eventually, there's nothing left to strangle.
This is the opposite of a big-bang migration, and it's preferred for a concrete reason. As Thoughtworks puts it, replacing a serious system all at once is "disruptive, fraught with risk, and an immense strain," because the replacement has to match years of accumulated behavior on day one and users can't wait months with nothing8. Incremental migration spreads that risk out and delivers value the whole way through. It's not a fringe idea, either: both AWS and Microsoft publish the Strangler Fig as a standard, low-risk modernization pattern in their official architecture guidance910.
The decision criteria: a ladder, not a coin flip
Rebuild versus refactor isn't actually a binary. Gartner frames modernization as seven graded options that rise in risk and cost, from encapsulate and rehost at the safe end, through refactor and rearchitect, up to rebuild and replace at the dangerous end. The discipline is to pick the smallest step that removes the actual constraint. Refactor when the code still has business value; rebuild only when the architecture itself is what's holding you back.
Gartner's analysts lay out seven options for modernizing a legacy system, in rising order of risk, cost, and disruption11. Seeing them as a ladder rather than a yes/no choice is most of the battle, because it forces the question "what's the cheapest rung that fixes my actual problem?" before anyone reaches for the most drastic one:
Encapsulate (lowest risk)
Leave the legacy system running and wrap it behind an API so new services can reach it without touching the old code. Nothing inside changes; you just make the old system reusable. It buys time but doesn't reduce the underlying technical debt.
Rehost
Lift and shift the same application onto new infrastructure, usually cloud, with no code changes. It cuts hardware risk and hosting cost quickly, but every line of legacy logic and every bit of technical debt comes along untouched.
Replatform
Move to a new runtime or platform with small, targeted code changes, like a supported language version or a managed database, while keeping the architecture and features the same. Modest risk for a real operational upgrade.
Refactor
Restructure and clean up the existing code without changing what it does for users, so it's cheaper to maintain and safer to extend. The lowest-risk way to make a deep change, and the right call when the software still fits the business but the code has decayed.
Rearchitect
Materially change the code to shift it onto a better-fitting architecture, for example breaking a monolith into services. Higher effort and risk than refactoring, reserved for when the current structure genuinely blocks where you need to go.
Rebuild
Rewrite the component from scratch, keeping its scope and specifications. High risk and high cost: you re-earn every edge-case fix the old system already learned, and users get nothing new until the rebuild catches up.
Replace (highest risk)
Retire the system entirely and swap in something new, often off-the-shelf, accounting for new requirements. The most disruptive option and rarely reversible once the old system is gone.
The pivot in the middle of that ladder is the one that matters most for owners. Refactor is the lowest-risk way to make a deep change, and it's the right call whenever the software still fits the business but the code has decayed. Rebuild and replace sit at the far, high-risk end, reserved for when the current architecture genuinely can't meet future needs. Put the two options side by side and the trade-off is stark:
| Dimension | Refactor in place | Rebuild from scratch |
|---|---|---|
| Risk | Low; the system keeps running | High; nothing ships until it catches up |
| Timeline | Incremental, value along the way | Long, value only at the very end |
| Cost predictability | Easier to scope and quote | Where budget overruns hit hardest |
| Hard-won fixes | Preserved in the working code | Re-earned one production bug at a time |
| Best when | The code still fits the business | The architecture is the constraint |
Underneath the ladder sit the signals that tell you which rung you're actually on. These are the criteria we use when we audit an existing codebase and have to give a client a straight answer:
Refactor when the software still fits the business
If the system does what the business needs and the pain is maintenance cost or slow changes, not a hard capability ceiling, refactor in place. Working code carries years of quiet bug fixes you'd otherwise throw away and rediscover.
Refactor when downtime or migration risk is high
When the system is business-critical and can't go dark, incremental change beats a cutover. Refactoring and the Strangler Fig pattern keep the software running the whole time, so a mistake is contained instead of company-threatening.
Rebuild when the architecture is the constraint
When the current design literally can't meet future needs, it won't scale, or the assumptions it was built on no longer hold, a rebuild or rearchitect may be the only path. The trigger is the architecture, not the mess in the code.
Rebuild when the platform is unsupportable or unhireable
If the framework is end-of-life and can't be upgraded in place, or the stack is so obscure you can't hire anyone to maintain it, a rebuild onto a supportable platform can be justified. Weigh it against replatforming first.
Take the smallest step that clears the blocker
Most owners jump to rebuild or replace when encapsulate, rehost, replatform, or refactor would solve the actual problem for a fraction of the risk. Pick the lowest-risk option on the ladder that removes the real constraint.
Never rewrite just to escape ugly code
Ugly is not the same as broken. A messy codebase can almost always be cleaned up incrementally, at far lower risk than a rewrite. Reserve the full rebuild for when a cheaper option genuinely can't clear the constraint.
What AI did, and didn't, change about modernization
For a few years the pitch was that AI would make legacy modernization cheap: point a model at the old system, let it explain and rewrite the code, and the hard part goes away. The freshest evidence tells a more sober story. A 2025 study found experienced developers 19 percent slower using AI on mature codebases, and in June 2026 Gartner predicted that more than 70 percent of that year's mainframe-exit projects will fail because organizations overestimated what generative AI could do. AI helps most with modernizing in place, least with the risky full migration people hoped it would rescue.
Both halves of the story are real, which is why the honest picture is a tension rather than a slogan. Here are the three measured results people actually cite:
developers completing a fresh, greenfield coding task with GitHub Copilot.
experienced developers using 2025 AI tools on large, mature codebases they knew well.
of 2026 mainframe-exit projects, Gartner predicts, on over-hyped generative AI.
From roughly 2018 to 2024, the mood was optimistic. A controlled GitHub trial found developers completed a greenfield task about 55 percent faster with Copilot, and a much-repeated figure attributed to Gartner claimed AI could cut modernization costs by 70 percent by 202713. Treat that second number with care: the primary source for the "70 percent cost cut" claim isn't confirmed, so it's best read as an unverified, widely-copied assertion rather than a finding you can bank on.
The 2025 to 2026 evidence points the other way, and it's better sourced. METR ran a controlled study of experienced developers working on their own mature repositories and found they were 19 percent slower with early-2025 AI tools, even though they believed they were about 20 percent faster12. Then in June 2026 Gartner predicted that more than 70 percent of mainframe-exit projects started that year will fail to deliver their intended benefits, specifically because organizations overestimated what generative AI could do on complex legacy systems615. The app-modernization services market is still forecast to grow from about $28 billion in 2026 toward $52 billion by 2030, so the spending isn't slowing; the expectations are just being reset14.
The pattern underneath the whiplash is consistent. AI compresses effort most on fresh, well-scoped work and on modernizing in place, using a model to explain unfamiliar code, translate a module, or accelerate a refactor a senior is reviewing. It helps least, and sometimes hurts, on the exact thing the hype promised: a full, one-shot migration off a gnarly legacy system. Which is another way of saying AI strengthens the case for incremental modernization over the big-bang rewrite, rather than finally making the rewrite safe.
How we take over and modernize existing code
We take over software other people built, and the first thing we do is audit it, not quote a rewrite. We read the codebase, map what it does, find where the real risk and technical debt sit, and then tell you honestly whether to refactor in place or whether the architecture is genuinely the constraint. From there a takeover is scoped like any build: a written scope, a fixed quote, milestone billing, and you owning everything at the end.
Inheriting someone else's codebase is normal work for us, not a special case. The order of operations is what keeps it honest. Before we recommend anything, we audit: we read the code, map the behavior, and locate where the debt and fragility actually live. Only then do we give a recommendation, and it's a genuine one, because the audit comes first and the answer isn't predetermined by which path bills more. Sometimes the honest call is "this still has business value, we'll refactor and strangle it incrementally." Sometimes it's "the architecture is the ceiling, here's the case for rebuilding this part." Our bias, backed by everything above, is toward incremental modernization wherever the code still earns its keep.
Whatever the call, the commercial terms are the same as any of our builds. You get a written scope, a fixed quote against it, and milestone billing tied to working software, so you're never paying ahead of what's been delivered. And you own the result outright: the code, the repositories, the infrastructure, and the IP, in your own name, with no license and no lock-in. We work on your platform and hand it back; we never own it. Our custom software development services page covers how we build, and our custom software build methodology walks through how a written scope becomes a milestone plan.
What to do with this
Three ways forward, depending on where you are: get an honest read on your own codebase, understand how a fixed-quote build actually works, or size up the cost before you commit.
If you already have software that's become painful to run, a free codebase audit is the fastest way to a straight answer on whether to refactor or rebuild, with a fixed quote for whichever the audit recommends.
If you want to understand how we build before you hand anything over, our custom software development services page and our custom software build methodology cover the written-scope, fixed-quote, milestone-billing approach, and if you know it's a web or mobile product, the web app development and mobile app development pages go deeper on each. When you're ready to scope the actual work, that's what our build process is for.
And if the open question is really about budget, our guide on how much custom software costs breaks down the 2026 numbers, or browse the rest of our guides for the surrounding decisions.
Frequently asked questions
Should I rebuild or refactor my legacy software?
Start with the default: refactor. If the software still does what the business needs and the pain is maintenance cost or slow changes rather than a hard capability ceiling, refactoring in place is almost always cheaper and safer than starting over. Rebuild only when the architecture itself is the constraint: it won't scale, the platform is unsupportable, or you genuinely can't hire anyone to work on the stack. The mistake most owners make is treating a messy codebase as a reason to rewrite, when a mess can usually be cleaned up incrementally. Working code carries years of quiet bug fixes that a rewrite throws away, so the bar for a full rebuild should be high.
What is technical debt and how much does it really cost?
Technical debt is the accumulated cost of past shortcuts, aging dependencies, and decisions that now slow every change down. You pay interest on it in the form of extra time and risk on every new feature. The numbers are directional and skew toward large enterprises, but they're striking: Stripe's Developer Coefficient found developers lose about 17 hours a week to maintenance and technical debt, and McKinsey's survey of CIOs put technical debt at 20 to 40 percent of the value of their entire tech estate. For a small business the exact percentages differ, but the pattern holds: debt you never pay down quietly becomes the largest line item in your software budget.
Why are full rewrites so risky?
Because you throw away working software and years of hard-won knowledge to chase a version that, on day one, does less than what you already had. Joel Spolsky famously called rewriting from scratch the single worst strategic mistake a software company can make, and pointed to Netscape, which shipped no major release for roughly three years while rewriting and lost its market in the process. Old code looks ugly precisely because it's full of fixes for edge cases you've forgotten about; a rewrite silently discards them and rediscovers each one as a fresh bug. On top of that, large IT projects average about 45 percent over budget and deliver 56 percent less value than predicted, per McKinsey and the University of Oxford. A rewrite is where those odds hit hardest.
What is the Strangler Fig pattern?
It's the incremental alternative to a big-bang rewrite. Named by Martin Fowler after a vine that grows around a tree and gradually replaces it, the idea is to build new components alongside the running legacy system and migrate behavior piece by piece, so investment and returns arrive gradually and visibly instead of in one high-stakes cutover. Both AWS and Microsoft publish it as a standard low-risk modernization pattern. The one caveat worth knowing: if you start a strangler migration and never finish it, you can end up with a hybrid that's more complex than either the old system or a clean new one, so it needs a real plan to completion, not just a start.
Does AI make rewriting legacy software cheaper now?
Less than the 2023-era hype suggested, and the freshest evidence is pointedly skeptical. Early studies were optimistic: a controlled GitHub trial found developers completed a greenfield task about 55 percent faster with Copilot. But a 2025 METR study found experienced developers were actually 19 percent slower using early-2025 AI tools on large, mature codebases they knew well, even though they believed they were faster. And in June 2026 Gartner predicted that more than 70 percent of mainframe-exit projects started that year will fail to deliver their intended benefits, because organizations overestimated what generative AI could do on complex legacy systems. The honest read: AI helps most on fresh, well-scoped work and on modernizing in place, and helps least on the exact thing people hoped it would de-risk, a full migration off a gnarly legacy system.
When does it actually make sense to rebuild from scratch?
When the architecture, not the code quality, is the thing holding you back. Concretely: the current design can't scale to where the business is going, the platform or framework is unsupportable and can't be upgraded in place, the stack is so obscure you can't hire anyone to maintain it, or the original assumptions the system was built on no longer match reality. Gartner frames modernization as seven graded options, from encapsulate and rehost at the low-risk end through refactor and rearchitect, up to rebuild and replace at the high-risk end. The discipline is to pick the smallest step that solves the actual problem. Rebuild is the last resort, chosen because nothing cheaper can clear the constraint, not because the code is ugly.
What are the options between refactor and rebuild?
Gartner lays out seven, in rising order of risk and cost: encapsulate (wrap the old system behind an API and leave it running), rehost (lift and shift to new infrastructure with no code changes), replatform (small changes to move to a new runtime or database), refactor (clean up the code without changing behavior), rearchitect (shift to a better-fitting architecture, like breaking up a monolith), rebuild (rewrite from scratch keeping the same scope), and replace (retire it and swap in something new). Most owners jump straight to rebuild or replace when one of the cheaper, lower-risk steps would clear the actual blocker. The point of the ladder is to force that question before you commit to the most disruptive option.
Can I hand my existing codebase to a new team?
Yes, and a good team will audit it before quoting anything. Taking over someone else's code is normal work: we read the codebase, map what it does, find where the technical debt and risk actually sit, and then tell you honestly whether it's worth refactoring in place or whether the architecture is genuinely the constraint and a rebuild is justified. That audit comes before the recommendation, so the answer isn't predetermined by which one earns more. From there a takeover is scoped like any build: a written scope, a fixed quote, and milestone billing tied to working software, with everything transferring to you.
Who owns the code if you take over our software?
You do, outright. In a healthy takeover the client owns the code, the repositories, the infrastructure, and the IP, in their own name, with no license and no lock-in, whether we refactored what you had or rebuilt part of it. We never own your platform; we work on your code and hand it back. Watch for the opposite arrangement: firms that keep the code on their accounts or require an ongoing retainer to keep access to what you paid for. Before you sign anything, confirm in writing that everything transfers to you on final payment. It's a fair question to ask any vendor, and the answer should be an easy yes.
Sources
- The Developer Coefficient. Stripe (with Harris Poll), September 2018.
- Tech debt: Reclaiming tech equity. McKinsey Digital, October 2020.
- Information Technology: Agencies Need to Continue Addressing Critical Legacy Systems (GAO-23-106821). US Government Accountability Office, May 2023.
- Things You Should Never Do, Part I. Joel Spolsky (Joel on Software), April 2000.
- Delivering large-scale IT projects on time, on budget, and on value. McKinsey & Company with University of Oxford, October 2012.
- Gartner Predicts More Than 70% of Mainframe-Exit Projects Will Fail Due to Overestimation of Generative AI's Capabilities. Gartner, June 2026.
- StranglerFigApplication. Martin Fowler, August 2024.
- Embracing the Strangler Fig pattern for legacy modernization. Thoughtworks, October 2023.
- Strangler Fig pattern. AWS Prescriptive Guidance, 2024.
- Strangler Fig pattern. Microsoft Azure Architecture Center, 2024.
- 7 Options to Modernize Legacy Systems. Gartner (Stefan van der Zijden), 2019.
- Measuring the Impact of Early-2025 AI on Experienced Open-Source Developer Productivity. METR, July 2025.
- Quantifying GitHub Copilot's Impact on Developer Productivity and Happiness. GitHub, September 2022.
- Application Modernization Services Market Report. Grand View Research, 2024.
- Leaders overestimate AI's role in mainframe-exit plans, Gartner warns. CIO Dive, June 2026.
- The $85 billion cost of bad code. HackerOne, 2019.
Free, no sales call
Get an honest read on your codebase
Tell us about the software you're deciding whether to rebuild or refactor. We'll audit it and reply within 48 business hours with a straight refactor-or-rebuild call and a fixed-quote takeover plan. You own the code. No sales call, no obligation.