[haskellandchill]

What about the Bayesian methods shown in "How to Measure Anything"? They have been applied to Cybersecurity ("How to Measure Anything in Cybersecurity Risk" in a very thorough and convincing manner. It looks like the business around it is trying to apply it to product management (https://hubbardresearch.com/shop/measure-anything-project-ma...). Basically the idea is when things are hard to measure we should not abandon quantitative scales and use qualitative ones (like t-shirt sizes) but instead use probabilities to quantify our uncertainty and leverage techniques like bayesian updates, confidence intervals, and monte carlo simulations.

[apwheele]

This is not inconsistent with How to Measure Anything IMO (I like that book as well). The biggest issue to me is that he does not define actual follow ups on ROI -- it is all estimated in this framework. So it is all good to define how to prioritize, it is not helpful though retrospectively to see if people are making good estimates.

My work very rarely is a nicely isolated new thing -- I am building something on-top of an already existing product. In these scenarios ROI is more difficult -- you need some sort of counterfactual profit absent the upgrade. Most people just take total profit for some line, which is very misleading in the case of incremental improvements.

[haskellandchill]

The problem is the muda should have expected values associated with them. Bugs and security vulnerabilities do cost money, these are 90% confidence intervals of dollar impact from How to Measure.

[dentemple]

Do you have any links to back up your information that doesn't cost $17,250 to view?

[haskellandchill]

Here is a blog post: https://www.linkedin.com/pulse/three-project-management-meas...

[dentemple]

thanks