Ownership risk highlights how knowledge and responsibility for code are distributed across a team. Healthy ownership patterns reduce dependency on single individuals, improve resilience, and help prevent “bus factor” risks. PullRule provides three complementary metrics to measure ownership health:
  • Herfindahl–Hirschman Index (HHI) – how concentrated ownership is.
  • Ownership spread – how many effective contributors exist.
  • Coverage overlap – how often files are touched by multiple people.

Herfindahl–Hirschman Index (HHI)

The Herfindahl–Hirschman Index (HHI) measures the concentration of ownership across contributors.
  • 0 → perfectly spread (ownership is evenly shared).
  • 1 → fully dominated by one person (a single point of failure).
Lower HHI = healthier distribution of knowledge.
Higher HHI = higher dependency risk.

Example

  • HHI = 0.10 Ownership is well-distributed. Many contributors share responsibility, so the code is resilient.
  • HHI = 0.34 Some concentration exists. A few people own most of the work, but there is still some redundancy.
  • HHI = 0.80 Very high risk. Nearly all ownership sits with one contributor. If they leave or become unavailable, the project suffers.

Ownership spread

The ownership spread translates HHI into an “effective number of owners,” calculated as: 
Ownership spread = 1 ÷ HHI
It gives an intuitive sense of how many people really own the code, even if the contributor list is longer.
  • Higher values → knowledge is spread across more contributors.
  • Lower values → fewer contributors hold most of the ownership (higher bus-factor risk).

Example

  • Ownership spread = 6.0 Knowledge is spread across the equivalent of six full owners — resilient.
  • Ownership spread = 2.98 Roughly three effective contributors share ownership. This is okay, but still exposed to loss if one leaves.
  • Ownership spread = 1.2 Almost everything is in the hands of a single person. Very risky.

Coverage overlap

The coverage overlap measures the fraction of files touched by at least two distinct contributors in a given period.
  • 1.00 = every file has multiple contributors (high resilience).
  • 0.00 = all files are owned by just one person (high risk).
This tells you whether files have redundancy in knowledge or if they risk being siloed.

Example

  • Coverage overlap = 1.00 Every file has multiple contributors. If someone leaves, others can step in immediately.
  • Coverage overlap = 0.60 60% of files have shared ownership. The other 40% are risky, as they depend on a single contributor.
  • Coverage overlap = 0.00 All files are owned by exactly one person. The team is at maximum bus-factor risk.

How to use these metrics

  • Spot weak points: Look for high HHI, low spread, or low overlap in critical areas of the codebase.
  • Mitigate risks: Encourage pair programming, code reviews, or rotations to spread ownership.
  • Track over time: Improvements should show up as lower HHI, higher spread, and higher overlap.
PullRule makes these risks visible so teams can proactively build resilience into their codebase.