I don't see any mention of security or legal concerns. Not all bugs can be identified by exceptions, exception frequency is not an indication of their impact, and in some cases stability is less important then correctness. Using bugs per session as the (only?) metric is a horrible way of doing product management.