Defect Management Life Cycle and Stages


A defect is a specific concern about the quality of an Application Under Test (AUT).

Defect can be defined as an inconsistency in the behavior of the software. No software exists without a defect or bug. The elimination of bugs from the software depends upon the efficiency of testing done on the software. A defect is basically the difference between the expected result and the actual result.

The cost of finding and correcting defects represents one of the most expensive software development activities. For the foreseeable future, it will not be possible to eliminate defects. While defects may be inevitable, we can minimize their number and impact on our projects. To do this, development teams need to implement a defect management process that focuses on preventing defects, catching defects as early in the process as possible, and minimizing the impact of defects. A little investment in this process can yield significant returns.

Defect Life Cycle

The bug has a life cycle in software development process. The bug should go through the life cycle to be closed. A specific life cycle ensures that the process is standardized. The bug attains different states in the life cycle. The life cycle of the bug can be shown diagrammatically as follows:


The different states of a bug can be summarized as follows:

  1. New
  2. Open
  3. Assign
  4. Test
  5. Verified
  6. Deferred
  7. Reopened
  8. Duplicate
  9. Rejected
  10. Closed

Description of Various Stages

  1. New : When the bug is posted for the first time, its state will be "NEW". This means that the bug is not yet approved.

  2. Open : After a tester has posted a bug, the lead of the tester approves that the bug is genuine and he changes the state to "OPEN".

  3. Assign : Once the lead changes the state to "OPEN", he assigns the bug to corresponding developer or developer team. The state of the bug now is changed to "ASSIGN".

  4. Test : Once the developer fixes the bug, he has to assign the bug to the testing team for the next round of testing. Before he releases the software with the bug fixed, he changes the state of the bug to "TEST". It specifies that the bug has been fixed and is released to the testing team.

  5. Deffered : When the bug is changed to the deferred state, the bug is expected to be fixed in future releases. The reasons for changing the bug to this state has many factors. Some of them are the priority of the bug may be low, a lack of time for the release or the bug may not have a major effect on the software.

  6. Rejected : If the developer feels that the bug is not genuine, he rejects the bug. Then the state of the bug is changed to "REJECTED".

  7. Duplicate : If the bug is repeated twice or the two bugs mention the same concept of the bug, then one bug status is changed to "DUPLICATE".

  8. Verified : Once the bug is fixed and the status is changed to "TEST", the tester tests the bug. If the bug is not present in the software, he approves that the bug is fixed and changes the status to "VERIFIED".

  9. Reopened : If the bug still exists even after the bug is fixed by the developer, the tester changes the status to "REOPENED". The bug traverses the life cycle once again.

  10. Closed : Once the bug is fixed, it is tested by the tester. If the tester feels that the bug no longer exists in the software, he changes the status of the bug to "CLOSED". This state means that the bug is fixed, tested and approved.

Defect prevention is much more effective and efficient in reducing the number of defects; most organizations conduct defect discovery and removal. Discovering and removing defects is an expensive and inefficient process. It is much more efficient for an organization to conduct activities that prevent defects.

Guidelines on deciding the Severity of Bug

It indicates the impact each defect has on testing efforts or users and administrators of the application under test. This information is used by developers and management as the basis for assigning priority of work on defects. "Severity" is associated with standards. "Severity" is the state or quality of being severe; severe implies adherence to rigorous standards or high principles and often suggests harshness; severe is marked by or requires strict adherence to rigorous standards or high principles, e.g. a severe code of behavior.

Guidelines for assignment of Priority Level

"Priority" is associated with scheduling. "Priority" means something is afforded or deserves prior attention; precedence established by order of importance (or urgency).
A sample guideline for assignment of Priority Levels during the product test phase includes:

  1. Critical / Show Stopper : An item that prevents further testing of the product or function under test can be classified as a Critical Bug. No workaround is possible for such bugs. Examples of this include a missing menu option or security permission required to access a function under test.

  2. Major / High : A defect that does not function as expected/designed or that causes other functionality to fail to meet requirements can be classified as a Major Bug. The workaround can be provided for such bugs. Examples of this include inaccurate calculations; the wrong field being updated, etc.

  3. Average / Medium : The defects which do not conform to standards and conventions can be classified as Medium Bugs. Easy workarounds exists to achieve functionality objectives. Examples include matching visual and text links which lead to different end points.

  4. Minor / Low : Cosmetic defects which does not affect the functionality of the system can be classified as Minor Bugs.

Defect Management Process  The defect management process is based on the following general principles:

  • The primary goal is to prevent defects. Where this is not possible or practical, the goals are to both find the defect as quickly as possible and minimize the impact of the defect.
  • The defect management process should be risk driven -- i.e., strategies, priorities, and resources should be based on the extent to which risk can be reduced.
  • Defect measurement should be integrated into the software development process and be used by the project team to improve the process. In other words, the project staff, by doing their job, should capture information on defects at the source. It should not be done after-the-fact by people unrelated to the project or system.
  • As much as possible, the capture and analysis of the information should be automated.
  • Defect information should be used to improve the process. This, in fact, is the primary reason for gathering defect information.
  • Most defects are caused by imperfect or flawed processes. Thus to prevent defects, the process must be altered.