Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Defect priority
Defect Severity
These are often a confused concept and are almost used interchangeably amongst not only
test teams but also development teams. Theres a fine line between the two and its
important to understand that there are indeed differences between the two.
Lets understand briefly the theoretical definitions of the two parameters in the next section.
Priority 1 Critical (P1): This has to be fixed immediately within 24 hours. This
generally occurs in cases when an entire functionality is blocked and no testing can
proceed as a result of this. Or in certain other cases if there are significant memory
leaks, then generally the defect is classified as a priority -1 meaning the program/
feature is unusable in the current state.
Priority 2 High (P2): Once the critical defects have been fixed, a defect having
this priority is the next candidate which has to be fixed for any test activity to match
the exit criteria. Normally when a feature is not usable as its supposed to be, due
to a program defect, or that a new code has to be written or sometimes even
because some environmental problem has to be handled through the code, a defect
may qualify for a priority 2.
Priority 3 Medium (P3): A defect with this priority must be in contention to be
fixed as it could also deal with functionality issues which is not as per expectation.
Sometimes even cosmetic errors such as expecting the right error message during
the failure could qualify to be a priority 3 defect.
Priority 4 Low (P4): A defect with low priority indicates that there is definitely an
issue, but it doesnt have to be fixed to match the exit criteria. However this must
be fixed before the GA is done. Typically, some typing errors or even cosmetic errors
as discussed previously could be categorized in here. Sometimes defects with priority
low are also opened to suggest some enhancements in the existing design or a
request to implement a small feature to enhance user experience.
Severity:
Severity is a parameter to denote the implication of defect on the system how critical
defect is and what is the impact of the defect on the whole systems functionality? The
severity is a parameter set by the tester while he opens a defect and is mainly in control of
the tester. Again different organizations have different tools to use for defects, but on a
generic level these are the following severity levels:
Critical / Show Stopper (S1): A defect that completely hampers or blocks testing
grossly away from the expectations or not doing what it should be doing. An example
could be: Say that a VLAN needs to be deployed on the switch and you are using a
UI template that triggers this function. When this template to configure VLAN fails on
the switch, it gets classified as a severe functionality drawback.
Moderate/ Normal (S3): A moderate defect occurs when the product or application
doesnt meet certain criteria or still exhibits some unnatural behavior, however the
functionality as a whole is not impacted. For example in the VLAN template deploy
above, a moderate or normal defect would occur when the template is deployed
successfully on the switch however there is no indication being sent to the user.
Low or Minor (S4): A minor bug occurs when there is almost no impact to the
functionality, but is still a valid defect that should be corrected. Examples of this
could include spelling mistakes in error messages printed to user or defects to
enhance the look and feel of a feature.
High priority, high severity: Any defects due to which the testing cannot continue
at any cost or causes a severe system failure fall under this category. Say for
example clicking on a particular button doesnt load the feature itself. Or performing
a particular function brings down the server consistently and causes data loss. The
red lines in the above figure indicate these kind of defects.
High priority, low severity: Defects which have to be fixed but do not affect the
application come under this category. Say for example the feature is expected to
display a particular error to the user with respect to its return code. In this case,
functionally the code will throw an error, but the message will need to be more
relevant to the return code generated. The blue lines in the figure indicate these
kinds of defects.
High Severity, low priority: Defects which have to be fixed but not immediately.
This can specifically occur during ad-hoc testing. It means that the functionality is
affected to a large extent, but is observed only when certain uncommon input
parameters are used. Say for example a particular functionality can be used only on
a later version of the firmware, so in order to verify this the tester actually
downgrades his system and performs the test and observes a serious functionality
issue which is valid. In such a case the defects will be classified in this category
denoted by pink lines, as normally end users will be expected to have a higher
version of firmware.
Low severity, low priority :These defects are classified in the green lines as shown
in the figure and occur when there is no functionality impact, but still not meeting
Defect Triage
A commonly heard and experienced situation in test teams is limited availability of
resources. Defect triage is a process which tries to do some re-balancing as a result of this
phenomenon. So when there are a large number of defect and limited Developers/testers to
fix/verify them, defect triage helps trying to get as many defects resolved as possible by
balancing these technical personnel based on defect parameters like priority and severity.
Typically, a defect triage session is attended by the Product Manager, a development lead, a
test lead and sometimes business analysts. In some cases, certain other members may also
be invited to give their opinions and perspectives regarding certain defects. These are
collectively called a triage team.
Defect Triage Process:
Most systems use priority as the main criteria to assess the defect, however a good triage
process considers the severity as well.
Lets take a closer look at the triage process with two examples that weve talked about in
the previous section. In both the examples above, it would actually be the first defect that
would be given a very high priority. Despite it being only a cosmetic defect, the impact of
not fixing would be huge.
The second one on the other hand is a surely functionality defect, however its occurrence is
in only certain conditions which is a seldom practiced customer scenario. Fixing it may need
more time and people, which could be better utilized for other defects. Hence it would deem
lower priority than that of the first and maybe deferral candidate to another release.
Thus the triage process involves triage team siting down together, reviewing all the defects
including rejected defects. They draw an initial assessment on the defects based on its
content, their respective priority and severity settings; with each person in the triage team
presenting their perspective on how to prioritize the defects. The product manager then sets
the priority based on all the inputs and assigns the defect to the correct release I.e. in the
current release or any future release. He also redirects the defect to the correct owner/team
for further action. Rejected defects also are put through a similar analysis. Based on the
reason for rejection, the futuristic action of whether it needs to be deferred or cancelled is
determined.
influencing factors for the prioritizing the defect. Hence its important as a tester to select
the right severity to avoid confusion with development teams.
Below are certain guidelines that every tester must try to follow:
Firstly, understand the concepts of priority and severity well. Avoid confusing one
with the other and using them interchangeably. In line with this, follow the severity
guidelines published by your organization / team so that everyone is on the same
page.
Always choose the severity level based on the issue type as this will affect its priority.
understand how a particular scenario or test case would affect the end user. This
involves a lot of collaboration and interaction with development team, Business
Analysts, architects, Test lead, Development lead. In your discussions you also need
to factor in how much time it would take to fix the defect based on its complexity
and time to verify this defect.
Finally, its always the product owner who possesses the veto power of the release
the defect should be fixed. However since the defect triage sessions contain varied
members to present their perspective on the defect on a case basis, at such a time if
the developers and testers are in sync, it surely helps in influencing the decision.
Conclusion
While opening defects its a testers responsibility to assign the right severity to the defects.
Incorrect severity and hence priority mapping can have very drastic implications on the
overall STLC process and the product as a whole. In several job interviews there are
several questions that are asked on priority and severity to ensure that as a tester you have
these concepts impeccably clear in your mind.