Tudor B.

QA Process

Defect Management

Q: What's the difference between severity and priority?

Severity measures technical impact (how bad is the bug?). Priority measures business urgency (how soon must we fix it?). A critical bug in a rarely-used feature might be high severity but medium priority.

Q: How do you handle defects found in production?

Production defects get immediate triage. Critical issues trigger our incident response process with root cause analysis and preventive measures.

Q: What metrics do you track for defect management?

Key metrics include: defect density, defect escape rate, mean time to resolution, defects by severity, and defect reopen rate.

Q: Do you use our existing defect tracking tool?

Yes. BugBoard integrates with Jira, Azure DevOps, and other popular tools. We adapt to your workflow, not the other way around.

Q: How do you prevent defect recurrence?

We perform root cause analysis on escaped defects and update test cases to catch similar issues. Patterns are documented and shared across projects.

A systematic approach to identifying, documenting, tracking, and resolving software defects throughout the development lifecycle.

5

Lifecycle stages

4

Severity levels

60%

Faster resolution

ISTQB

Standard compliant

01

What is Defect Management?

Defect management is the systematic process of identifying, documenting, tracking, and resolving software defects from discovery through closure. It ensures that all issues are properly categorized by severity and priority, assigned to the appropriate team members, and tracked through a defined lifecycle until resolution and verification.

02

Defect Lifecycle and Severity

Stage / Level	Description	Classification
Open	Defect has been identified and documented. Awaiting assignment to a developer or team for investigation and resolution.	LIFECYCLE
In Progress	Developer is actively working on understanding the root cause and implementing a fix. May involve code changes, testing, and debugging.	LIFECYCLE
Fixed	Code changes have been implemented and committed. The defect is ready for QA verification but has not been tested yet.	LIFECYCLE
Verified	QA has confirmed the fix resolves the issue without introducing new problems. The defect is approved for closure.	LIFECYCLE
Closed	Defect has been resolved, verified, and deployed to production. No further action required unless the issue reoccurs.	LIFECYCLE
Critical	System crash, data loss, or security vulnerability. Blocks core functionality and requires immediate attention.	SEVERITY
Major	Significant feature malfunction with no workaround. Impacts key user workflows but does not prevent system use.	SEVERITY
Minor	Issue affects non-critical functionality. A workaround exists, and the defect does not significantly impact user experience.	SEVERITY
Trivial	Cosmetic issues, minor UI glitches, or suggestions for improvement. Does not affect functionality or user tasks.	SEVERITY

03

Defect Management Process

1

Defect Identification

Testers discover defects during test execution. Each defect is documented with steps to reproduce, expected vs actual behavior, and environment details.

2

Classification and Prioritization

Defects are categorized by severity (Critical, Major, Minor, Trivial) and priority based on business impact and urgency.

3

Assignment and Resolution

Defects are assigned to developers who investigate root causes, implement fixes, and update the defect status to Fixed.

4

Verification

QA retests the fixed defect to confirm it no longer occurs and that the fix has not introduced new issues (regression testing).

5

Closure and Reporting

Verified defects are closed. Metrics such as defect density, resolution time, and escape rate are tracked for continuous improvement.

04

Key Defect Metrics

Defect Density

Measures the number of defects relative to the size of the software, typically expressed as defects per thousand lines of code (KLOC) or defects per function point.

Defect Density = Total Defects / Size (KLOC or FP)

Defect Age

Tracks how long defects remain open from identification to closure. Longer age indicates bottlenecks in resolution or prioritization issues.

Defect Age = Current Date - Defect Open Date

Defect Escape Rate

Percentage of defects found in production versus those found during testing. Lower rates indicate more effective testing processes.

Escape Rate = (Production Defects / Total Defects) × 100

Resolution Time

Average time required to fix and verify defects. Tracks development efficiency and helps forecast release readiness.

Avg Resolution Time = Σ(Close Date - Open Date) / Total Defects

05

Standards and Best Practices

ISTQB Foundation

This defect management framework follows ISTQB (International Software Testing Qualifications Board) guidelines for defect lifecycle management, severity classification, and metrics tracking. Our certified QA engineers apply industry-standard practices to ensure consistent, high-quality defect resolution processes.

Need Defect Management Support?

Our ISTQB-certified QA team provides comprehensive defect tracking, triage, and resolution services with transparent metrics and reporting.

Get started View all services

Last updated: March 5, 2026 Originally published: December 7, 2022