Peter Nairn

It is only a one line fix

Posted on Mon 21 Dec 2009 at 07:08 in Testing
 



We had a problem report outstanding for a long time, simple little problem. When a user gets a message in their inbox, a yellow marker shows up on their screen to indicate they have a message waiting. Some messages are important messages that the user has to action and then they get a red marker on their screen. Some users get the important messages as a FYI, but were still getting the red marker when they can't action the message and in this circumstance they should receive neither a red or yellow marker. Low severity and low priority bug.

Fix comes in from Development. The fix is to remove the marker for these users, which is a simple one line fix.


We test it. It is a low severity/low priority bug amongst all the other bug fixes we have to retest, to do a lot of testing in this area requires a lot of data set-up, so we just do a quick check. All is well.


The release goes to Live.


Everyone reading this knows what is going to happen next, otherwise there would be no point to this post! Yes, something was broken. True the users who were supposed not get their marker didn't get their marker, however, no other users were getting any marker either and this marker is relied on for important messages, as the users need to take action - no action means the user is prevented from using the system. Not getting the marker meant some users were not actioning and getting locked out of the system.


Big “oops”.


OK, so all test groups make this type of error sooner or later and we learn from them (sort of, sometimes we don't). But the whole episode made me think about Michael Bolton's distinction between “checking” and “testing”. What we tend to do on low severity bug retests are “checks”. Heck, we have already tested this area once, lets just check the fix. We might do some regression testing, maybe through running an automated suite, but we rarely test a bug fix that is low severity.. Maybe other test groups do more testing on this type of bug fix, but mostly my group doesn't.


So, I asked myself, SHOULD we have done more testing? In order to answer that, I looked back at all the low severity bugs we had found, over 3000 of them. I looked at how many of these fixes had either failed retest and/or caused a problem in Live. Few had failed retest, less than 1 percent. I could only find one other low severity problem that had caused a problem in Live and that was also low severity. I also estimated what would it have taken to test these fixes rather than check them? A lot was the answer. The rate of return for putting testing effort into these bug fixes would have been incredibly low.


So, my conclusion was that, yes it was bad that the bug got through, but I don't want to start testing low severity bugs, it will cost too much effort that would be better targeted at more important areas finding more important bugs. I will just have to take the risk that another low severity bug fix will cause a problem in Live.


Testing is all about assessing risks and acting accordingly.



3 comments :: link

Low Severity/Priority Bugs and Verification Testing

Posted on Mon 21 Dec 2009 at 12:49 by strazzerj
It's an interesting dilemma. It might be an easy bug to fix, but an expensive verification process.

I'm not sure that the Severity/Priority of a bug should be used to determine if the fix is to be tested or not. Otherwise you get into an "Well, I only changed a comma, so no need to test" situation.

Clearly in this case, the fix caused a higher severity bug.

Perhaps if the original bug was truly that low Severity/Priority it shouldn't have been fixed in the first place?

In my shop, when triaging bugs I like to take into account not only the effort to fix the bug, but the effort to test it as well. And unfortunately, the test effort often far exceeds the fix effort.

Edited by strazzerj on Mon 21 Dec 2009 at 04:50

Perhaps it should have been higher?

Posted on Mon 21 Dec 2009 at 01:15 by michaeljf
I would agree with Joe's comment, as I was reading this and the implications of the fix (Users able to be locked out of the system if it goes wrong) I would have upped the Severity somewhat. I've seen stuff like this before as well, where the Dev's assured QA that it was simple and there would be no fallout. Then WHAM! Turns out they didn't understand all the eccentricities of the system, so we turned it into a learning opportunity, which is all you can do after this kind of situation.

Bug severity and area severity

Posted on Mon 21 Dec 2009 at 04:03 by Anonymous
Looks like you had a low severity bug in a high risk area. So from a testing point of view I would consider it a high testing priority. How many of those 3000 low severity bugs are in high risk areas and would it be possible to test those?
Or depending on your development lifecycle you could schedule those fixes to be at the start of an iteration so you would have a longer window for "accidentally" stumbling on them.

Rasmus

Last Page | Page 1 of 50 | Next Page

Links

- Home
- My Profile
- Archives
- Friends
- My Photo Album

Recent Entries

- It is only a one line fix
- Problem with hiring testers Pt2
- The problem with hiring testers
- Secrets of a Buccaneer Scholar - book review
- I got a new Netbook!

RSS feed

- Subscribe

Friends

- strazzerj
- philk10
- whollymindless
- michaeljf
- spikyone