4.4. The Vital Few and the Trivial Many: Ranking Importance
This database can capture details about bugs found by test, but it doesn't yet contain a mechanism that allows you to assign levels of importance to bugs. To solve this problem, you can add two metrics of importance—severity and priority—and then aggregate them to create a third, compound metric.
SpeedyWriter Bug Detail
Figure 4.7. A bug detail report.
The first metric is severity. By severity, I mean the impact, immediate or delayed, of a bug on the system under test, regardless of the likelihood of occurrence under end-user conditions or the affect such a bug would have on users. I often use the same scale I used for failure mode and effect analysis (see Chapter 1):
Loss of data, hardware damage, or a safety issue.
Loss of functionality with no workaround.
Loss of functionality with a workaround.
Partial loss of functionality.
Cosmetic or trivial.
The second metric is priority. I use priority to capture the elements of importance not considered in severity, such as the likelihood of occurrence in actual customer use and the subsequent impact on the target customer. When determining priority, you can also consider whether this kind of bug is prohibited by regulation or agreement, what kinds of customers are affected, and the cost to the company if the affected customers take their business elsewhere because of the bug. ...