What is Defect Life Cycle?
The defect life cycle (bug life cycle) describes the journey of a defect from discovery through resolution and closure. Understanding this cycle ensures efficient bug tracking, clear communication, and timely resolution.
Defect Life Cycle Stages
1. New
Description: Defect reported by tester, not yet reviewed. Actions: Tester logs defect with details (steps, screenshots, severity).
2. Assigned
Description: Defect triaged and assigned to developer. Actions: Manager/Lead reviews, assigns to appropriate developer.
3. Open
Description: Developer begins investigating/fixing. Actions: Developer confirms defect, starts work.
4. Fixed
Description: Developer completes fix, ready for verification. Actions: Code changes implemented, pushed to test environment.
5. Retest
Description: Tester verifies fix. Actions: Tester executes test cases to confirm resolution.
6. Verified/Closed
Description: Fix confirmed, defect closed. Actions: Tester confirms resolution, updates status to closed.
Alternative Paths
Rejected
Description: Defect deemed invalid (not a bug, works as designed). Reason: Cannot reproduce, expected behavior, duplicate.
Deferred
Description: Valid defect postponed to future release. Reason: Low priority, not critical for current release.
Reopened
Description: Fix didn’t resolve issue or introduced regression. Actions: Tester reopens defect with details, reassigned to developer.
Defect Life Cycle Workflow
[New] → [Assigned] → [Open] → [Fixed] → [Retest] → [Verified] → [Closed]
↓ ↓ ↓ ↑ ↓
[Rejected] [Deferred] [Reopened]──┘ [Reopened]
Defect Attributes
Essential Fields
| Field | Description | Example |
|---|---|---|
| ID | Unique identifier | BUG-1234 |
| Title | Brief summary | “Login fails with valid credentials” |
| Description | Detailed explanation | Steps to reproduce, expected vs actual |
| Severity | Impact on system | Critical, High, Medium, Low |
| Priority | Urgency of fix | P1, P2, P3, P4 |
| Status | Current state | New, Open, Fixed, Closed |
| Assigned To | Responsible developer | john.doe@company.com |
| Reporter | Who found it | qa.tester@company.com |
| Environment | Where found | Production, Staging, Dev |
| Version | Software version | v2.3.1 |
| Attachments | Screenshots, logs | screenshot.png, error.log |
Severity vs Priority
| Severity | Priority | Example |
|---|---|---|
| Critical | P1 | Payment processing broken - fix immediately |
| High | P1 | User data exposed - security (as discussed in Bug Anatomy: From Discovery to Resolution) risk |
| Medium | P2 | Search returns incorrect results |
| Low | P3 | Cosmetic UI issue |
| Critical | P2 | Rare edge case crash (affects < 1% users) |
| Low | P1 | CEO demos tomorrow, cosmetic fix needed |
Severity = Technical impact Priority = Business urgency
Best Practices
1. Write Clear Defect Reports
Bad Defect Report:
Title: Login doesn't work
Description: I tried to login and it failed.
Good Defect Report:
Title: Login fails with "Invalid credentials" error for valid users
Description:
When attempting to log in with valid credentials, the system returns
"Invalid credentials" error and does not authenticate the user.
Steps to Reproduce:
1. Navigate to https://app.example.com/login
2. Enter username: test@example.com
3. Enter password: ValidPass123!
4. Click "Login" button
Expected Result:
User is authenticated and redirected to dashboard.
Actual Result:
Error message "Invalid credentials" displayed.
Login fails despite correct credentials.
Environment:
- Browser: Chrome 118.0
- OS: Windows 11
- Server: Staging (v2.3.1)
Additional Info:
- Issue started after deployment on 2025-10-01
- Affects all test accounts
- Console shows 401 error from /api/auth/login
- Screenshot attached: login-error.png
2. Use Consistent Severity/Priority Definitions
Severity Levels:
- Critical (S1): System crash, data loss, security (as discussed in Continuous Testing in DevOps: Quality Gates and CI/CD Integration) breach
- High (S2): Major feature broken, significant functionality impacted
- Medium (S3): Feature partially working, workaround available
- Low (S4): Minor issue, cosmetic, no functional impact
Priority Levels:
- P1: Fix immediately (blocker)
- P2: Fix in current sprint
- P3: Fix in next sprint
- P4: Fix when time permits (backlog)
3. Defect Triage Process
Daily Triage Meeting (15-30 min):
- Review new defects
- Validate reproducibility
- Assign severity and priority
- Assign to developer
- Set target resolution date
Criteria for Prioritization:
- Impact (how many users affected?)
- Frequency (how often does it occur?)
- Workaround (is there an alternative?)
- Business criticality (does it block revenue?)
4. Track Defect Metrics
| Metric | Description |
|---|---|
| Open Defects | Total unresolved bugs |
| Defect Age | Days since reported |
| Mean Time to Resolve | Average fix time |
| Reopened Rate | % of defects reopened |
| Defect Density | Bugs per feature/module |
5. Root Cause Analysis
For critical/recurring defects, conduct RCA:
5 Whys Technique:
Defect: Payment processing fails
Why? API returns 500 error
Why? Database connection timeout
Why? Connection pool exhausted
Why? Connections not released after use
Why? Missing finally block in code
Root Cause: Code defect - missing connection cleanup
Fix: Add proper connection management
Prevention: Code review checklist updated
Common Pitfalls
❌ Vague descriptions: “It doesn’t work” - provide specific steps
❌ Missing reproducibility: Can’t reproduce = can’t fix
❌ Incorrect severity: “Typo in footer” marked as Critical
❌ Duplicate defects: Check existing bugs before reporting
❌ No regression testing: Fix verified but related features not tested
❌ Skipping verification: Assuming fix works without testing
Defect Management Tools
Popular bug tracking systems:
- Jira: Enterprise standard, highly customizable
- GitHub Issues: Integrated with code, simple workflow
- Bugzilla: Open-source, feature-rich
- Azure DevOps: Microsoft ecosystem, integrated ALM
- Linear: Modern, fast, developer-focused
Conclusion
A well-defined defect life cycle ensures bugs are tracked systematically from discovery to closure. Clear processes, consistent communication, and disciplined follow-through result in faster resolution, better quality, and improved team collaboration.
Key Takeaways:
- Standardize workflow: Define clear stages and transitions
- Write detailed reports: Steps, screenshots, environment details
- Distinguish severity vs priority: Technical impact vs business urgency
- Triage regularly: Daily review of new defects
- Track metrics: Monitor resolution time, defect density
- Conduct RCA: Learn from critical defects to prevent recurrence
Implement a structured defect life cycle, and your team will resolve bugs faster, reduce misunderstandings, and deliver higher-quality software.