Load and Infrastructure Errors: What QA Should Watch Beyond Functional Behavior

Some failures have little to do with functional rules. A feature may work correctly with one user and fail badly under load, resource pressure, network instability, or infrastructure limits.

Quality engineers need to understand these risks because users experience the system as a whole, not as a set of isolated functions.

Common failure patterns

  • Slow response under expected concurrency.
  • Timeouts caused by downstream dependencies.
  • Resource exhaustion in CPU, memory, database connections, queues, or thread pools.
  • Retry storms that make a partial outage worse.
  • Environment differences between test and production.

How QA can add value

QA does not need to own all infrastructure engineering, but QA should ask testable questions. What load is normal? What load is peak? What happens when a dependency is slow? What is the user-visible failure mode? What telemetry proves the system is healthy?

Performance and reliability testing should begin before a late performance test. They begin with design questions about capacity, resilience, observability, and graceful degradation.

The release-confidence view

A release is not ready simply because the happy path works. It must be ready for realistic operating conditions. Load and infrastructure risk should be part of quality evidence, not an afterthought.

How to make this operational

A practical next step is to connect the test idea to production behavior. Ask what users would experience if this risk appeared, how the team would detect it, how quickly it could be diagnosed, and what recovery path would protect customers.

That keeps non-functional testing from becoming a late specialist activity. Performance, reliability, error handling, and observability are design concerns as much as test concerns.

Errors - data handling, race conditions

ERRORS IN HANDLING OR INTERPRETING DATA

Problems when passing data between routines
  • Parameter list variables out of order or missing
  • Data type errors
  • Aliases and shifting interpretations of the same area of memory
  • Misunderstood data values
  • Inadequate error information
  • Failure to clean up data on exception-handling exit
  • Outdated copies of data
  • Related variables get out of synch
  • Local setting of global data
  • Global use of local variables
  • Wrong mask in bit field
  • Wrong value from a table
Data Boundaries
  • Unterminated null terminated strings
  • Early end of string
  • Read/write past end of a data structure, or an element in it
Read outside the limits of a message buffer
  • Compiler padding to word boundaries
  • Value stack under/overflow
  • Trampling another process' code or data
Messaging Problems
  • Messages sent to wrong process or port
  • Failure to validate an incoming message
  • Lost or out of synch messages
  • Message sent to only N of N+1 processes
Data Storage Corruption
  • Overwritten changes
  • Data entry not saved
  • Too much data for receiving process to handle
  • Overwriting a file after an error exit or user abort

RACE CONDITIONS
  • Races in updating data 

  • Assumption that one event or task has finished before another begins
  • 
Assumption that input won't occur during a brief processing interval 

  • Assumption that interrupts won't occur during a brief interval 

  • Resource races: the resource has just become unavailable 

  • Assumption that a person, device, or process will respond quickly
  • 
Options out of synch during a display change
  • 
Task starts before its prerequisites are met 

  • Messages cross or don't arrive in the order sent 


Control Flow Errors: Testing the Paths Users and Systems Actually Take

Control flow errors occur when the software takes the wrong path, skips a necessary step, repeats work incorrectly, or handles a branch in a way the team did not intend.

These defects can be subtle because the individual screens or functions may appear correct until the sequence changes.

Where control flow risk appears

Workflow engines, approval processes, shopping carts, onboarding flows, state machines, retry logic, conditional business rules, and error recovery paths all carry control flow risk. The more branches and states a workflow has, the easier it is to miss a path.

Control flow problems often appear when users go back, cancel, retry, refresh, switch roles, change data mid-process, or resume after a timeout.

Useful test ideas

  • Test every important branch, not only the happy path.
  • Exercise transitions between states, including invalid transitions.
  • Interrupt workflows and resume them.
  • Repeat actions that should be idempotent.
  • Check that errors lead to safe recovery paths.

Why this is a senior QA skill

Good testers think in paths, not just inputs. They ask what happens before and after an action, what state the system believes it is in, and how that state can become inconsistent.

Control flow testing protects the user journey, not just individual features.

How to use this as a working habit

The practical value of this topic is in daily test design. Use it when reviewing a requirement, creating examples, selecting data, choosing boundaries, or explaining why a particular test matters.

Fundamentals are not junior concepts. Senior testers use them with more judgment: less ceremony where risk is low, more discipline where ambiguity, impact, or repeatability matter.

A useful habit is to ask what decision this concept supports. If the answer is unclear, the testing activity may need refinement. Good fundamentals should make the work sharper: clearer scope, better examples, stronger evidence, and more honest communication about what remains unknown.

Boundary, Calculation, and State Errors: The Defect Classes QA Should Hunt

Many defects come from predictable classes of error. Boundaries, calculations, and state transitions are three of the most important because they appear across almost every software domain.

A professional tester uses these classes as prompts for better test design.

Boundary errors

Boundary errors happen near limits: minimum values, maximum values, dates, lengths, thresholds, permissions, quantities, and capacity limits. If a system allows 1 to 100 items, the interesting tests are often 0, 1, 2, 99, 100, and 101.

Boundaries are powerful because developers and requirements often describe the normal range more clearly than the edges.

Calculation errors

Calculation errors include rounding, currency precision, tax rules, discounts, time zones, unit conversion, ranking, aggregation, and statistical formulas. These defects can be costly because results may look plausible while still being wrong.

Good calculation tests include simple known examples, edge values, negative cases, and reconciliation against trusted sources.

State errors

State errors happen when the system forgets, confuses, or mismanages where a user, record, transaction, or process is in its lifecycle. Draft, submitted, approved, cancelled, expired, paid, refunded, and failed states all need clear rules.

The best QA teams build test ideas around these defect classes because they repeatedly expose real production risk.

How to use this as a working habit

The practical value of this topic is in daily test design. Use it when reviewing a requirement, creating examples, selecting data, choosing boundaries, or explaining why a particular test matters.

Fundamentals are not junior concepts. Senior testers use them with more judgment: less ceremony where risk is low, more discipline where ambiguity, impact, or repeatability matter.

A useful habit is to ask what decision this concept supports. If the answer is unclear, the testing activity may need refinement. Good fundamentals should make the work sharper: clearer scope, better examples, stronger evidence, and more honest communication about what remains unknown.

Error Handling Testing: Where Systems Reveal Their Real Quality

Error handling is one of the clearest signals of engineering maturity. Many systems work when everything goes right. Quality is revealed when something goes wrong.

Users remember confusing errors, lost work, duplicate transactions, silent failures, and support teams that cannot diagnose what happened.

What to test

  • Invalid input, missing data, expired sessions, and insufficient permissions.
  • Timeouts, retries, dependency failures, and partial success.
  • Duplicate submissions and refresh behavior.
  • Recovery from interrupted workflows.
  • Logging, correlation IDs, and support-visible diagnostics.

Good error handling is user-centered

A useful error message explains what happened, what the user can do next, and whether the user's data or transaction is safe. It should not expose sensitive internal details, but it should give enough information to reduce confusion.

For internal tools and APIs, error handling also needs consistency. Different errors should not use the same message if the recovery action differs.

The QA leadership point

Error handling should not be left until late testing. It should be part of design. What can fail? How will the user know? How will the system recover? How will support diagnose it?

Those questions protect trust.

How to make this operational

A practical next step is to connect the test idea to production behavior. Ask what users would experience if this risk appeared, how the team would detect it, how quickly it could be diagnosed, and what recovery path would protect customers.

That keeps non-functional testing from becoming a late specialist activity. Performance, reliability, error handling, and observability are design concerns as much as test concerns.

User Interface Errors ... continued from earlier post

FUNCTIONALITY
  • Excessive functionality
  • Inflated impression of functionality
  • Inadequacy for the task at hand
  • Missing function
  • Wrong function
  • Functionality must be created by the user
  • Doesn't do what the user expects
COMMUNICATION
  • Missing information
    • No onscreen instructions
    • Assuming printed documentation is readily available
    • Undocumented features
    • States that appear impossible to exit
    • No cursor
    • Failure to acknowledge input
    • Failure to show activity during long delays
    • Failure to advise when a change will take effect
    • Failure to check for the same document being opened more than once
  • Wrong, misleading, or confusing information
    • Simple factual errors
    • Spelling errors
    • Inaccurate simplifications
    • Invalid metaphors
    • Confusing feature names
    • More than one name for the same feature
    • Information overload
    • When are data saved?
    • Poor external modularity
  • Help text and error messages
    • Inappropriate reading level
    • Verbosity
    • Inappropriate emotional tone
    • Factual errors
    • Context errors
    • Failure to identify the source of an error
    • Hex dumps are not error messages
    • Forbidding a resource without saying why
    • Reporting non-errors
  • Display bugs
    • Two cursors
    • Disappearing cursor
    • Cursor displayed in the wrong place
    • Cursor moves out of data entry area
    • Writing to the wrong screen segment
    • Failure to clear part of the screen
    • Failure to highlight part of the screen
    • Failure to clear highlighting
    • Wrong or partial string displayed
    • Messages displayed for too long or not long enough
  • Display layout
    • Poor aesthetics in the screen layout
    • Menu layout errors
    • Dialog box layout errors
    • Obscured instructions
    • Misuse of flash
    • Misuse of color
    • Heavy reliance on color
    • Inconsistent with the style of the environment
    • Cannot get rid of onscreen information
COMMAND STRUCTURE AND ENTRY
  • Inconsistencies
    • "Optimizations"
    • Inconsistent syntax
    • Inconsistent command entry style
    • Inconsistent abbreviations
    • Inconsistent termination rule
    • Inconsistent command options
    • Similarly named commands
    • Inconsistent capitalization
    • Inconsistent menu position
    • Inconsistent function key usage
    • Inconsistent error handling rules
    • Inconsistent editing rules
    • Inconsistent data saving rules
  • Time-wasters
    • Garden paths
    • Choices that can't be taken
    • Are you really, really sure?
    • Obscurely or idiosyncratically named commands
  • Menus
    • Excessively complex menu hierarchy
    • Inadequate menu navigation options
    • Too many paths to the same place
    • You can't get there from here
    • Related commands relegated to unrelated menus
    • Unrelated commands tossed under the same menu
  • Command lines
    • Forced distinction between uppercase and lowercase
    • Reversed parameters
    • Full command names not allowed
    • Abbreviations not allowed
    • Demands complex input on one line
    • No batch input
    • Can't edit commands
  • Inappropriate use of the keyboard
    • Failure to use cursor, edit, or function keys
    • Non-standard use of cursor and edit keys
    • Non-standard use of function keys
    • Failure to filter invalid keys
    • Failure to indicate keyboard state changes
    • Failure to scan for function or control keys
MISSING COMMANDS
    • State transitions
    • Can't do nothing and leave
    • Can't quit mid-program
    • Can't stop mid-command
    • Can't pause
  • Disaster prevention
    • No backup facility
    • No undo
    • No Are you sure?
    • No incremental saves
  • Error handling by the user
    • No user-specifiable filters
    • Awkward error correction
    • Can't include comments
    • Can't display relationships between variables
  • Miscellaneous nuisances
  • Inadequate privacy or security
  • Obsession with security
  • Can't hide menus
  • Doesn't support standard O/S features
  • Doesn't allow long names
PROGRAM RIGIDITY
  • User tailorability
    • Can't turn off the noise
    • Can't turn off case sensitivity
    • Can't tailor to hardware at hand
    • Can't change device initialization
    • Can't turn off automatic saves
    • Can't slow down (speed up) scrolling
    • Can't do what you did last time
    • Can't find out what you did last time
    • Failure to execute a customization command
    • Failure to save customization commands
    • Side-effects of feature changes
    • Infinite tailorability
  • Who's in control
    • Unnecessary imposition of a conceptual style
    • Novice-friendly, experienced-hostile
    • Artificial intelligence and automated stupidity
    • Superfluous or redundant information required
    • Unnecessary repetition of steps
    • Unnecessary limits
PERFORMANCE
  • Slow program
  • Slow echoing
  • How to reduce user throughput
  • Poor responsiveness
  • No type-ahead
  • No warning that an operation will take a long time
  • No progress reports
  • Problems with time-outs
  • Program pesters you
  • Do you really want help and graphics at a specific rate ?
OUTPUT
  • Can't output certain data
  • Can't redirect output
  • Format incompatible with a follow-up process
  • Must output too little or too much
  • Can't control output layout
  • Absurd printed level of precision
  • Can't control labeling of tables or figures
  • Can't control scaling of graphs

Common Software Errors and the Test Ideas They Should Trigger

Common software errors are useful because they give testers a starting point for investigation. They are not a substitute for domain understanding, but they help reveal risk patterns that repeat across products.

A skilled tester turns each error class into practical test ideas.

Frequent error classes

  • Boundary errors around limits, lengths, dates, quantities, and thresholds.
  • Validation errors where invalid or unexpected input is accepted.
  • State errors where workflow status becomes inconsistent.
  • Permission errors where users can do too much or too little.
  • Integration errors where data contracts or timing assumptions fail.
  • Error-handling gaps where failures are confusing, unsafe, or invisible.

From defect class to test design

If a feature stores user data, test invalid formats, duplicate records, missing values, special characters, long values, and privacy-sensitive fields. If a workflow has approvals, test role changes, rejection, resubmission, cancellation, and expired items. If an integration is involved, test timeout, retry, duplicate message, schema change, and partial failure.

This is how generic defect knowledge becomes product-specific testing.

Use history

The best source of common errors is the team's own defect history. Recurring defects show where requirements, design, code review, automation, or test strategy need improvement.

Common errors are not just things to find. They are clues about how the engineering system can get better.

How to use this in defect reviews

A practical way to use this idea is during defect triage or retrospectives. Pick a recent defect and separate the visible failure from the underlying cause. Then ask what would have prevented it, detected it earlier, or made it easier to diagnose.

That conversation turns defect handling into engineering improvement. It also helps QA move beyond counting defects and toward explaining what defect patterns reveal about requirements, design, data, automation, and team communication.

The strongest defect reviews end with an action the team can actually take. That might be a clearer acceptance example, a new API-level check, better logging, improved test data, a design-review prompt, or a change to release criteria. Without that action, defect analysis becomes commentary rather than improvement.

Which Test Types Should Be Automated?

The question is not whether testing should be automated. The better question is which checks deserve automation, at what level, and for what decision.

Automation is valuable when it produces fast, reliable, repeatable evidence. It is expensive when it automates weak ideas, unstable workflows, or checks better handled by human investigation.

Good automation candidates

  • Stable business rules with clear expected results.
  • API behavior, validation, permissions, and contract checks.
  • Regression checks that must run frequently.
  • Data calculations where expected results can be verified reliably.
  • Smoke checks that protect deployment confidence.

Poor automation candidates

Highly volatile UI flows, ambiguous usability questions, one-time investigation, visual judgment, and exploratory learning are usually poor first candidates. They may still benefit from tools, but not from brittle pass-fail automation.

Automating through the UI for every rule is also a common mistake. It often produces slow feedback and high maintenance cost.

The decision rule

Automate when the check is important, repeatable, stable enough, and cheaper to run by machine than by human. Keep human testing where judgment, discovery, empathy, and investigation matter.

Good automation strategy raises the skill bar for testers. It does not remove the need for testing judgment.

How to apply this to an automation portfolio

The practical next step is to review one automation suite and ask whether each check still earns its cost. A useful automated test should protect a real decision, fail for a meaningful reason, and help the team diagnose the likely cause quickly.

This topic becomes useful when it changes automation investment. Retire low-signal checks, move expensive UI checks down the stack where possible, and keep human testing focused on discovery, ambiguity, and product judgment.

Smoke testing

The term is supposed to have originated from the electrical engineering domain. When a new circuit being developed was attached to a power source any major issue with the circuit would cause smoke to emanate. No further testing would need to be performed on this circuit.

In the Software Engineering world, smoke testing is usually a smaller subset of your regression test suite. The tests are automated and test the important high level functionality to make sure these operate correctly. The idea is to verify the breadth of an application's functionality rather than testing in-depth. Smoke tests are run against each build. When a build completes, the automated smoke test suite is executed against this new build. The process would involve setting up the application and components, verifying that all components have been installed, perform any needed initializations, make necessary configurations and verify critical functionality.

Since smoke testing happens after unit testing has completed, it may appear that smoke testing is a duplication of effort. Unit testing is normally executed in isolation and on the developers' desktops / in the development environment. Smoke testing is a high-level integration test effort whose primary aim is to verify that the system's basic functions/features do what they are intended to do after the software system build is installed in the system test environment. A smoke test must be performed for each new build that is turned over to the test group. Successful smoke testing should be regarded as part of the entrance criteria for beginning the testing phase for the build.

Boundary Value Analysis (BVA)

Boundary Value Analysis (BVA) is a technique for designing test cases. It may also be termed as a technique for choosing test data, such that data that lie along the extremes or boundaries are chosen. Such boundary data would include – the maximum, minimum, error values, just in or out of range values. In the case of Equivalence classes, we might say that boundary values are data on, above and below the edges of input and output equivalence classes. Experience shows that tests which test for boundary value conditions are able to find more defects than just selecting any element in an equivalence class as a representative for the elements of the class. BVA focuses on both input and output conditions and requires that elements be selected so that the edges of the equivalence class be tested.

Examples include -
  • If the input or output condition states that the number of values must lie within a specific range, then
    • Create two positive tests, one at either end of the range.
    • Create two negative tests, one just beyond the valid range at the lower end and one just beyond the upper end
  • Lets say an input parameter accepts a range of values such as numbers from 1 to 10, test for 0, 1, 10 and 11
  • In a similar vein, if an application outputs a set of data records, say max of 10 records for a given query, write tests that cause the application to output 0, 1, 10 records as well as a test that could cause the application to incorrectly display > 10 records. The idea is to examine the boundaries of the output conditions. However, it may not always be possible to generate an output outside the range, but it is definitely something to consider when developing tests.

Equivalence Partitioning / Classing

Its a straight forward technique involving partitioning the possible set of factors (generally inputs to the system, output, etc.) into classes or partitions that are handled equivalently / similarly by the system. Tests would be developed including at least one item from each equivalence class.

For example if i had to test a mobile application with subscribers on different carriers, and am sure that for any given carrier all it's subscribers would be treated similarly by the application - a simplistic way to partition the subscribers could be based on their carriers. Each equivalence class in this case could correspond to a carrier and have the subscribers who are using this carrier. I could now pick a subscriber from each class and test with a fairly representative sample set of subscribers covering the different carriers.

An equivalence class is a set of data values which the tester thinks that the system will handle in the same manner. Testing any one representative from an equivalence class is considered to be sufficient since for any value from the same class, the system behavior will not be different. When trying to create equivalence partitions, look for ways to group similar inputs, similar outputs, and similar operation of the software. These groups represent equivalence partitions.

So, why do equivalence partitioning ? The answer must be pretty obvious – the number of tests you could potentially develop and run is nearly infinite. One of the important tasks of a tester is to select a doable subset of tests that are still effective. The objective of Equivalence Partitioning is to reduce the number of tests you need to execute while still getting the software adequately tested. There is an element of risk in using this technique – you are choosing to limit your testing to representatives from each class that you develop. Developing classes can be subjective and would require reviews to have agreement that the classes achieve the desired level of coverage.

Test Design Techniques Every Quality Engineer Should Use Deliberately

Test design techniques help testers move beyond intuition and coverage guesswork. They provide disciplined ways to select inputs, paths, conditions, and scenarios that are likely to reveal defects.

The value is not in naming the technique. The value is in applying the right technique to the right risk.

Core techniques

  • Equivalence partitioning groups inputs that should behave similarly.
  • Boundary value analysis focuses on limits and near-limit values.
  • Decision table testing handles combinations of conditions and rules.
  • State transition testing examines valid, invalid, and changing states.
  • Pairwise testing samples combinations efficiently when full coverage is impractical.
  • Error guessing uses experience with common failure patterns.

How senior testers choose

If the risk is input validation, equivalence partitioning and boundary value analysis may be ideal. If the risk is business rules, decision tables help. If the risk is workflow behavior, state transition testing is stronger. If the risk is configuration explosion, pairwise testing can reduce waste.

A strong tester can explain why a technique was chosen and what risk remains after using it.

A practical reminder

Technique does not replace product understanding. A beautifully designed test can still be irrelevant if it targets the wrong risk.

Use test design techniques as professional tools, not academic labels.

How to use this as a working habit

The practical value of this topic is in daily test design. Use it when reviewing a requirement, creating examples, selecting data, choosing boundaries, or explaining why a particular test matters.

Fundamentals are not junior concepts. Senior testers use them with more judgment: less ceremony where risk is low, more discipline where ambiguity, impact, or repeatability matter.

A useful habit is to ask what decision this concept supports. If the answer is unclear, the testing activity may need refinement. Good fundamentals should make the work sharper: clearer scope, better examples, stronger evidence, and more honest communication about what remains unknown.

Defects Are Social Signals: What Bugs Reveal About Team Communication

Defects are technical facts, but they often reveal social and communication patterns. A bug can point to unclear ownership, weak handoffs, hidden assumptions, rushed review, or disagreement about what the product should do.

This is why defect analysis should look beyond the code change that failed.

What defects can reveal

A permission defect may reveal that roles were not discussed with product and security. A migration defect may show that data assumptions were owned by nobody. A recurring UI defect may indicate that design patterns are not shared. A flaky automation failure may reveal that test data and environments lack ownership.

The defect is the visible symptom. The collaboration gap is often the cause.

How QA should respond

  • Write defects with evidence and impact, not accusation.
  • Look for recurring patterns across teams and releases.
  • Bring the right roles into root-cause discussions.
  • Improve review checklists, examples, test data, and ownership agreements.
  • Use retrospectives to change behavior, not to relitigate blame.

The leadership point

Teams that punish defect discovery will hide risk. Teams that study defects professionally will improve. QA leaders should make defect information useful, specific, and actionable.

A defect is not only a failure in software. It can be a signal about how the team communicates.

How to use this in defect reviews

A practical way to use this idea is during defect triage or retrospectives. Pick a recent defect and separate the visible failure from the underlying cause. Then ask what would have prevented it, detected it earlier, or made it easier to diagnose.

That conversation turns defect handling into engineering improvement. It also helps QA move beyond counting defects and toward explaining what defect patterns reveal about requirements, design, data, automation, and team communication.

The strongest defect reviews end with an action the team can actually take. That might be a clearer acceptance example, a new API-level check, better logging, improved test data, a design-review prompt, or a change to release criteria. Without that action, defect analysis becomes commentary rather than improvement.

Who Owns Which Tests? A Practical Responsibility Model

Quality ownership is shared, but shared ownership becomes vague unless teams define who owns which kind of evidence. A responsibility model helps prevent both gaps and duplication.

The goal is not to protect role boundaries. The goal is to make sure important risks have clear owners.

A practical split

  • Developers usually own unit tests, component checks, code-level quality, and much of API behavior.
  • QA often leads test strategy, exploratory testing, risk analysis, workflow coverage, release evidence, and cross-system validation.
  • Product owners help define acceptance intent, business rules, and user-value risk.
  • Security, operations, SRE, data, and accessibility specialists own or advise on specialist risks.

Where teams get into trouble

Trouble starts when every role assumes another role is covering a risk. Developers assume QA owns all validation. QA assumes developers covered low-level logic. Product assumes acceptance criteria are obvious. Operations assumes production behavior was tested before release.

A responsibility model makes those assumptions visible.

The senior QA role

Senior QA professionals do not try to own every test. They help the team place evidence at the right level, clarify ownership, and identify gaps before the release decision.

The best responsibility chart is not a static document. It changes as architecture, risk, and team capability evolve.

How this shows up in QA leadership

A QA leader can use this idea to improve the quality conversation in a team. Instead of asking only whether testing is complete, ask what risk has been reduced, what evidence supports that claim, and what decision the team is now better able to make.

That is the difference between QA as activity tracking and QA as technical leadership. The strongest quality professionals make uncertainty visible in a way that helps people act.

Pareto chart

A Pareto chart is a histogram that can be used to prioritize problems or their causes. Without this data, we might focus on problems which we think are important but could in reality not be the most pressing items.

The Pareto chart helps with
  • Prioritizing and selecting the greatest problem areas or largest areas of opportunities
  • Analyzing the frequency of an event (in terms of occurrences or number of items) and identify the biggest contributors
  • Communicating in summary, how 80% of the problem comes from 20% of the causes
Pareto charts are based on the Pareto Principle, which is named after the nineteenth-century Italian economist Vilfredo Pareto. The basis of the Pareto Principle is that roughly 80 percent of effects are produced by 20 percent of the causes. In terms of quality management, this theory can be translated to 80 percent of defects are produced by 20 percent of the features, code base, people, etc. Pareto charts as Juran stated, help to separate the vital few from the trivial many. Preparing a Pareto chart includes the following steps.
  • Identify the categories (problem areas or causes) for which data is to be collected
  • Gather the data needed for analysis over a period of time
  • Sort the categories according to frequency of occurrence
  • Mark the axes of the chart. List the categories in descending order on the horizontal axis and use an appropriate scale for the data on the vertical axis
  • Draw the histogram
  • Create the chart's percentage line representing the cumulative percent of occurrences. The line representing the cumulative percent will display across all categories
The chart displays graphically and in an easy to read manner the categories that are most important. Maximum return on investment may be obtained by focussing improvement efforts on these categories. Pareto charts are used widely in software development. One of the uses of this chart is to analyze defect metrics and determine which category of issues to address first. To do this, create Pareto charts based on bug types. This enables the team to determine the category in which most of the bugs are occurring, and focus their efforts there and avoid addressing issues randomly with little knowledge of overall project impact.

Defect Lifecycle: Turning Issue Workflow Into Engineering Learning

A defect lifecycle is more than a sequence of statuses. Used well, it is a way to manage evidence, decisions, ownership, and learning from discovery through closure.

Used poorly, it becomes administrative noise.

What the lifecycle should protect

A good defect workflow protects clarity. The team should know what failed, why it matters, who owns it, what decision is needed, what fix was made, how it was verified, and whether similar risk remains.

Statuses such as new, triaged, assigned, fixed, verified, deferred, duplicate, and closed are useful only if they support those decisions.

Information a good defect needs

  • Clear title and impact.
  • Environment, build, role, data, and reproduction path.
  • Expected and actual behavior.
  • Evidence such as logs, screenshots, request IDs, or records.
  • Severity, priority, and release decision context.

Beyond closure

Closing a defect should not always end the conversation. High-impact or recurring defects should feed retrospectives, automation improvements, design reviews, and test-strategy updates.

The lifecycle is valuable when it turns issue handling into engineering improvement.

How to use this in defect reviews

A practical way to use this idea is during defect triage or retrospectives. Pick a recent defect and separate the visible failure from the underlying cause. Then ask what would have prevented it, detected it earlier, or made it easier to diagnose.

That conversation turns defect handling into engineering improvement. It also helps QA move beyond counting defects and toward explaining what defect patterns reveal about requirements, design, data, automation, and team communication.

The strongest defect reviews end with an action the team can actually take. That might be a clearer acceptance example, a new API-level check, better logging, improved test data, a design-review prompt, or a change to release criteria. Without that action, defect analysis becomes commentary rather than improvement.

Defects, Bugs, Failures, Errors, and Incidents: Why the Words Matter

Testing terms are often used casually, but the distinctions between defect, bug, error, failure, and incident can help teams reason more clearly about quality.

The purpose is not academic precision. The purpose is better communication.

Useful distinctions

  • An error is a human mistake or incorrect action that can introduce a problem.
  • A defect or bug is a flaw in a work product, code, configuration, data, or design.
  • A failure is externally visible incorrect behavior when the system is executed.
  • An incident is an event that disrupts service, users, operations, security, or business process.

Why the distinction helps

A defect may exist without causing an observed failure yet. A failure may be caused by configuration, data, infrastructure, or code. An incident may involve multiple defects and operational factors.

When teams collapse all of this into the word bug, they can miss the real improvement opportunity.

The QA leadership view

Precise language improves triage, root-cause analysis, metrics, and release decisions. It helps teams separate user impact from implementation cause and individual mistake from systemic weakness.

Good terminology should make quality conversations more useful, not more complicated.

How to use this in defect reviews

A practical way to use this idea is during defect triage or retrospectives. Pick a recent defect and separate the visible failure from the underlying cause. Then ask what would have prevented it, detected it earlier, or made it easier to diagnose.

That conversation turns defect handling into engineering improvement. It also helps QA move beyond counting defects and toward explaining what defect patterns reveal about requirements, design, data, automation, and team communication.

The strongest defect reviews end with an action the team can actually take. That might be a clearer acceptance example, a new API-level check, better logging, improved test data, a design-review prompt, or a change to release criteria. Without that action, defect analysis becomes commentary rather than improvement.

Static testing, IEEE 1028 standard for Software Reviews

Testing need not be just about test execution. Static testing such as review is also testing. Lets look at the types of reviews and the related IEEE standard description for the same.

Reviews can be classified as formal or informal. A formal review process has specific roles such as Manager, moderator, reviewers, scribe, author. The IEEE 1028 standard lists the following types of reviews
  • Management reviews
  • Technical reviews
  • Inspections
  • Walk-throughs
  • Audits
In the real world, organizations may choose to combine elements from the different review types to suit their specific needs. Reviews should ideally be done before dynamic testing. The value of reviews may be co-related with the cost of fixing defects during different points in time in the software development life cycle. The sooner the defect is found (as in reviews) versus finding it later (system integration testing or post release), the less expensive it is to address the defect. Also, defects found during reviews could take lesser time to resolve as opposed to fixing a defect found much later – post implementation and during test execution.

More on the IEEE 1028 standard below.

The abstract of the IEEE 1028-1997 standard for Software Reviews states, “This standard defines five types of software reviews, together with procedures required for the execution of each review type. This standard is concerned only with the reviews; it does not define procedures for determining the necessity of a review, nor does it specify the disposition of the results of the review.”

Snapshot of content of the IEEE 1028 standard for Software Reviews.

1. Overview – Purpose, Scope, Conformance, Organization of standard, Application of standard
2. References
3. Definitions

4. Management reviews – Introduction, Responsibilities (Decision maker, Review leader, Recorder, Management staff, Technical staff, Customer or user representative), Input, Entry criteria (Authorization, Preconditions), Procedures (Management preparation, Planning the review, Overview of review procedures, Preparation, Examination, Rework/follow-up), Exit criteria, Output

5. Technical reviews – Introduction, Responsibilities (Decision maker, Review leader, Recorder, Technical staff, Management staff, Customer or user representative), Input, Entry criteria (Authorization, Preconditions), Procedures (Management preparation, Planning the review, Overview of review procedures, Overview of the software product, Preparation, Examination, Rework/follow-up), Exit criteria, Output

6. Inspections – Introduction, Responsibilities (Inspection leader, Recorder, Reader, Author, Inspector), Input, Entry criteria (Authorization, Preconditions, Minimum entry criteria), Procedures (Management preparation, Planning the inspection, Overview of inspection procedures, Preparation, Examination, Rework/follow-up), Exit criteria, Output, Data collection recommendations (Anomaly classification, Anomaly classes, Anomaly ranking), Improvement

7. Walk-throughs – Introduction, Responsibilities (Walk-through leader, Recorder, Author), Input, Entry criteria (Authorization, Preconditions), Procedures (Management preparation, Planning the walk-through, Overview, Preparation, Examination, Rework/follow-up), Exit criteria, Output, Data collection recommendations (Anomaly classification, Anomaly classes, Anomaly ranking), Improvement

8. Audits – Introduction, Responsibilities (Lead auditor, Recorder, Auditor, Initiator, Audited organization), Input, Entry criteria (Authorization, Preconditions), Procedures (Management preparation, Planning the audit, Opening meeting, Preparation, Examination, Follow-up), Exit criteria, Output

Function Point Analysis: What QA Leaders Can Still Learn From It

Function Point Analysis is not as fashionable as newer engineering metrics, but it still teaches an important lesson: software size and complexity should be considered from the user's functional perspective, not only from code volume.

For QA leaders, that perspective can still help with estimation, planning, and risk discussion.

The useful concept

Function points look at functional capabilities such as inputs, outputs, inquiries, files, and interfaces. The details of the counting method matter less for most QA teams than the underlying idea: functional scope can be reasoned about independently from lines of code.

That matters because a small code change can have large functional impact, and a large code change can have limited user-visible impact.

How QA can use the thinking

  • Estimate test effort based on functional complexity, not only development estimates.
  • Identify interfaces and data stores that increase risk.
  • Compare releases by functional scope and change impact.
  • Challenge plans that ignore complexity hidden behind simple UI changes.

The modern caution

Function Point Analysis should not become a heavyweight ritual. Modern teams often need lighter-weight sizing and risk models. Still, the discipline of looking at functional complexity is valuable.

For QA, the key lesson is to estimate testing from risk and behavior, not from code volume alone.

How to use this as a working habit

The practical value of this topic is in daily test design. Use it when reviewing a requirement, creating examples, selecting data, choosing boundaries, or explaining why a particular test matters.

Fundamentals are not junior concepts. Senior testers use them with more judgment: less ceremony where risk is low, more discipline where ambiguity, impact, or repeatability matter.

A useful habit is to ask what decision this concept supports. If the answer is unclear, the testing activity may need refinement. Good fundamentals should make the work sharper: clearer scope, better examples, stronger evidence, and more honest communication about what remains unknown.