Editing Software bug (section)

== Management ==
[[File:Classpath bugs.png|thumb|upright=1.6|Example bug history ([[GNU Classpath]] project data). A new bug is initially ''unconfirmed.'' Once reproducibility is confirmed, it is changed to ''confirmed''. Once the issue is resolved, it is changed to ''fixed''.]]

Bugs are managed via activities like documenting, categorizing, assigning, reproducing, correcting and releasing the corrected code. 

[[Programming tool|Tools]] are often used to track bugs and other issues with software. Typically, different tools
are used by the software development team to [[bug tracking system|track their workload]] than by [[customer service]] to [[issue tracking system|track user feedback]].<ref>{{cite magazine |last=Allen |first=Mitch |date=May–June 2002 |title=Bug Tracking Basics: A beginner's guide to reporting and tracking defects |magazine=Software Testing & Quality Engineering Magazine |volume=4 |issue=3 |pages=20–24 |url=https://www.stickyminds.com/better-software-magazine/bug-tracking-basics |access-date=December 19, 2017}}</ref> 

A tracked item is often called ''bug'', ''defect'', ''ticket'', ''issue'', ''feature'', or for [[agile software development]], ''story'' or ''epic''. Items are often categorized by aspects such as severity, priority and [[version number]].

In a process sometimes called [[triage]], choices are made for each bug about whether and when to fix it based on information such as the bug's severity and priority and external factors such as development schedules. Triage generally does not include investigation into cause. Triage may occur regularly. Triage generally consists of reviewing new bugs since the previous triage and maybe all open bugs. Attendees may include project manager, development manager, test manager, build manager, and technical experts.<ref>{{cite book| url=https://books.google.com/books?id=XN0izRhGylYC&dq=bug+triage&pg=PA139| title=Managing The Testing Process |edition=2nd | author=Rex Black| date=2002| access-date=19 June 2021| publisher=Wiley India Pvt. Limited| isbn=978-8126503131| page=139}}</ref><ref>{{cite book| url=https://books.google.com/books?id=BKj-M_FlU_kC&dq=bug+triage&pg=PA80| title=Shipping Greatness - Practical Lessons on Building and Launching Outstanding Software, Learned on the Job at Google and Amazon| author=Chris Vander Mey| year=2012| publisher=[[O'Reilly Media]]| isbn=978-1449336608| pages=79–81}}</ref>

=== Severity ===

''Severity'' is a measure of impact the bug has.<ref>{{Cite journal|last1=Soleimani Neysiani|first1=Behzad|last2=Babamir|first2=Seyed Morteza|last3=Aritsugi|first3=Masayoshi|date=2020-10-01|title=Efficient feature extraction model for validation performance improvement of duplicate bug report detection in software bug triage systems|url=https://linkinghub.elsevier.com/retrieve/pii/S0950584920301117|journal=Information and Software Technology|language=en|volume=126|pages=106344|doi=10.1016/j.infsof.2020.106344|s2cid=219733047}}</ref> This impact may be data loss, financial, loss of goodwill and wasted effort. Severity levels are not standardized, but differ by context such as industry and tracking tool. For example, a crash in a video game has a different impact than a crash in a bank server. Severity levels might be ''crash or hang'', ''no workaround'' (user cannot accomplish a task), ''has workaround'' (user can still accomplish the task), ''visual defect'' (a misspelling for example), or ''documentation error''. Another example set of severities: ''critical'', ''high'', ''low'', ''blocker'', ''trivial''.<ref>{{cite web|url=http://www.bugzilla.org/docs/4.4/en/html/bug_page.html|title=5.3. Anatomy of a Bug|work=bugzilla.org|url-status=live|archive-url=https://web.archive.org/web/20130523121753/http://www.bugzilla.org/docs/4.4/en/html/bug_page.html|archive-date=May 23, 2013}}</ref> The severity of a bug may be a separate category to its priority for fixing, or the two may be quantified and managed separately.

{{anchor|Show stopper|Showstopper|Showstopper bug}}A bug severe enough to delay the release of the product is called a ''show stopper''.<ref name="DoD_Glossary1989">{{Cite encyclopedia |title=Show stopper |encyclopedia=Glossary: defense acquisition acronyms and terms |year=1989 |publisher=Department of Defense, [[Defense Systems Management College]] |location=Fort Belvoir, Virginia|url=https://hdl.handle.net/2027/mdp.39015061290758?urlappend=%3Bseq=163 |editor-last=Jones |editor-first=Wilbur D. Jr. |edition=4 |page=123 |hdl=2027/mdp.39015061290758?urlappend=%3Bseq=163 |language=en|via=Hathitrust}}</ref><ref name="Zachary1994">{{Cite book |title=Show-stopper!: the breakneck race to create Windows NT and the next generation at Microsoft |last=Zachary |first=G. Pascal |publisher=[[Free Press (publisher)|The Free Press]] |year=1994 |isbn=0029356717 |location=New York |page=158 |language=en |url=https://archive.org/details/showstopperbreak00zach/page/158/mode/1up?q=%22showstopper+bug%22 |url-access=registration |via=archive.org}}</ref>

=== Priority ===

''Priority'' describes the importance of resolving the bug in relation to other bugs. Priorities might be numerical, such as 1 through 5, or named, such as ''critical'', ''high'', ''low'', and ''deferred''. The values might be similar or identical to severity ratings, even though priority is a different aspect. 

Priority may be a combination of the bug's severity with the level of effort to fix. A bug with low severity but easy to fix may get a higher priority than a bug with moderate severity that requires significantly more effort to fix. 

=== Patch ===

Bugs of sufficiently high priority may warrant a special release which is sometimes called a ''[[Patch (computing)|patch]]''. 

=== Maintenance release ===

A software release that emphasizes bug fixes may be called a ''maintenance'' release {{endash}} to differentiate it from a release that emphasizes new features or other changes.

=== Known issue ===
It is common practice to release software with known, low-priority bugs or other issues.  Possible reasons include but are not limited to:

* A deadline must be met and resources are insufficient to fix all bugs by the deadline<ref>{{cite magazine|title=The Next Generation 1996 Lexicon A to Z: Slipstream Release|magazine=[[Next Generation (magazine)|Next Generation]]|issue=15 |date=March 1996|page=41}}</ref>

* The bug is already fixed in an upcoming release, and it is not of high priority

* The changes required to fix the bug are too costly or affect too many other components, requiring a major testing activity

* It may be suspected, or known, that some users are relying on the existing buggy behavior; a proposed fix may introduce a [[wikt:breaking change|breaking change]]

* The problem is in an area that will be obsolete with an upcoming release; fixing it is unnecessary

* "It's not a bug, it's a feature"<ref name=wired>{{cite web|url=https://www.wired.com/story/its-not-a-bug-its-a-feature/|title='It's Not a Bug, It's a Feature.' Trite – or Just Right?|website=wired.com|first=Nicholas |last=Carr|year=2018}}</ref> A misunderstanding exists between expected and actual behavior or [[undocumented feature]]

=== Implications ===
The amount and type of damage a software bug may cause affects decision-making, processes and policy regarding software quality. In applications such as [[human spaceflight]], [[aviation]], [[nuclear power]], [[health care]], [[public transport]] or [[automotive safety]], since software flaws have the potential to cause human injury or even death, such software will have far more scrutiny and quality control than, for example, an online shopping website. In applications such as banking, where software flaws have the potential to cause serious financial damage to a bank or its customers, quality control is also more important than, say, a photo editing application.

Other than the damage caused by bugs, some of their cost is due to the effort invested in fixing them. In 1978, Lientz et al. showed that the median of projects invest 17 percent of the development effort in bug fixing.<ref>{{Cite journal|title = Characteristics of Application Software Maintenance|journal = Communications of the ACM |date = 1978 |pages = 466–471|volume = 21|doi = 10.1145/359511.359522|first1 = B. P.|last1 = Lientz |first2 = E. B.|last2 = Swanson |first3 = G. E.|last3 = Tompkins|issue = 6 |s2cid = 14950091 |doi-access = free}}</ref> In 2020, research on [[GitHub]] repositories showed the median is 20%.<ref>{{cite arXiv |last1=Amit |first1=Idan |last2=Feitelson |first2=Dror G.|date=2020 |title=The Corrective Commit Probability Code Quality Metric |class=cs.SE |eprint=2007.10912}}</ref>

{{anchor|residual defects|Deployment failures}}

=== Cost ===

In 1994, NASA's [[Goddard Space Flight Center]] managed to reduce their average number of errors from 4.5 per 1,000 lines of code ([[Source lines of code|SLOC]]) down to 1 per 1000 SLOC.<ref name=NASA1994>{{cite journal
|journal=Software Engineering Laboratory Series
|title=An Overview of the Software Engineering Laboratory
|date=December 1994
|issue=SEL-94-005
|url=https://ntrs.nasa.gov/api/citations/19950022293/downloads/19950022293.pdf}}</ref>

Another study in 1990 reported that exceptionally good software development processes can achieve deployment failure rates as low as 0.1 per 1000 SLOC.<ref name="CobbMills1990">{{Cite journal |title=Engineering software under statistical quality control |journal=[[IEEE Software]] |url=https://trace.tennessee.edu/utk_harlan/14/|via=University of Tennessee – Harlan D. Mills Collection |last1=Cobb |first1=Richard H. |issue=6 |volume=7 |last2=Mills |first2=Harlan D. |doi=10.1109/52.60601 |year=1990 |page=46 |s2cid=538311 |language=en |issn=1937-4194 |author-link2=Harlan Mills}}</ref> This figure is iterated in literature such as ''[[Code Complete]]'' by [[Steve McConnell]],<ref name="McConnel1993">{{Cite book |title=Code Complete |last=McConnell |first=Steven C. |publisher=Microsoft Press |year=1993 |isbn=978-1556154843 |location=Redmond, Washington|page=611 |language=en |url=https://archive.org/details/codecompleteprac0000mcco/page/611/mode/1up?q=%22space+shuttle%22|via=archive.org |quote=(Cobb and Mills 1990) |author-link=Steve McConnell |url-access=registration}}</ref> and the ''NASA study on Flight Software Complexity''.<ref>{{cite journal
|author=Gerard Holzmann
|title=Appendix D – Software Complexity
|journal= Final Report: NASA Study on Flight Software Complexity (Daniel L. Dvorak (Ed.))
|date=March 5, 2009
|series=NASA Office of Chief Engineer Technical Excellence Program
|url= https://www.nasa.gov/wp-content/uploads/2015/04/418878main_fswc_final_report.pdf
}}</ref> Some projects even attained zero defects: the [[firmware]] in the [[IBM Wheelwriter]] typewriter which consists of 63,000 SLOC, and the [[Space Shuttle]] software with 500,000 SLOC.<ref name="CobbMills1990" />

=== Benchmark ===

To facilitate reproducible research on testing and debugging, researchers use curated benchmarks of bugs:
* the Siemens benchmark
* ManyBugs<ref name="Le GouesHoltschulte2015">{{cite journal|last1=Le Goues|first1=Claire|author1-link=Claire Le Goues|last2=Holtschulte|first2=Neal|last3=Smith|first3=Edward K.|last4=Brun|first4=Yuriy|last5=Devanbu|first5=Premkumar|last6=Forrest|first6=Stephanie|last7=Weimer|first7=Westley|title=The ManyBugs and IntroClass Benchmarks for Automated Repair of C Programs|journal=IEEE Transactions on Software Engineering|volume=41|issue=12|year=2015|pages=1236–1256|issn=0098-5589|doi=10.1109/TSE.2015.2454513|doi-access=free}}</ref> is a benchmark of 185 C bugs in nine open-source programs.
* Defects4J<ref name="JustJalali2014">{{cite book|last1=Just|first1=René|title=Proceedings of the 2014 International Symposium on Software Testing and Analysis – ISSTA 2014|pages=437–440|last2=Jalali|first2=Darioush|last3=Ernst|first3=Michael D.|s2cid=12796895|chapter=Defects4J: a database of existing faults to enable controlled testing studies for Java programs|year=2014|doi=10.1145/2610384.2628055|isbn=9781450326452|citeseerx=10.1.1.646.3086}}</ref> is a benchmark of 341 Java bugs from 5 open-source projects. It contains the corresponding patches, which cover a variety of patch type.