I recently ran across a well-intentioned request on StackExchange’s beta Software Quality Assurance and Testing group on ranking defects. Something to do with locating a good bug matrix to use.
This would have been my response, had StackExchange not decided my answer looks like spam:
It appears the option you found is very similar to the old idea of Risk Prioritization Numbers. It’s an artifact of performing Failure Mode and Effects Analysis or FMEA. People have created several variations of this over the years and attempted to apply it to software development activities like testing. The problem I have with it when used in this context is its subjectivity and, as a result, failure to faithfully relate the effect on the end user.
What is severe or highly likely for one customer may have no impact upon another. Of course there are exceptions … your software kills someone
Continue reading →