Where do Software Defects Originate?
Defects in software are inevitable. A common misperception is that the defects are caused only by faulty code, this is NOT so. In fact, more defects are caused by poor requirements, poor architecture or poor design (collectively) than poor code.
Usually the concept of a defect or bug is thought as “non-conformance to requirements” and yet if the requirements are wrong, could we still have a bug? Yes! A bug or defect is a failure to meet the desired outcome. If the desired outcome is poorly described (ie poor requirements) then we still have a bug, even if the code does exactly what the specific requirement describes.
We need to think more holistically about quality and how to satisfy the objectives or outcomes.
So, what are the root causes of software bugs, and why should we care?
By looking into the root causes of software bugs, where and when the bugs appear first, we can establish better ways to avoid them in the future. Our goal is to find and fix the problems as early as possible, so that they are not experienced by users.
It is interesting to note from the graph above that more defects come from pre-coding work, than coding itself. That is, the sum of the defects from requirements, architecture and design is greater than the coding defects. Given that the code is built on the foundation of the previous three, we will end up coding the wrong thing or in the wrong way unless we fix those pre-coding defects first.
Defect potential is the likely number of defects generated and latent within each artefact. For example, if we spend a day writing requirements, it is inevitable that we will make a few mistakes. We can then say that there is a defect potential based on the size of the requirements. Using a universal metric for size (the function point) allows us to compare defect potentials across different artefacts.
If you have an understanding of the defect potential, you can then take the next step and consider the steps required to detect those defects, remove them and then verify that they have been removed.