Turn your manual testers into automation experts! Request a DemoStart testRigor Free

Mastering Defect Management: Understanding Severity vs. Priority in the Life Cycle

A bug or defect is a critical element in the software testing life cycle. It’s common for defects to be logged by testers, stakeholders, or developers. When logging a defect, numerous attributes should be noted, including the defect description, application version, defect details, steps to reproduce, test data, who it was created by, and the date it was created. Among all these attributes, Severity and Priority stand out as the most critical for the project. While they may seem similar, they serve different purposes within the project’s scope. Let’s understand them in more detail.


What is Bug Severity?

Severity can be defined as the degree to which a specific defect can impact a software application. It quantifies a defect’s effect on the software’s performance and its implications for overall functionality. In other words, Severity delineates the comprehensive influence that any given defect may impose on a system. The higher the impact of a bug or defect on system functionality, the higher its severity level will be. It is typically the responsibility of a Quality Assurance engineer to evaluate and determine the severity level of a bug or defect.

Levels of Bug Severity

Based on criticality, bug severity is typically classified into four types:
  • Critical
  • High
  • Medium
  • Low

Critical Severity

Critical severity refers to a defect that has entirely disrupted an application’s functionality, rendering it impossible for the user or tester to proceed or execute any tests. When a defect renders the entire functionality of an application non-operational or unreachable, it is categorized as a critical defect.

For instance, consider an online banking application. If a defect causes the login feature of the app to fail entirely, preventing users from logging into their accounts, this defect would be categorized as having critical severity. The reason is simple: Users can’t access any of the application’s features without logging in. They can’t check their account balances, can’t make transactions, and can’t use any other banking services provided by the app. In other words, the application is completely unusable.

In this scenario, the application’s primary function (allowing users to access and manage their bank accounts) is impeded, and the impact on the user experience is severe. That’s why such a defect would be labeled as critical. As a rule, bugs with critical severity should be addressed immediately to prevent significant disruptions in the software’s functionality and to maintain the software’s quality and reliability.

High Severity

High severity refers to a situation where a bug doesn’t compromise the entire application but still inhibits key system functionalities, thus qualifying as a major defect. This doesn’t lead to an entire system shutdown (a characteristic associated with a critical defect), but it obstructs the application’s major and sometimes even essential functionalities.

Let’s consider an example; suppose a customer can browse the online store and add items to the cart but is unable to proceed to the checkout page to complete the purchase. This issue doesn’t make the entire application inoperable – users can still view items, read product descriptions, add products to their cart, etc. However, it significantly impacts a critical functionality of the application: the ability to finalize a purchase.

In this case, while the entire system isn’t shut down (which would be a characteristic of a critical severity bug), a key feature of the application is hindered. This is why such a defect would be considered high severity. It’s a major issue that disrupts the main objective of the application – allowing users to make purchases – and should be addressed as a priority.

Medium Severity

Medium severity refers to circumstances where an application’s behavior deviates from expectations, but this doesn’t impede its functionality. Typically, medium severity defects have possible workarounds, ensuring they don’t entirely obstruct a function (unlike high-severity defects that lack workarounds). These minor defects can be deferred until the subsequent release as they do not limit the application’s functionality.

For example, suppose the search feature in the application is supposed to return documents containing the search term in their content or their title. However, due to a defect, the search feature only returns documents where the search term is in the title, not the content. While the search feature isn’t working as expected, it’s not entirely broken. Users can still find documents by their title, which means they can still use the application to manage and locate documents, albeit with reduced efficiency. Moreover, a workaround might be available, such as manually browsing through the document list, which further mitigates the impact of the defect.

Since the application’s overall functionality isn’t critically impacted and a workaround is available, this defect would typically be classified as medium severity.

Low Severity

Low severity refers to defects that are primarily aesthetic and do not impede an application’s functionality or user experience (UX). Despite their minimal impact, they are still considered valid defects. For instance, suppose in an online shopping application, the product names are not properly aligned with their respective images on the product listing page. The misalignment doesn’t affect the application’s functionality – users can still view products, add them to the cart, and complete purchases. These issues will fall under low severity.


What is Bug Priority?

Priority can be described as a determining factor that establishes the sequence in which a defect should be rectified. Essentially, a defect with a higher priority should be addressed first. Priority dictates the order of defect resolution, providing insight into what needs immediate attention versus what can wait. The tester assigns this priority status to the developer, usually with a suggested timeframe for the defect’s resolution. If a high priority is assigned, the developer should resolve the defect quickly. The assignment of priority essentially depends on the customer’s requirements and the defect’s potential impact on them. It’s important to remember that the priority of a defect can shift relative to other defects. This means it’s subjective, dependent on the context and overall impact on the system or application at a given time. As other defects emerge or the project’s requirements evolve, a defect’s priority may be adjusted accordingly.

Bug priority is commonly classified into three types:
  • High
  • Medium
  • Low

High Priority

Defects that potentially cause a complete system failure require immediate attention. Prompt resolution of such defects is crucial to prevent any severe consequences. Delays in finding a solution can adversely affect the system, often resulting in further complications. If a defect directly impacts the bottom line or user experience (UX), it is classified as high priority. These bugs can affect the entire application and must be resolved quickly. Assigning a high priority ensures that the resolution time is minimized, emphasizing the urgency of addressing these critical issues.

An example of a high-priority defect could be a situation in a payment processing application where credit card information is displayed incorrectly or stored insecurely. In this case, the bug directly affects the security and privacy of sensitive user data and compliance with data protection regulations. The potential consequences of such a defect include unauthorized access to credit card information or potential data breaches. As a result, it poses a significant risk to both the users and the application’s reputation. Given the severity of the issue and its potential impact on the system and users, the defect would be classified as high priority.

Medium Priority

Bugs of this nature do not impact the system’s functionality. They can be addressed concurrently during the testing and design phases. While these bugs do require resolution, they do not demand immediate attention. Generally, defects that do not directly affect business operations or customer experience are assigned medium priority. They are considered less urgent than high-priority defects and can be fixed when the development team has time to address them.

An example of a medium-priority defect could be a situation in a social media application where the alignment of profile pictures is slightly off. Although the misalignment may not affect the application’s core functionality, it can still impact the overall aesthetic and user experience. The defect may cause the profile pictures to be slightly misaligned or not perfectly centered within their designated areas.

While this issue doesn’t hinder users from using the application or accessing its features, it still represents a valid defect that should be resolved. However, considering its relatively minor impact on functionality, it may be assigned a medium priority.

Low Priority

Low priority defects refer to software issues or bugs that have a relatively minor impact on an application’s functionality, usability, or user experience. The defects with the least priority for getting fixed are addressed after all the high and medium-priority defects are resolved. An example of a low priority defect could be a situation in a project management application where a tooltip on a button is missing. In this case, the absence of the tooltip does not affect the application’s core functionality or prevent users from performing their tasks. It is a minor cosmetic issue that does not impact the overall usability or user experience. This defect would be considered low priority.

Severity vs Priority

Severity Priority
Denotes how severely a defect can affect the functionality of the application Defines how fast the defect needs to be fixed
Driven by functionality Driven by business value
Category determined by Test Engineer Category determined by Product Owner
Severity is objective, and value won’t change Priority is subjective and can change value based on the project situation
Deals with the technical aspect of the application Deals with a timeframe or order to fix the defects
Typically categorized into four types
  • Critical
  • High
  • Medium
  • Low
Typically categorized into three types
  • High
  • Medium
  • Low

Severity – Priority Combinations

The combination of priority and severity determines the level of attention each defect requires, ranging from immediate action to lower priority. Let’s look at some real-time examples to make this concept even clearer. There are four combinations:

  • Highest Severity and Highest Priority
  • Lower Severity and Highest Priority
  • Highest Severity and Lower Priority
  • Lower Severity and Lower Priority

Highest Severity and Highest Priority

These defects are the most critical issues requiring immediate attention and resolution. These defects significantly impact the system’s functionality or user experience and are considered top priorities for the development team.

For example, imagine a banking application where a bug is discovered that allows unauthorized access to customer account information. This means that users can potentially view and manipulate sensitive data of other customers, such as account balances, transaction history, and personal details. The severity of this defect is extremely high as it compromises the security and privacy of customers’ financial information. Due to the critical nature of this issue and the potential legal and reputational consequences for the bank, it is assigned a high priority. Immediate action is required to protect customer data and prevent further unauthorized access.

Lower Severity and Highest Priority

These defects represent issues that may have minimal impact on the system’s functionality or user experience but still require immediate attention due to their significance in the overall project or business context. These defects may not directly affect critical functionalities, but they have a high priority based on other factors such as business requirements, customer demands, or project deadlines.

An example could be a typo in a marketing message or promotional banner on a company’s website. While the typo does not directly impact the functionality or usability of the website, it is assigned a high priority due to its importance in maintaining a professional and polished brand image. The typo may be in a prominent location, such as a headline or call-to-action, which could create a negative impression among visitors or impact the company’s credibility. Even though it is a low-severity issue, a high priority is assigned to ensure the defect is promptly addressed.

Highest Severity and Lower Priority

These defects are issues that significantly impact the system’s functionality or user experience but are assigned a lower priority in terms of resolution. These defects may have critical implications but are deemed less urgent than other higher-priority defects due to various factors such as business needs, resource constraints, or project timelines.

For example, consider a minor visual glitch in a mobile application’s error message pop-up. Suppose the glitch causes the error message to briefly flicker or display with a slightly distorted appearance when triggered. While this visual issue does not impact the core functionality or usability of the application, it is still considered a high-severity defect as it affects the overall user experience and may create momentary confusion for users. However, this defect is assigned a low priority due to other critical development tasks or higher-priority defects directly impacting essential functionalities. The impact of the visual glitch on the application’s core operations is minimal, allowing it to be deprioritized in favor of more pressing issues.

Lower Severity and Lower Priority

And finally, these defects represent issues with minimal impact on the system’s functionality or user experience, and they are assigned a lower priority for resolution. These defects have a lower level of urgency and can be addressed during routine maintenance or future development cycles.

An example could be a minor formatting inconsistency in the footer section of a website. Suppose the alignment of the elements in the footer, such as social media icons or copyright information, is slightly off or not perfectly centered. While this formatting issue may affect the visual aesthetics of the website, it does not impact the core functionality or usability for users. While the defect is acknowledged as a valid improvement, it is considered less urgent than other higher-priority defects or development tasks directly impacting critical functionalities.

Guidelines for Defining Severity

Testers typically assess the severity parameter, while the product manager or triage team are usually the ones to assess the priority parameter. It is crucial for testers to choose the appropriate severity level to ensure clarity with the development team when prioritizing the defect.

Key considerations in understanding priority and severity include:

  • Assigning the severity level based on the type of issue, as it impacts its priority.
  • Evaluating how a specific scenario or test case would impact the end user.
  • Considering the time required to fix the defect based on its complexity and the time needed to verify it.

Role of Automation

Regression testing is crucial for identifying bugs early in the development cycle. Most companies follow frequent release cycles, which makes manually executing the whole regression cycle extremely challenging. This is where automation testing plays a vital role. Tools like testRigor help to reduce the time spent on creating test cases and focus more on execution. One way in which testRigor minimizes time spent on test creation is by enabling users to create test scripts in plain English. Moreover, testRigor is also known to significantly reduce test maintenance, with users spending 99.5% less time on this aspect compared to when using other tools.

When considering a critical use case, testRigor helps create suitable test suites and execute them often to ensure no failure occurs. testRigor also supports visual regression testing, where we can capture any changes in the application layout compared with the previous release; even low-priority issues are caught, leaving no room for defects.

testRigor supports cross-platform and cross-browser execution. By enabling seamless testing across various platforms and browsers, testRigor helps ensure consistent performance and compatibility across different environments.

testRigor offers seamless integration with popular test management tools like Jira or TestRail. This integration allows for efficient reporting and tracking of discrepancies or defects discovered during test execution. With direct integration, any identified issues can be easily raised and logged directly into Jira for further analysis and resolution.


Severity measures the impact of a defect on the system’s functionality, while priority determines the order in which defects should be addressed. Effectively balancing these factors ensures that critical issues are appropriately addressed and resolved promptly. Incorporating automation tools like testRigor into the software development lifecycle enables teams to maximize their testing efforts, improve the accuracy of defect identification, and ultimately deliver high-quality software products to end users. By understanding and effectively utilizing severity and priority and leveraging automation tools, organizations can ensure a robust and efficient testing process that leads to a successful and reliable software release.

Related Articles

Top 5 QA Tools to Look Out For in 2024

Earlier, test scripts were written from a developer’s perspective to check whether different components worked correctly ...

Best Practices for Creating an Issue Ticket

“Reminds me of the awesome bug report I saw once: Everything is broken. Steps to reproduce: do anything. Expected result: it ...