Lack of validation - a bug or a feature of the program (architectural flaw)?

R

Roman Mirilaczvili2016-06-29 10:50:05

Software testing

Roman Mirilaczvili, 2016-06-29 10:50:05

Suppose the program did not take into account that some verification is required. And over time, it turned out that the absence of this check leads to a software error.
Is the lack of validation a bug or is it still a feature of the program, even if it leads to an error?
Is there a concept of "architectural defect" from the point of view of error accounting software?
The question is exactly how the lack of validation in error reporting systems should be classified.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

Danil Biryukov-Romanov, 2016-06-29
@2ord

Lack of validation is a bug, not a "defect".
If it still results in an error, it's a serious bug. And if this leads to a crash of the program, a violation of data integrity, or makes it possible to bypass security, this is already a critical bug.
A bug is a discrepancy between the behavior of the program and the requirements.
Now consider two situations:
1) There were no requirements at all.
Not in words, not on paper. We decided to immediately hack the code and started. In this case, the question "How to correctly name what we have done with validation" will be the last thing to worry about - you need to hack.
2) The requirements are written (or discussed) and it is clearly stated that there should be no validation.
In this case - there is no bug in the implementation - it works according to the requirements.
However, the requirements are counterintuitive (all incoming data must be validated), so this is a mistake in the requirements and the requirements need to be corrected, referring to what problems the lack of validation can cause.