View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
March 1, 2017

The cost of fixing bugs throughout the SDLC

It’s often claimed that it’s important to fix bugs early in a software development life cycle (SDLC) to save time and money, but how much of a cost difference does it really make when fixing bugs during various SDLC phases?

By Ellie Burns

The Systems Sciences Institute at IBM has reported that the cost to fix a bug found during the implementation stage is approximately six times more expensive than one identified during design; the cost to fix an error found after product release is then four to five times as much as one uncovered during design, and up to 100 times more than one identified during the maintenance phase. In short, the cost of a bug increases exponentially as the software progresses along the SDLC.


Prevention is better than cure

The popular saying holds true in software development as it usually becomes harder to rectify an issue as the product approaches the end of the SDLC. If not handled correctly, bugs introduced during the design phase cost more to fix as they can have a severe impact and are more complex to resolve. Code changes for a bug fix can also affect the application’s functionality, requiring yet more counter-changes, adding to the cost, time and effort.

Take a banking application, for example, in which a security flaw is identified once the app has been released. For a  product potentially used by thousands – if not more – the bug could cost a great deal of money to remediate. The effort, time and money required to resolve the issue is significantly higher than if the bug had been identified and fixed during the earlier stages of development. Not to mention, the complexity of deploying and implementing changes in a live production environment would further increase overall cost.


Bugs in the real world

One recent – and costly – example of identifying a bug after release is the exploding Samsung Galaxy Note 7 smartphones. This was the result of a suspected fault in the devices’ battery management system, which is supposed to monitor the electric current and stop the charging process once the battery is fully charged. A fault in this system could lead to batteries becoming overcharged, unstable and eventually exploding. This fault cost Samsung in the region of $17 billion following the recall of 2.5 million devices, and twice halted sales and production. Had this bug been discovered during the early phases of the SDLC, a lot of money – and Samsung’s reputation – would have been saved.

The cost of fixing bugs throughout the SDLC


Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

Building security in

Bugs are unavoidable, but improving security throughout the SDLC helps to create more reliable software. A traditional SDLC conducts security testing at the end, once the development team’s required functionalities are in place. However, security testing and risk factor consideration during the development phases will prevent bugs and errors at later stages. Some simple security testing practices can help with this:

  • Identify issues during development with activities such as architecture risk analysis
  • Review code using a tool or plugin which highlights issues and provides just-in-time notifications to allow developers to remediate issues
  • Conduct a source code review – this could be as simple as having a colleague go through your code and suggest tweaks to improve performance
  • Prior to software release, conduct penetration testing to identify any issues and make sure previously identified bugs are resolved

These simple practices help tie security into the software development process, ensuring issues are reduced and resolved along the SDLC.



Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.