How to submit a bug report?

Jul 08, 2009

Given the recent problems at Adobe, I thought it would be a good time to go over this important topic. Writing a good bug report is really critical in the time it takes to document and fix the problem. It's a science and an art. A simple email saying "it doesn't work" and "fix it" isn't very useful for the software vendor and will likely cost time in getting the bug resolved. There's actually quite a bit you need to include in the initial report.

1. Be as specific as possible. Provide the code that is throwing the error and all the related settings. Database driver versions, current application system information (many software packages have a nice summary settings page like for example ColdFusion). Sometimes the software will have a bug reporter within it which naturally sends this type of settings information.

2. Is the problem reproducible? Verify before submitting that the bug is reproducible. In many cases the bug isn't really a bug but just bad coding on your part. Bounce your issue with co-workers and make certain you didn't miss something.

3. Describe your environment in detail. Your OS, browser, etc. Saying your running XP isn't enough. Saying "XP with Service Pack 3, Spanish" is far more specific and helpful.

4. Categorize the problem. This part can be tricky, but try to provide a category for problem. For example, database connectivity, memory leak, etc.

5. You are not anonymous. When submitting a bug report, make certain to include all your contact information. In many cases the software vendor will need to ask follow-up questions.

6. Provide a remediation time line if it's a security related bug report. For security related bug reports, this part is very critical. It forces the software vendor to wake up and to quickly handle the problem. If you find a security related vulnerability, state clearly a remediation time line with your report. The time line will allow an acceptable amount of time for the vendor to fix the problem. The amount of time will naturally vary depending on the critical nature of the problem and how quickly a software engineer should be able to provide a hot fix. If they go past the time limit, then you are free to announce the security vulnerability to the public.

In Adobe related news, Terrence Ryan just posted the links and emails to submit bugs to Adobe.

http://www.terrenceryan.com/blog/index.cfm/2009/7/7/Reporting-ColdFusion-Security-Issues-

Comments

Sean Corfield

Sean Corfield wrote on 07/13/099:59 PM

It's probably also worth noting that Adobe now have a public bugbase for viewing / submitting ColdFusion bugs: http://cfbugs.adobe.com/cfbugreport/flexbugui/cfbugtracker/main.html

Write your comment



(it will not be displayed)