Bad bug report titles. Inaccurate steps to reproduce. Reports that overall need someone who studies hieroglyphics and/or Mayan Script to decipher. All of these cases not only make it a nightmare to understand an otherwise potentially perfect example of a bug, but also don’t provide any discernible value. It can even prove downright dangerous if the bug is a good one that doesn’t get back to customers.
Case in point: a uTester from Brazil, Romulo B. M. de Oliveira, recently shared a great story in the forums about the importance of good communication. His topic addressed the recent, major Facebook security vulnerability where a user discovered that he was able to post anything on the walls of other Facebook users – whether those users were actually within their friend’s list or not.
This user shared this major discovery (in a very non-White-hat way, mind you) with Facebook early on, but according to the social media giant, it didn’t “have enough technical information” to take action on the proposed security vulnerability.
“Unfortunately, all he submitted was a link to the post he’d already made (on a real account whose consent he did not have – violating our ToS and responsible disclosure policy), saying that ‘the bug allows Facebook users to share links to other Facebook users.’ Had he included the video initially, we would have caught this much more quickly.”
Playing Devil’s Advocate, could Facebook possibly have asked for some clarification before dismissing the user as loony? That’s definitely possible. Heck, even Facebook’s engineer manager, Matt Jones (who wrote the official statement), admitted, “we should have pushed back asking for more details here.”
Nonetheless, push back or not, the whole scenario serves as the ultimate reinforcement of the importance of Romulo’s community discussion. Users were allowed to breach the security and privacy of millions of users worldwide, and this colossal bug of epic proportions was not caught as fast as it should have been. Tester Lucas Dargis summed up the facts pretty neatly in a response to Romulo’s post:
“This is a great example of poor bug advocacy. An extremely valuable bug was ignored because of a poorly written bug report.”
And now for the best segue way ever (I love it when that happens!), Romulo’s community discussion as a result of this recent Facebook security vulnerability discovery couldn’t have been more timely with our recent uPanel session last Tuesday, “Key Components of Well-Written Bugs…With Examples,” hosted by uTest Community’s Todd Smith. Be sure to view the webinar in its entirety below for a full (and timely) crash course on why good communication skills via bug reports is probably one of the most important areas testers must excel in.
Feel free to also join in on the discussion on the uTest Forums!