There is a number every QA engineer should know by heart: the longer a bug lives, the more it costs to fix. The exact multiplier varies by study, but the shape of the curve is consistent across decades of research — bugs caught early are cheap, bugs caught late are expensive, and bugs that reach production are the most expensive of all.
The classic cost curve
A defect found at the requirements stage might cost almost nothing to fix — change a sentence in a spec, run a meeting, move on. The same defect found in production might cost thousands of dollars in engineering time, lost revenue, customer support, and reputational damage. IBM's well-known research from the 1980s suggested fix costs grow by an order of magnitude at each phase. Modern estimates are gentler but still dramatic.
Relative cost to fix a bug, by phase caught
Why the explosion? Because a bug that lives longer accumulates dependencies. By the time a misunderstood requirement reaches production, it has been:
- Designed around (architecture decisions baked it in)
- Coded (implementation reflects the wrong assumption)
- Reviewed (other developers signed off on it)
- Tested (test cases were written to confirm the wrong behaviour)
- Documented (release notes and help articles describe it)
- Used (real customer data is now stored in the wrong shape)
Fixing a one-line bug after all of that means undoing — or compatibly migrating — all of those layers. The fix is rarely a single line.
Cheap fix vs expensive fix
Early catch vs late catch
Bug caught in requirements
Fix: update a sentence in the spec
Cost: 10 minutes
Impact: zero users affected
Team effort: 1 person
Same bug caught in production
Fix: code change + tests + deploy
Cost: hours to days
Impact: users already affected
Team effort: dev + QA + support + management
Picture two versions of the same defect — a date field that accepts February 30th. In version A, a tester challenges the spec during a planning refinement and the team adds a validation rule before any code is written. Total cost: ten minutes of conversation. In version B, the bug ships, a customer enters February 30th into a tax form, the form silently rolls over to March 2nd, the customer files an incorrect return, support escalates, the legal team gets involved, an emergency hotfix goes out, and a data migration repairs the affected records. Total cost: weeks of engineering, customer trust damaged, possible regulatory exposure.
The defect itself is identical. The only thing that changed is when it was caught.
Hidden costs that do not show up in tickets
The dollar cost of a production bug is just the visible portion. Underneath it are:
- Context-switching tax — engineers ripped out of their current sprint to firefight pay a steep concentration cost. Studies on context switching suggest a single interruption can cost 15–25 minutes of recovery time.
- Trust erosion — a customer who hits two bugs in a week may quietly churn without ever filing a complaint. Lost trust is invisible in your bug tracker.
- Compounding risk — code paths that have produced one bug are statistically more likely to produce another. A bug that lingers in a fragile area of the codebase is a leading indicator of more bugs to come.
- Morale — repeatedly shipping bugs and firefighting in production demoralises engineering teams and slows them down on everything else.
What this means in practice
The cost curve is not an argument for endless testing — it is an argument for the right testing at the right time. Catching a typo in a button label during code review is excellent. Spending a week of regression testing on a feature that has not been written yet is wasteful. Good QA engineers know where defects are likely to lurk and front-load their effort there.
The next two lessons cover the people who do this work — the QA roles you will meet on a typical team — and the trade-offs between manual and automation testing.