The Heartbleed Bug: What It Can Teach Us about Defect Advocacy
The Heartbleed bug was in the news recently as a serious vulnerability in OpenSSL cryptographic software. Even though the fix for the bug was quickly made available, the bug itself created a considerable panic among Internet users. Why did this bug get so much attention?
One reason it received so much attention had to do with the potential impact of the bug. About two-thirds of web servers worldwide, including famous ones such as Google and Yahoo, use OpenSSL and have been potentially vulnerable since 2011. Another critical reason why this bug received so much attention was clean communication, or in testing terms, defect advocacy. This question expresses the crux of good defect advocacy—Are all bugs inherently interesting or are they made interesting?
Effective defect advocacy ensures that defects are presented in such a way that they are deemed memorable and stick in the minds of decision makers. The book Made to Stick: Why Some Ideas Take Hold and Others Come Unstuck points out that sticky ideas are understood and remembered, have a lasting impact, and change the audience's opinion or behavior.
This is the impact the Heartbleed bug managed to create in the minds of the worldwide audience. The communication about the Heartbleed bug was immaculately designed, and many who didn’t even understand the working of the bug were aware of its potential impact. A recent article attributed the communication success of this bug to these three factors:
- A drippy, maroon, bleeding heart logo, which made it memorable to non-technology people
- A minimalistic, no-frills website that only gave the information needed to help people understand the gravity of the problem
- Naming the bug something that closely resonated with the non-technology audience
Software testing expert Cem Kaner aptly equates defect advocacy to rightly selling the bug:
Time is in short supply. If you want to convince the programmer to spend her time fixing your bug, you may have to sell her on it. Sales revolves around two fundamental objectives: Motivate the buyer (Make her WANT to fix the bug.) and Overcome objections (Get past her excuses and reasons for not fixing the bug.)
The Heartbleed bug managed to achieve stickiness in the minds of people because of its flawless communication strategy. A correctly packaged bug makes the world stand up and take notice. Not every bug needs to be sticky, and it largely depends on the bug's importance. Designing a near-perfect communication usually requires a lot of effort, and testers need to choose their battles to make the best use of their time.
What are your defect advocacy strategies?