What is the 1-10-100 Rule in Software Development Quality Control?

The 1-10-100 rule simply refers to the cost to fix defects (aka bugs) by phase/step in a software development lifecycle. Preventing a bug by catching it while writing code costs little to nothing (thus the $1) to fix. If it gets caught in QA, it costs $10 to fix, and if your customers are impacted by it, the cost raises to $100+.

The moral of the story - implement ways to catch mistakes as early as possible to save time, money, and customer retention later.

Initially introduced in 1992 pertaining to data quality by George Labovitz and Yu Sang Chang, and perhaps more traditionally applicable to waterfall development, the concepts for the 1-10-100 rules still apply today to Agile methodology. Any development group can follow this rule to assess the impact of mistakes throughout the development and deployment pipeline..

Certainly not an exact measurement, but one to easily remember and keep in mind when coding. This is why automated testing is so important because it hopefully catches all bugs at the smallest and cheapest level.

How to Prevent Escalating Costs of Mistakes

Mistakes will happen, but the goal is to reduce them as much as possible:

  • Formalize coding standards to include secure coding standards

  • Automated regression tests run daily against work performed that day

  • Automated unit tests run daily against work performed that day

  • Automate error checking wherever possible

  • Deploy small payloads

  • If possible, pair programming and/or test driven development can help

  • Implement peer code reviews

  • Engineers must own their mistakes, no throwing their code over the wall to QA and DevOps - if a mistake is present, the person who created it should learn from it and fix it wherever possible

Monoliths and the 1-10-100 rule

The 1-10-100 rule becomes particularly important if you are dealing with a legacy monolith with extensive QA time. We recently worked with a client who had a two-month QA process. Any bugs found at that point are costing them well over a 10X cost of taking care of the bug. Begin taking the most used features and breaking them out into Microservices (read more on breaking down monoliths here).

We conduct dozens of process reviews for product companies annually. Contact us, we can help.