Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
QA is widely misunderstood as 'the team that clicks through the app at the end.' The full phrase is quality assurance — assurance that quality is built in, not inspected in. IBM's classic research showed that fixing a bug in production costs 100× more than catching it in requirements. This cost multiplier (sometimes called the 1-10-100 rule: 10 in development, 1,000 in production) is the economic argument for every QA process, every automated test, and every shift-left initiative. Understanding this reframes your job: you're not a gatekeeper at the end of the pipeline, you're a quality advocate throughout it.
Bug-cost multiplication is not folklore — IBM's Systems Sciences Institute documented that defects found in production cost 100× more to fix than those caught in requirements. Every dollar spent on shift-left testing is $100 saved in emergency hotfixes, incident response, and reputation damage. Run the numbers against your team's engineer hourly rate and the ROI argument writes itself.
base_cost_usd to match your team's engineer hourly rate × a realistic number of hours to fix a bug in production (including incident investigation, hotfix, deploy, monitoring). How does the total production cost compare to catching it in code review?'Customer complaint (post-production)': 5000. This models reputation damage and support cost. How does the picture change?base_cost_usd × 1000. This is your team's 'late detection tax'. Present this number in a team meeting — it reframes testing investment as cost reduction.Use these three in order. Each builds on the one before.
In one paragraph, explain the difference between quality assurance and quality control. Which is preventive and which is detective? Give one example of each in a software team.
Walk me through why bugs get more expensive to fix the later they're found. Concretely: what extra work happens when a bug is found in production that doesn't happen when the same bug is found in a requirements review?
I'm a QA engineer trying to convince leadership to invest in shift-left testing and automated regression. They say 'our developers are good — we don't have many bugs.' What metrics would you collect to make the business case, and how would you present the ROI of investing in earlier testing?
# The cost of finding a bug at different stages
# Based on IBM Systems Sciences Institute research (often cited as the 1-10-100 rule)
stages = {
"Requirements / design": 1,
"Development (unit test)": 10,
"QA / integration": 100,
"Production (post-ship)": 1000,
}
bug_count_found_late = 3 # bugs that slipped to production this sprint
base_cost_usd = 500 # cost to fix a bug in requirements (person-hours × rate)
print("Cost of a single bug by stage (relative to finding it in requirements):")
for stage, multiplier in stages.items():
cost = base_cost_usd * multiplier
print(f" {stage:<35} ${cost:>7,} ({multiplier}×)")
print()
late_cost = bug_count_found_late * base_cost_usd * 1000
early_cost = bug_count_found_late * base_cost_usd * 1
print(f"Those {bug_count_found_late} bugs found in production: ${late_cost:,}")
print(f"Same bugs caught in requirements: ${early_cost:,}")
print(f"Cost of waiting: ${late_cost - early_cost:,}")python3 main.py