After years of vague bug reports at various places we've worked, my 2 cofounders and I built a tool that records video of a bug, alongside network traffic and JavaScript logs.
That way even with a vague description, and no steps to reproduce, we can get a much better idea of what a customer is trying to report to us.
Reporting the bug is important but highlighting what are the implications of the bug is equally important.
With one simple string , I was able to find 45 bugs in different software and every time I reported the bugs I decided to tell them what were the implications of the bugs.
With no professional background in security, I was able to claim 18K in bug bounty rewards by being professional, clear and providing clear implications of the bug.
It is quite possible that people fixing the bugs may not be well versed in some components of the bug and are likely to not understand the implication of the bugs until you tell them so.
It's absolutely stunning how many testers I've worked with didn't understand the "Preconditions/Actions/Expected/Actual" as a bare minimum for a bug report.
> Avoid using ambiguous words like “broken” or “not working.”
Holy crap yes, this. So many infuriating waste of time bugs. And adding screenshots is good to call out. "X looks wrong", is useless, "X looks wrong <screenshot attached>" might still be useless, but at least you're trying.
It's absolutely stunning how many testers I've worked with didn't understand the "Preconditions/Actions/Expected/Actual" as a bare minimum for a bug report.
What I've never understood is how testers with multiple years of experience continue to get away with this. To me it's like checking in code that doesn't compile: you can't even do the bare minimum required by your job.
On the rare occasions I've had folks like that on my team, I've emphasized the importance of easy-to-replicate bug reports by pointing out that dev has to repro it in order to fix it, PM might have to repro in order to triage, another tester might have to repro in order to close the bug when you're on vacation, etc. Now, because of your shitty bug report, how much time has been wasted because your steps-to-repro are poor or non-existent? Me, I'm personally embarrassed when a bug comes back "no repro" because I half-assed the bug report.
Let alone getting into things like, copy-and-paste the damned call stack that's staring you in the face. And if you're a professional tester to whom we pay good money, and your "observed" includes "broken" or "doesn't work" with no further description, your future with this company might be in jeopardy.
I had a previous job where the testers would always do that, just report "broken" or "doesn't work" for just about everything.
I eventually figured out that they didn't actually want bugs fixed. They wanted to have lots of bug reports open and the application looking broken all over the place. Why? To justify the jobs and headcount and existence of the QA department. The QA managers would even resist movements towards automated testing, to protect their own turf and the employment of the far-too-many manual testers. I eventually got quite used to the disappointment in a tester's face when he had to close a bug report because it had been fixed.
Classic case of "if you're being paid for a problem, the last thing you want to do is solve it."
I eventually figured out that they didn't actually want bugs fixed
Which is bulletpoint #2 in my presentation of "What Your Job as a Professional Software Tester Is". If you answered "file bugs?", my $29 PowerPoint deck will present you with ways to be a professional software tester instead of some hack who muddles his way through the day filing bullshit bugs because you'd never hack it as a dev.
Because the correct answer is: "get bugs fixed". Which means filing better bug reports, and thus it comes full circle.
That way even with a vague description, and no steps to reproduce, we can get a much better idea of what a customer is trying to report to us.
Would love for anyone interested to check it out: https://www.bugreplay.com