So having estabilished a terminology in my company's testing strategy, I noticed one thing > ISTQB defines a bug/defect as a flaw in the program (incorrect statement) but what about bug in the specification? In this case the definition cannot be used..I have never met a bug in the spec so I cannot say how it could look like.
Various committees go over specs for months and years for these reasons (and others)
- Inconsistencies. Say a client spec requires specific information and server makes it optional.
- Spec refers to wrong standards or excerpts
- Spec has wrong algorithm/logic (Say encoding logic is supposed to be base64 but it's actually base32)
- Spec references another spec/design with known and previously not known issues
- Spec doesn't meet the needs. Say a security spec (64bit WEP) with a major flaw that doesn't serve the original purpose.
- Spec did not consider external factors. It favors it's own implementation but does not consider the feasibility for others which renders the design/spec useless.
But the worst one is a case where specs say one thing but industry has ignored it and everyone does something else. It's there. You probably just haven't read enough or tested against specs to notice them.
That's just a handful that I can think of.
You should file a bug against it. QA should identify and communicate issues at all levels.
defect: A flaw in a component or system that can cause the component or system to fail to perform its required function, e.g. an incorrect statement or data definition. A defect, if encountered during execution, may cause a failure of the component or system.
If the specification is incorrect then the component or system will contain defects when built. The fact is that when faults are detected in specs or requriements before code is written (such as during reviews) they tend not to get logged in defect tracking systems. Most projects I've worked on do not seem to consider this information worthwhile capturing.
Once actual testing begins then it is possible that when defects are found then the root cause will be identified as the spec or requirements but the defect is spotted in the software (as per definition).