Metric Definition
Defects that reach production
Track from
Bug escape rate
Bug escape rate is the percentage of defects that reach production undetected, out of all defects found in a release. It measures how effective testing and review are at catching problems before users do. A rising escape rate is an early signal that quality is being pushed downstream onto customers.
7 min read
What is bug escape rate?
Bug escape rate is the percentage of defects that reach production undetected, out of all defects found for a given release or period. If a release surfaced 100 defects in total and 20 of them were found by users after launch rather than caught beforehand, the escape rate is 20 percent. The other 80 were caught in development, testing or review.
The metric measures the effectiveness of the quality net, not the volume of bugs. A team can have many bugs and a low escape rate if it catches nearly all of them before release. A team can have few bugs and a high escape rate if the ones it does have slip through. The escape rate isolates how well problems are caught, which is the part the team directly controls.
Attribute to the right release
Count a defect in production only once and attribute it to the release that introduced it. Logging the same escaped bug across several sprints, or blaming the sprint that found it rather than the one that shipped it, inflates the rate and points the analysis at the wrong stage.
How to calculate bug escape rate
Divide the defects found in production by the total defects found, pre release plus production, and express it as a percentage. The denominator must include both, or the rate is meaningless. The accuracy of the metric depends entirely on consistent classification of where each defect was caught.
- 1
Count defects caught pre release
Total the defects found in development, code review, automated tests and QA for the release under review.
- 2
Count defects found in production
Total the defects reported by users or surfaced by monitoring after release, attributed to the same release.
- 3
Sum the two for total defects
Add pre release and production counts to get the full set of defects the release contained.
- 4
Divide production by total and multiply by 100
Production defects divided by total defects, times 100, gives the escape rate as a percentage.
Bug escape rate in a metric tree
A high escape rate is a symptom, not a cause. It rises because of gaps in test coverage, gaps in review, rushed release cadence, or unclear requirements. Reported as a single percentage it tells you quality is leaking but not where the hole is. A metric tree breaks the rate into the stages of the quality net, so the team can see which stage is letting defects through.
KPI Tree models this by connecting each branch to the team and the practice behind it. With RACI ownership on every node, a rising escape rate routes to the owner of the stage that is failing, whether that is test coverage or review depth. The system pushes the change when the rate moves, so a quality regression is caught in the next release rather than after a string of incidents.
Metric tree insight
When the escape rate is split across stages, the cause stops being abstract. If most escaped defects trace to untested code paths rather than weak review, the fix is coverage, not more reviewers. The tree turns one alarming number into a targeted decision.
Bug escape rate benchmarks
Acceptable escape rate depends on the maturity of the team and the cost of a production defect. A consumer app iterating quickly tolerates more than a payments system. The ranges below are common reference points for software teams, useful for orientation rather than as a fixed target.
| Bug escape rate | Maturity read | Typical context |
|---|---|---|
| Under 5 percent | Strong quality net | Mature team, deep test and review coverage |
| 5 to 10 percent | Healthy | Solid practices with room to tighten coverage |
| 10 to 20 percent | Needs attention | Coverage or review gaps letting defects through |
| Over 20 percent | Quality leaking | Process or cadence pushing risk onto users |
How to improve bug escape rate
Lowering escape rate means strengthening the net before release rather than reacting faster after it. The aim is to catch defects at the cheapest stage, which is always earlier. The practices below close the most common gaps that let defects reach production.
Close coverage gaps first
Trace escaped defects back to the code paths that had no test, then add coverage there. Most escapes cluster in a few untested areas.
Strengthen review depth
Require review on every change and track changes merged without it. Shallow or skipped review is a frequent escape route.
Right size release batches
Large releases hide defects in volume. Smaller, more frequent releases make each change easier to test and trace.
Own each stage of the net
Give test coverage, review and release readiness clear owners so a rising rate routes to the person who can close the gap.
Common mistakes when tracking bug escape rate
- 1
Leaving production defects out of the denominator
If the denominator counts only pre release defects, the rate cannot reflect what actually escaped. Total must include both.
- 2
Counting the same escape repeatedly
A single production defect logged across several sprints inflates the rate. Count it once and attribute it to the release that shipped it.
- 3
Optimising the rate by under reporting
A team that stops logging minor production defects lowers the rate without improving quality. Consistent classification matters more than the number.
- 4
Treating it as a developer scorecard
Escape rate measures the quality net, not individuals. Used to rank people, it pushes defects underground rather than out of production.
Related metrics
Deployment frequency
DORA metric
Operations Metrics
Metric Definition
Deployment Frequency = Number of Production Deployments / Time Period
Deployment frequency measures how often an organisation successfully releases code to production. It is one of the four DORA (DevOps Research and Assessment) metrics that predict software delivery performance and organisational outcomes. Teams that deploy more frequently deliver value to users faster, reduce the risk of each individual release, and create tighter feedback loops between development and production.
Cycle time
Process speed
Operations Metrics
Metric Definition
Cycle Time = Process End Time − Process Start Time
Cycle time measures the total elapsed time from the start to the end of a process. It is a fundamental operations metric used in manufacturing, software development, service delivery, and any context where the speed of a process directly affects throughput, cost, and customer satisfaction.
Sprint velocity
Agile planning metric
Operations MetricsMetric Definition
Sprint Velocity = Sum of Story Points Completed in a Sprint
Sprint velocity measures the amount of work a team completes during a sprint, typically expressed in story points, ideal days, or another unit of estimation. It is a planning tool that helps agile teams forecast how much work they can commit to in future sprints based on their historical completion rate. Velocity is one of the most widely used and most frequently misunderstood metrics in agile software development.
Escalation rate
Customer Support Metrics
Metric Definition
Escalation Rate = (Escalated Tickets / Total Tickets Handled) x 100
Escalation rate measures the percentage of support tickets that are transferred from one tier or team to a higher tier or specialist group for resolution. It reflects the gap between the issues customers raise and the ability of frontline agents to resolve them, making it a key indicator of agent readiness, process maturity, and product complexity.
How to debug a broken metric
Metric Definition
When bug escape rate spikes, this guide shows you how to trace the metric back to the testing and release behaviours driving defects into production.
Metric trees for engineering teams
Metric Definition
Bug escape rate sits within a wider engineering quality tree, and this guide shows how engineering teams connect it to the upstream practices that influence it.
Track bug escape rate as a metric tree
Model the rate, break it into coverage, review and release branches, and give each stage a RACI owner. When the rate climbs, KPI Tree pushes the change to the accountable owner so the gap is closed in the next release, not after the next incident.
