Defect leakage is the percentage of software defects that pass through the QA process and reach production — where they are discovered by users rather than testers. A defect leakage rate above 5–8% is a meaningful indicator that a QA process has systematic gaps.
For SaaS companies, defect leakage translates directly to support tickets, customer churn, and engineering time pulled into hotfixes. For fintech products, where payment flows, reconciliation logic, and compliance workflows must function precisely, defect leakage also carries regulatory risk.
How defect leakage is calculated
The standard formula:
Defect Leakage Rate = (Defects found in production / Total defects found) × 100A team that finds 100 bugs total — 90 in QA and 10 in production — has a 10% leakage rate. Best-in-class teams operate below 5%. Many SaaS teams, without structured QA processes, operate at 15–25%.
Case study: Fintech payments platform — 18% to 4.8% in 90 days
One of Assurix's fintech clients was shipping bi-weekly updates to a payments platform processing £2M+ in transactions daily. When they engaged Assurix, their defect leakage rate was 18% — meaning nearly 1 in 5 bugs found was found by a customer.
The root causes, identified during our QA Alignment Sprint:
- No regression suite — testing was exploratory only, re-testing the same flows manually each sprint
- Payment edge cases not covered — currency switching, partial refunds, and high-volume batch processing were untested
- No CI/CD quality gates — code merged to main without automated testing checks
- QA involved only at end of sprint — no visibility into acceptance criteria during development
What Assurix implemented in 90 days
Weeks 1–3: Test coverage mapping. Assurix documented every user-facing flow, identified the 40 highest-risk scenarios (payment processing, refund logic, authorisation edge cases), and built a risk matrix to prioritise testing effort.
Weeks 4–6: Automation framework setup. Selenium + Java regression suite for the 40 priority scenarios, integrated into the CI pipeline via Jenkins. Every build now triggered regression on the payment critical path.
Weeks 7–10: Quality gate deployment. Pass rate gate set at 100% for payment flows, 95% for full regression. Any failing build required QA sign-off before proceeding to staging.
Weeks 11–12: Sprint integration. Assurix QA leads joined sprint planning to review acceptance criteria before development. Edge cases were identified at the ticket level, not discovered in testing.
Results at 90 days
- Defect leakage rate: 18% → 4.8%
- Critical production incidents: reduced by 70%
- Regression cycle time: 3 days → 4 hours (automated)
- Support tickets related to payment bugs: down 62%
The four levers that reduce defect leakage
- Risk-based test coverage. Not all features carry equal risk. Prioritise testing effort on high-value, high-frequency, and high-consequence flows. Payment processing > admin settings.
- Automation for regression. Manual regression is too slow and too inconsistent to catch regressions reliably on bi-weekly releases. Automate the scenarios you've already found bugs in.
- CI/CD quality gates. The fastest way to prevent leakage is to block faulty builds from reaching staging in the first place.
- Early QA involvement. QA engineers reviewing acceptance criteria before development begins catch ambiguous requirements that would otherwise produce untested edge cases.
Frequently Asked Questions
What's a good defect leakage rate target?
Below 5% is best-in-class for most SaaS products. Fintech and healthtech teams, given the cost of production incidents in regulated industries, should target below 3%. For context, teams without structured QA often operate at 15–25%.
How do you measure defect leakage if you don't track production bugs formally?
Start by counting: how many bugs did you fix in the last sprint that were reported by customers vs. found by your team? That ratio is your baseline leakage rate, even without a formal tracking system. Assurix's QA Alignment Sprint establishes this baseline as one of its first deliverables.
Want to know your current defect leakage rate and what's driving it? Read more of our client outcomes, or talk to an Assurix QA lead about a structured reduction programme for your team.