(Graph from Robert Orenstein, by way of Jim Blandy.)
A recent conversation on an open source mailing list reminded of two fallacies I’d been wanting to write about. (And what is a domain like “rants.org” for, if not the debunking of fallacies?)
The first fallacy is that bugs are bad, or rather, that growth in the number of bug reports in your bug tracker is bad. The second fallacy is thinking of bugs as a form of technical debt.
Taking them one at a time:
Seeing bugs in your tracker is not bad news — bugs, in the aggregate, are good news.
The number of bug reports is proportional to the number of users, not to the number of defects.
This doesn’t mean projects should ignore bug reports, of course. It just means that you shouldn’t be alarmed as the number of bugs in your bug tracker increases. Bug growth is a sign of success: you’re getting users. The bug report rate is a proxy for the user acquisition rate.
The corollary is: you cannot expect to close all the bugs in the tracker. In fact, you shouldn’t even want that, because if you were to succeed, it would mean you’re not getting new users anymore.
This is counter-intuitive. All programmers want to fix every bug they know about; none of us want to ship with known bugs, though we always do. What does it mean if we can’t close every bug in the bug database?
A healthy project is in a constant state of triage between bugs and feature development, and the bugs must not always win. A project can’t let the bug database determine how developers spend all their time, any more than an individual person can let their email inbox determine how they spend all their time. If you’re not expecting to close all the bugs, and you want to acquire more users (so you can get more bugs), then you have to both fix bugs and add or improve features, and you have to be fundamentally comfortable with an ever-growing database of bug reports.
Think of it this way: every unimplemented feature or improvement is also a bug, in a broader sense, whether it’s filed as such in the tracker or not. It is an absence of something that should be present in the software. So if you manage to close out all your bugs, but you ship without that improvement, then you’re still shipping with a bug, you’re just calling it something else (or not calling it by any name at all). Shipping with no bugs at all is therefore impossible for any active project. It might be theoretically possible for some extremely narrowly-scoped project, but by definition such a project would not be “active”: it would achieve its goal and then remain static and perfect forever. Chances are this does not describe most projects you work on.
One of the big fears developers have is that an ever-growing bug database will overwhelm them — that they’ll spend all their time triaging bugs, asking reporters for more information, etc, and not enough time actually developing. This fear is not groundless: if every bug report is seen as a crisis requiring the attention of a core developer, things will grind to a halt as soon as there are too many users. The trick is to have tools that enable the community as a whole to manage the bug database with increasing economies of scale, instead of expecting developer attention to scale. (Apport and Launchpad’s inline dup-finding are two examples of such techniques, and there are many others.) The number of technically-inclined users who can help out with bug management will grow roughly proportionally with the number of users who are inclined to file bugs at all. So if the project provides ways for the first kind of user to participate, the second kind of user will be a help not a hindrance.
It’s true that core developers will need to spend a greater percentage of their time on bug triage as a project matures, but that percentage eventually hits a ceiling and levels off — after all, it has to, since there’s no way a developer can spend more than 100% of her time managing bugs, and yet the rate of incoming bug reports is going to increase with users. So if a developer is going to spend less than 100% of her time on bug management by definition, she might as well choose what percentage it’s going to be, since she’s going to not touch an arbitrary (and increasing) percentage of reports anyway.
Emotionally, this can be difficult for developers, because we are tempted — the second fallacy — to treat bugs as technical debt. In the mailing list conversation I referred to earlier, this equation was made explicitly, and it’s not the first time I’ve seen that happen. But I think it is a category error.
Bugs and technical debt are entirely different things. Fixing a bug may reduce tech debt, leave tech debt unchanged, or even increase tech debt, depending on how the fix is done.
Technical debt is a great concept. As far as I know, it was first introduced by Ward Cunningham (yes, that Ward Cunningham, the person who invented wikis):
Shipping first time code is like going into debt. A little debt speeds development so long as it is paid back promptly with a rewrite… The danger occurs when the debt is not repaid. Every minute spent on not-quite-right code counts as interest on that debt. Entire engineering organizations can be brought to a stand-still under the debt load of an unconsolidated implementation, object-oriented or otherwise. 
In other words, all those places in your code where there are comments like "FIXME: this duplicates code in turtles.c; we should really abstract this out" are tech debt. You pay interest on the debt whenever you have to make changes to code that is not as well-factored and maintainable as it could be. You pay back the debt when you finally refactor that code and remove the FIXME comment.
A bug is something completely different: it’s an instance of the software not behaving the way the developers or users expected. You could even increase technical debt by fixing a bug, if you improve the program’s behavior in a way that reduces the overall maintainability or cleanliness of the code (that’s how all those FIXME comments got there in the first place!).
So do not think of that swelling bug tracker as a debt that needs to be paid back. It’s not. It needs to be managed intelligently, and there are many techniques for doing so. But it’s going to grow, and if your project succeeds, it’s going to grow forever. Trying to suppress that growth (for example, by discouraging filings from all but technically qualified reporters) simply squelches a useful information source. Far better to know how many bugs are coming in, how fast, and of what nature, so you can understand how your user base is growing and develop appropriately scaled statistical mechanisms for handling the problems they encounter. Thinking of that information as a debt, rather than a resource, can cripple your project.