DIREKT Bug Severity Model¶
Critical¶
Active security/privacy breach, false trust approval at scale, payment corruption, unrecoverable data loss, widespread outage or immediate safety harm. Stop rollout and incident process.
High¶
Authorization bypass, private location/evidence exposure, major critical-flow failure, incorrect expiry/suspension, high crash/ANR or inaccessible core flow. Blocks phase/release.
Medium¶
Material feature defect with workaround, partial incorrect information not creating immediate safety risk, performance/accessibility regression outside critical path.
Low¶
Cosmetic, minor copy/layout or low-impact edge case.
Priority¶
Severity is impact; priority considers urgency, frequency, exposure and dependencies. Trust/privacy defects are not downgraded because few users reported them.
Closure¶
Reproduction, root cause, fix, regression test, affected-version review and documentation/risk update where needed.