In early February 2025, Andrej Karpathy coined the phrase "vibe coding"—describing the new habit of accepting AI-generated code on instinct, barely reading the diff. The term went viral within days, and for good reason: AI assistants had quietly made it normal to ship code nobody fully understood. That shift makes one old question urgent again. If code now arrives faster than any human can review it, how do you actually know whether your software is getting better or worse? The answer is not a bigger dashboard. As the QA lead at Softechinfra, I sit through enough release reviews to know that most quality dashboards measure how busy QA was, not how good the product is. This guide separates the metrics that genuinely signal quality from the vanity numbers that mislead—and gives you a small, durable scorecard you can act on in any tooling era.
The Difference Between Activity and Quality
The first trap is mistaking effort for outcome. "We ran 1,200 test cases this sprint" feels like progress, but it answers a question nobody outside QA is asking. The numbers leadership actually cares about are simpler: are users hitting fewer bugs, and are we recovering faster when something breaks?
A metric earns a place on your scorecard only if it changes a decision. If a number goes up or down and nobody does anything differently, it is decoration. Test it against three questions before you track it:
- Does this number tell us something about the product, not just about how much QA typed?
- Can it be gamed without improving real quality? (Test count and line coverage both can.)
- If it moved 20% next sprint, would we change a decision—ship date, staffing, where automation goes?
Almost every metric that survives those questions is an outcome metric. Almost every one that fails is an activity metric. Hold that distinction and half the dashboard clutter disappears.
The Five Metrics That Actually Signal Quality
After years of building and shipping across our web development projects, these are the five we keep. None of them counts how hard QA worked; all of them describe the product or the team's ability to recover.
Escaped Defects
Bugs that reached production despite QA. The single most honest quality signal—it measures what users actually experienced, not what you caught.
Defect Removal Efficiency
Of all defects in a release, the percentage caught before production. DRE = caught / (caught + escaped). Trend it; the absolute number matters less than the direction.
Mean Time to Recovery
How long from a production issue being detected to being resolved. In fast-shipping teams, recovering quickly beats never failing.
Test Flakiness Rate
The share of automated tests that pass and fail without code changes. Flaky suites get ignored, and an ignored suite catches nothing.
Defect Density by Area
Defects per feature area or module, not per project. It tells you where the risk concentrates and where to point your next test charter.
Escaped defects deserve the top spot. Internal bug counts measure your process; escaped defects measure your users' reality. A release with 90 caught bugs and 2 escapes is healthier than one with 30 caught bugs and 10 escapes, even though the second looks "cleaner" on an internal count. Track escapes by severity, and tie each one back to the test gap that let it through—that loop is where real improvement lives.
Mean time to recovery (MTTR) is the metric that AI-accelerated development made non-negotiable. When code ships several times a day, the goal shifts from preventing every defect (impossible) to detecting and reversing them fast. A team that recovers in twenty minutes can tolerate a defect rate that would sink a team that needs two days to roll back.
Flakiness is the quiet killer of automated suites. The moment engineers learn that a red build might just be noise, they start re-running until it passes—and the suite stops being a gate. We treat flakiness as a first-class defect, not a nuisance, because a 5% flaky rate across a large suite means almost every full run has a false failure. We go deeper on keeping suites trustworthy in our regression testing strategy guide.
The Vanity Metrics to Stop Celebrating
These numbers feel like quality and aren't. Each one is easy to move in the wrong direction without improving anything users will ever notice.
| Vanity Metric | Why It Misleads | Track Instead |
|---|---|---|
| Number of test cases | Rewards writing more tests, not better ones. 1,000 shallow tests beat by 50 sharp ones. | Escaped defects; defect removal efficiency |
| Code coverage % (alone) | 100% coverage with no assertions catches nothing. Easy to inflate, easy to fool yourself. | Coverage on high-risk paths + mutation testing |
| Total bugs filed | A high count can mean a thorough QA or a broken build. Ambiguous on its own. | Escaped vs. caught ratio (DRE) |
| Bugs closed per tester | Incentivizes closing easy tickets and gaming severity. Pits the team against itself. | Time-to-detect on critical-path defects |
| Pass rate % | A 99% pass rate is meaningless if the 1% is checkout. Not all tests are equal. | Pass rate weighted by risk tier |
The Code Coverage Caveat
Coverage deserves special caution because it sounds so authoritative. Coverage tells you which lines executed during a test run—it says nothing about whether anything was actually verified. A test that calls a function and asserts nothing still counts toward coverage. We have all seen suites with 85% coverage and a list of escaped defects that never tripped a single assertion.
The honest framing: aim for high coverage on the paths where failure is expensive—payments, authentication, data integrity—and accept thinner coverage on low-risk surfaces. Uniform coverage targets push effort toward whatever code is easiest to test, which is rarely the code that hurts most when it breaks.
How to Read the Numbers Without Fooling Yourself
A scorecard is only as good as the discipline around it. Four rules keep ours honest:
Trend, don't snapshot
A single sprint's escaped-defect count is noise. Three months of direction is signal. Always show metrics as a line over time, never as a number in a box.
Segment by risk, not by average
A healthy average hides a sick component. Break every metric down by feature area so a stable overall number can't mask a checkout flow quietly degrading.
Never tie a metric to an individual's bonus
The instant a number affects someone's review, it gets gamed. Metrics are for improving the system, not ranking the people inside it.
Let escaped defects rewrite the plan
Every production escape is free calibration data. Trace it to the gap, then update where you test next—don't just file the ticket and move on.
A Worked Example: Where Metrics Point the Work
Metrics earn their keep when they redirect effort. On Qualifier, the online test-practice platform we built for placement and government exam preparation, the timed assessment engine is the area where a defect costs the most: a timer that drifts or a submission that fails at the deadline invalidates a student's mock exam and destroys trust. So that engine carries the strictest scorecard—near-zero tolerance for escaped defects, weighted pass rates, and the lowest acceptable flakiness on its automated suite. Meanwhile, a cosmetic glitch on a leaderboard avatar barely registers. Without metrics segmented by area, both would have received the same anxious, undirected attention.
The same logic guides where we invest manual versus automated effort. On TalkDrill, our in-house English-speaking practice app, the voice and speech-scoring flows can't be cheaply automated end to end, so we measure them with structured manual listening passes and concentrate automated coverage—and flakiness budgets—on the surrounding session, scoring, and payment logic. The metrics tell us where automation pays and where a human ear is still the only real test.
This is the through-line of everything above: quality metrics exist to point work at the places failure is most expensive. We connect them to the planning side in our risk-based test plan guide, and to the engineering practices that prevent defects upstream in our secure software development guide.
The One-Screen QA Scorecard
Everything above fits on a single screen. Our standing scorecard, reviewed each sprint, has five lines and no vanity numbers:
The tools will keep changing—the AI assistants that triggered this whole conversation arrived only weeks ago and will look quaint soon enough. The measurement principles won't. Track outcomes over activity, trend over snapshots, segment over averages, and never grade a person by a number meant to teach a team. Build the five-line scorecard this quarter, drop the vanity metrics, and you'll spend your QA energy on the few things that actually move quality—in any tooling era.
Want QA Metrics That Tell the Truth?
We help startups and product teams build right-sized QA—scorecards, test strategy, and release processes that keep up with fast shipping without measuring the wrong things.
Talk to Our QA Team →
