When would insufficient validity check be considered a bug?

[seadragon2000341]

Let say my project have a Singapore number fields. a) If I didn't check that input must have 8 numbers, is this considered a feature flaw? b) If I did not check that number starts with 9 or 8, is this considered a feature flaw? Or would the above be considered response.notinscope?

Given the short time frame to do TP, it would be difficult to capture every constraint and validity check for each field. So what constitutes a feature flaw vs notinscope?

[damithc]

@seadragon2000341 Depends on several factors, given below. Factor them into the context of your application and the specific bug report, and make a judgement call.

1. Just because there is a certain format for something doesn't mean the application has to 'enforce' it. Sometimes doing so itself can be considered a feature flaw (see this point some more info on input validation). Consider what is best from the POV of target users of your app.
2. Just because something can add value doesn't mean it should have been done. If you can show that there were other more important things to do, the validation in concern can be argued as NotInScope yet. On the other hand, if the validation work done already could have been done better such that a better outcome could have been achieved with roughly the same effort, the argument for NotInScope is weak. See here and here for more info on how to decide on NotInScope.