Most software systems have some “defects” that are identified by users. Some of these are truly defects in that the requirements were not properly implemented; some are caused by changes made to other systems; still others are requests for enhancement to improve the users’ experience. All of these are recorded as defects and generally stored in a database so that they can be worked off in a series of incrementally delivered updates. For most systems, it is not financially feasible to fix all of the concerns in the near term, and indeed some issues may never be addressed. The government program office has an obligation to choose wisely among a set of competing defects to be implemented, especially in a financially constrained environment. This presentation presents a defect-prioritization method based on a risk priority number. This method will help program offices establish priorities for updating systems.