Skip to main content


Much of the content of Risk-First is a collection of Risks as Patterns.

Here, we're going to take you through the various types of Risk you will face on every software project.

In Thinking Risk-First, we saw how Lean Software Development owed its existence to production-line manufacturing techniques developed at Toyota. And we saw that the Waterfall approach originally came from engineering. If Risk-First is anything, it's about applying the techniques of Risk Management to the discipline of Software Development (there's nothing new under the sun, after all).

One key activity of Risk Management we haven't discussed yet is categorizing risks. So, this track of Risk-First is all about developing categories of risks for use in Software Development.


After reading this section of Risk-First, hopefully you will:

  • Appreciate the different kinds of risk you face on software projects, and how to identify them.
  • Learn a Pattern Language: that is, a vocabulary of terms which you can use for discussing these risks with colleagues.
  • Know the main actions you can take to handle each type of risk.

A Pattern Language

Explanation of how Risk-First comprises a pattern language of risk patterns for use in software projects.

The Risk Landscape

A way to think about the risks you face on a software project.

Feature Risk

Risks you face when providing features for your clients.

Communication Risk

Why is it so hard to be understood?

Complexity Risk

A lot of advice around constructing software comes back to simplicity. Why?

Dependency Risk

Risks faced by depending on something else, e.g. an event, process, person, piece of software or an organisation.

Scarcity Risk

Scarcity Risk is about quantities of a dependency, and specifically, not having enough.

Deadline Risk

What is the point of a deadline? Do they serve a useful purpose?

Software Dependency Risk

Specific dependency risks due to relying on software.

Process Risk

Risks due to the following a particular protocol of communication with a dependency, which may not work out the way we want.

Boundary Risk

On avoiding mistakes that limit your options later on.

Agency Risk

People all have their own agendas. What do you do about that?

Coordination Risk

What prevents us working as a team? Why are distributed systems so hard?

Map And Territory Risk

Risks due to the differences between reality and the internal model of reality, and the assumption that they are equivalent.

Operational Risk

Risks of losses or reputational damage caused by failing processes or real-world events.

Staging and Classifying

Making sense of risks faced by software projects.

Glossary of Risk Types

List of all types of risk discussed in Risk-First.