Rob Moffat
Rob Moffat Author of Risk-First Software Development. Developer. Working in the UK.

Glossary of Risk Types

Risk Definition
Boundary Risks due to the commitments we make around dependencies, and the limitations they place on our ability to change.
Agency Risks due to the fact that things you depend on have agency, and they have their own goals to pursue.
Channel Risks due to the inadequacy of the physical channel used to communicate our messages. e.g. noise, loss, interception, corruption.
Communication Risks due to the difficulty of communicating with other entities, be they people, software, processes etc.
Codebase The specific risks to a project of having a large, complex codebase to manage.
Complexity Risks caused by the weight of complexity in the systems we create, and their resistance to change and comprehension.
Conceptual-integrity Risk that the software you provide is too complex, or doesn’t match the expectations of your clients’ internal models.
Coordination Risks that a group of agents cannot work together in a mutually beneficial way, and their behaviour devolves into competition.
Dead-End The risk that a particular approach to a change will fail. Caused by the fact that at some level, our internal models are not a complete reflection of reality.
Deadline Where the use of a dependency has some kind of deadline, which can be missed.
Dependency Risks faced by depending on something else. e.g. an event, process, person, piece of software or an organisation.
Feature-Access Risks due to some clients not having access to some or all of the features in your product.
Feature-Drift Risk that the features required by clients will change and evolve over time.
Feature Risks you face when providing features for your clients.
Feature-Fit Risk that the needs of the client don’t coincide with services provided by the supplier.
Funding A particular scarcity risk, due to lack of funding.
Implementation Risk that the functionality you are providing doesn’t match the features the client is expecting, due to poor or partial implementation.
Internal-Model Risks arising from insufficient or erroneous internal models of reality.
Invisibility Risks caused by the choice of abstractions we use in communication.
Learning-Curve Risks due to the difficulty faced in updating an internal model.
Map-And-Territory Risks due to the differences between reality and the internal model of reality, and the assumption that they are equivalent.
Market Risk that the value your clients place on the features you supply will change, over time.
Message Risks caused by the difficulty of composing and interpreting messages in the communication process.
Operational Risks of losses or reputational damage caused by failing processes or real-world events.
Opportunity Risk that a particular set of market conditions.
Process Risks due to the fact that when dealing with a dependency, we have to follow a particular protocol of communication, which may not work out the way we want.
Protocol Risks due to the failure of encoding or decoding messages between two parties in communication.
Red-Queen The general risk that the competitive environment we operate within changes over time.
Regression Risk that the functionality you provide changes for the worse, over time.
Reliability Risks of not getting benefit from a dependency due to it’s reliability.
Scarcity Risk of not being able to access a dependency in a timely fashion due to it’s scarcity.
Schedule The aspect of dependency risk related to time.
Security Agency Risks due to actors from outside the system.
Software Dependency Dependency Risk due to software dependencies.
Staff The aspect of dependency risks related to employing people.
Trust-And-Belief Risk that a party we are communicating with can’t be trusted, as it has agency or is unreliable in some other way.

Add Your Star On GitHub to receive an invite to the GitHub Risk-First team.