Skip to main content

Thinking Risk-First

Scrum, Waterfall, Lean, Prince2, DevOps: what do they all have in common?

One perspective is that they are individual software methodologies, offering different approaches on how to build software.

However, here, we are going to consider a second perspective: that building software is all about managing risk and that these methodologies are acknowledgements of this fact. They differ because they have different ideas about which are the most important risks to manage.

"It's All About Risk"

One of the original authors of the Agile Manifesto, Kent Beck states in his book:

"It's all about risk" - Kent Beck, Extreme Programming Explained

This is a promising start. From there, he introduces his methodology, Extreme Programming and explains how you can adopt it in your team, the features to observe and the characteristics of success and failure. However, while Risk has clearly driven the conception of Extreme Programming, there is no clear model of software risk underpinning the work.

Risk-First introduces a model of software risk. This means that we can properly analyse Extreme Programming (and Scrum, Waterfall, Lean and all the others) and understand what drives them. Since they are designed to deliver successful software projects, they must be about managing risks. We will uncover exactly which risks and how they do it.


Hopefully, after reading through some of the articles here, you'll come away with:

  • An appreciation of how risk underpins everything we do as developers, whether we want it to or not.
  • A framework for evaluating software methodologies and choosing the right one for the task-at-hand.
  • A new way to look at the software development process: it's an exercise in managing different kinds of risk.
  • The tools to help you decide when a methodology is letting you down and the vocabulary to argue for when it's a good idea to deviate from it.

A Simple Scenario

What is the one thing every project needs to control to be successful?

Risk-First Diagrams Explained

A quick primer to help parse a Risk-First diagram.

Development Process

Why do we even have processes in software development?

Meeting Reality

Are you living in an ivory tower, or do you have boots on the ground?

Just Risk

Are all tasks in software development just managing risk?

Consider Payoff

To work out what to do next, consider the upside and downside risks you're addressing, and also what risks you introduce.

Tracking Risks

Ways to keep track of the risks you face.

Crisis Mode

Why 'Crisis Mode' shouldn't be a mode.

Evaluating Risk

Eisenhower's box, NPV and Discounting explained.


How can a product be good with a bad team making it?


How long should feedback loops be?


What can you do with the risks on a software project?

A Conversation

A conversation about software development using Risk-First vocabulary.

One Size Fits No-One

There can't be a perfect software methodology. Here's why.

Glossary of Terms

List of terms used to discuss risks on Risk-First.