Risk-First Software Development, Second Edition

Deliver Better Systems in a Post-Agile, AI World

by Rob Moffat

Not all software projects go according to plan: many fail due to overlooked problems, misaligned stakeholders, or rigid methodologies. This book offers a groundbreaking framework for thinking differently by identifying risk at the center of every decision. You’ll gain the vocabulary, tools, and confidence to identify, evaluate, and mitigate risks before they derail your project. Whether you’re managing a startup product, steering an enterprise system, or trying to incorporate new technologies such as AI, risk-first helps you get your team aligned, spot trouble before it hits, and build software that delivers.

Software development is awash with methodologies that focus on optimizing process. But process alone doesn’t guarantee success. Projects still miss deadlines, burn out teams, and fail to deliver value. Why? Because most methodologies ignore the underlying force that shapes every decision in a project: risk.

Risk-first software development takes a different approach. It reframes the entire software development process around identifying and managing risk. Through real-world examples and hands-on techniques, you’ll explore not only how risk underscores every software development activity, but how you can turn that to your advantage. You’ll identify and visualize risks with the help of risk diagrams, master techniques such as de-risking, bets, discounting, and risk classification, and build a deep vocabulary for identifying and discussing risks with developers, users, or executives. This shift in perspective will enable you to make smarter decisions, anticipate problems, and adapt confidently to changes, whether to requirements or to new innovations like AI.

Whether you’re a developer, team lead, or CTO, and irrespective of your tech stack or process preference, this book furnishes you with new tools to guide projects to better outcomes. Don’t let risk control you—make it your competitive edge.

• Errata, typos, suggestions

Releases:

• B1.0 2025/09/03

Note: Contents and extracts of beta books will change as the book is developed.

• Preface
• Introduction
• Thinking About Risks
  • Living With Risk excerpt
    • Having a Goal In Mind
    • Attendant Risks: The Risks You Know About
    • Hidden Risks: The Risks You Don’t Know About
    • Deconstructing Risk-First Diagrams
    • Thinking About Risk-First Diagrams
    • Showing Addressed and Hidden Risks
    • Moving From Diagrams To Development
  • Analysing The Development Process
    • Toys For Thinking And Learning
    • Processes Are For Reducing Risks
    • Applying the Toy Process
    • From A Toy Process To Any Process
  • Techniques In Risk Management
    • Building Internal Models
    • Meeting Reality excerpt
    • It’s All About Risk
    • Your Goals Are Risks, Too
    • Setting Priorities
    • Is All Work Risk Management?
  • Healthy Software Development
    • Identifying Health Risks
    • Make Your Life (and Project) Easier with De-Risking
    • Monitoring Feedback Loops
    • A Healthy Conclusion
  • Making Educated Bets and Taking Risks
    • Understanding Expected (or Risk-Weighted) Returns
    • Back To Software: Agile Meets Bets
    • Dealing With Differing Time Horizons
    • Invariances In Risk Management
    • Summing Up
  • Risk In the Organisation
    • A Risk Conversation
    • Risk In the Enterprise
    • Risk Up and Down The Hierarchy
    • Summing Up
• A Pattern Language of Risks
  • A Journey Through Risks
    • The Software Crisis
    • Different Methodologies For Different Risks
    • Pattern Languages
    • Preparing To Travel
  • Feature Risks
    • Feature Fit Risk
    • Implementation Risk
    • Market Risk
  • Dependency Risks
    • Reliability Risk
    • Schedule Risk
    • Deadline Risk
    • Funding Risk
    • Process Risk
    • Agency Risk
    • Lock-In Risk
  • Model Risks
    • Communication Risk excerpt
    • Complexity Risk
    • Internal Model Risk
    • Coordination Risk
  • Environmental Risks
    • Security Risk
    • Legal Risk
    • Reputational Risk
    • Operational Risk
    • Environmental Risks: Wrap Up
• Applying Risk-First
  • Artificial Intelligence And Risk
    • The Immediate Perspective: How AI Changes Society’s Risk Landscape
    • Immediate Threats To AI Integrators
    • The Longer Term: Future Risks For AI Integrators
    • Future Risks for Society
    • Conclusions
  • Navigating the Future
    • Charting Technological Progress
    • The Lindy Effect
    • Synthesis