The software development world is crowded with practices, metrics, methodologies, tools, and techniques — Scrum, Waterfall, Lean, DevOps, Extreme Programming... But what unites them all?
The Risk-First perspective is that every practice, every methodology, and every decision you make on a project is fundamentally about managing risk.
- Improving the login screen? → Reducing the risk of users not signing up.
- Adding automated tests? → Mitigating the risk of bugs going to production.
- Implementing health monitoring? → Addressing the risk of failures going unnoticed.
- Shipping a new feature? → Fixing the risk that users go elsewhere.
Risk isn't something that only appears in a quarterly report — it drives everything we do.
| Resource | Description |
|---|---|
| 🌐 riskfirst.org | The main website — start here |
| 📖 Quick Summary | A fast overview of the core ideas |
| 🤔 Thinking Risk-First | How to think about software development as risk management |
| A pattern language of risks you'll encounter on any project | |
| 🛠️ Practices | How common development practices manage risk |
| 🔬 Methods | Analysis of Agile, Waterfall, Lean, DevOps, Scrum and more |
| 📗 Second Edition Book | The comprehensive guide — available from Pragmatic Bookshelf |
Every task on a software project is managing a risk. Once you see this, you can't unsee it. Risk-First gives you the vocabulary and tools to make this explicit.
Agile, Waterfall, Lean, DevOps — these aren't competing religions. They're each optimised for different risks. Understanding which risks each addresses lets you choose the right approach for your project.
Risk-First provides a pattern language of software risks — recurring risk types you'll encounter on any project:
- Feature Risk — the risk that your product doesn't meet users' needs
- Dependency Risk — the risk that the things you rely on let you down
- Complexity Risk — the risk that code becomes too complex to understand or change
- Schedule Risk — the risk of not delivering on time
- Communication Risk — the risk of misunderstandings within and between teams
- And many more…
Any engineering practice manages some risks while potentially introducing others. Risk-First helps you understand these trade-offs explicitly, so you can make informed decisions rather than following convention blindly.
The second edition is now available through the Pragmatic Bookshelf — and you can get it for free by sharing it on LinkedIn or X.
It brings together the complete Risk-First framework in a structured, comprehensive guide covering:
- The risk-first model of software development
- A full taxonomy of software development risks
- Analysis of major methodologies through a risk lens
- Practical techniques for de-risking projects
Risk-First is an open project and contributions are very welcome!
- ⭐ Star risk-first/website to receive an invite to join the organisation
- 🐛 Open an issue to suggest corrections or improvements
- 🔀 Fork and PR in the usual GitHub way
- 📣 Spread the word — share the book or website with your team
See CONTRIBUTING.md for full details.
"It's all about risk." — Kent Beck, Extreme Programming Explained