Risk-First Software Development, Second Edition (PragProg)

rmrfsd-10001000×1200 74.1 KB

Rob Moffat @robmoffat

edited by Kelly Lee @k.lee

Not all software projects go according to plan: many fail due to overlooked problems, misaligned stakeholders, or rigid methodologies. This book offers a groundbreaking framework for thinking differently by identifying risk at the center of every decision. You’ll gain the vocabulary, tools, and confidence to identify, evaluate, and mitigate risks before they derail your project. Whether you’re managing a startup product, steering an enterprise system, or trying to incorporate new technologies such as AI, risk-first helps you get your team aligned, spot trouble before it hits, and build software that delivers.

Software development is awash with methodologies that focus on optimizing process. But process alone doesn’t guarantee success. Projects still miss deadlines, burn out teams, and fail to deliver value. Why? Because most methodologies ignore the underlying force that shapes every decision in a project: risk.

Risk-first software development takes a different approach. It reframes the entire software development process around identifying and managing risk. Through real-world examples and hands-on techniques, you’ll explore not only how risk underscores every software development activity, but how you can turn that to your advantage. You’ll identify and visualize risks with the help of risk diagrams, master techniques such as de-risking, bets, discounting, and risk classification, and build a deep vocabulary for identifying and discussing risks with developers, users, or executives. This shift in perspective will enable you to make smarter decisions, anticipate problems, and adapt confidently to changes, whether to requirements or to new innovations like AI.

Whether you’re a developer, team lead, or CTO, and irrespective of your tech stack or process preference, this book furnishes you with new tools to guide projects to better outcomes. Don’t let risk control you—make it your competitive edge.

Rob Moffat is a software developer with deep experience in the finance industry leading regulatory, risk, and transformation IT projects at top-tier investment banks in London. A strong advocate for open source, he currently serves as the chief architect for FINOS, the Financial Open Source initiative of the Linux Foundation. Rob holds a degree in Computer Science and an MBA.

Don’t forget you can get 35% off with your Devtalk discount! Just use the coupon code “devtalk.com" at checkout

Risk-first? An interesting approach to software development. I might read this.

Hi Everyone!

Thanks for having me on DevTalk! If you have any questions about Risk-First, then please feel free to ask anything here and I’ll do my best to come up with a prompt response!

Risk-First Software Development is in beta right now, so if you see any typos, mistakes, omissions or outright lies, then please raise them here and become a contributor! Many eyes make all bugs shallow and all that!

thank you and I hope you enjoy the read…

I am also curious and plan to grab a copy of the book. How does the risk positioning line up with Agile? I see you called out post-Agile. Also do you have plans to advocate for this approach by taking it into companies as part of formal training?

Probably a great book to read now with all the vibe-coding going on

HI Ragamuf,

I’d be interested to hear your feedback!

Yeah, it’s not just me who’s talking about “post-agile” - this has been a transformative movement in software development but has had its day. Agile methodologies came about at a time when the software development landscape was very different than how it is today, and the risks we faced developing software called for different practices.

The book covers this, but I also did a talk on this once: The Agile Onion | Risk First which you can read online.

(Note that talk was pre-AI, which has changed things even further - something I do cover heavily at the end of the new book).

HI Andrea,

I don’t like the name but I am doing a lot of vibe coding. It’s far from perfect and I feel you still need to know exactly what you have in mind and where you want to go. But it helping me get stuff out of the door way faster.

The last two chapters of the book really dive into this stuff: there are some definite trends in how not just AI but technology generally is progressing, which are really interesting from a risk perspective.

How we deal with this is, IMO, what will define the 21st century for us.

Would love to hear your thoughts!

On the subject of risk, there is another discussion under way about its impact on adoption. A concern front and center in the Elixir community. Which begs the question as to your thoughts on derisking the introduction of Elixir as a means to aid adoption.

Ok. Thanks!