Software Development Risk Frameworks

A Risk Framework is a structured way of identifying, categorising, and addressing risks within a domain. It typically combines a breakdown of risks with recommended actions to manage them.

As the diagram shows, a risk framework employs practices (actions you can take) that address risks which obstruct your goals. The framework's value lies in having already identified which risks matter and which practices are effective against them.

Software methodologies like Scrum, XP, Lean, and DevOps are all risk frameworks. Each one prescribes a particular process—a set of actions to take—which is really a particular approach to managing risks on software projects.

Pattern languages—like the famous Design Patterns book—are also risk frameworks. They describe common problems, the risks involved, and proven solutions. The TVTropes website is a pattern language for fiction. MITRE ATT&CK is a pattern language for cybersecurity threats.

Mapping a Framework

There's value in adopting a framework: it reduces cognitive load and provides battle-tested practices. But it's critical to match the framework to your project's risk profile. A framework that works well for a startup may be wrong for a regulated industry; one that suits web development may fail for embedded systems.

The frameworks below are mapped by the risks they address and the practices they recommend.

DevOps

A set of practices that combines software development (Dev) and IT operations (Ops) to shorten the development lifecycle and provide continuous delivery with high software quality.

Extreme Programming

An Agile software development methodology that emphasizes customer satisfaction, teamwork, and frequent delivery of small, functional software increments.

Lean Software Development

An Agile software development methodology that emphasizes eliminating waste, building quality in, creating knowledge, deferring commitment, delivering fast, respecting people, and optimizing the whole.

Scaled Agile Framework (SAFe)

A set of organization and workflow patterns for scaling lean and agile practices across large enterprises.

Scrum

An Agile framework for managing and completing complex projects.

TameFlow

A management approach for knowledge work that integrates Theory of Constraints, Kanban, and Agile principles to optimize the flow of work, information, and value.

Waterfall Development

A traditional linear and sequential development methodology where each phase must be completed before moving on to the next.