This only focuses on categories of risk that apply to low-risk software. As in, the risks are ordinary and largely a function of process and execution.
Ironically, it ignores the riskiest category of software development, classes of software that have never been built before or require necessarily bleeding edge software engineering. This is a very different kind of risk than “bad at software development”.
Ironically, it ignores the riskiest category of software development, classes of software that have never been built before or require necessarily bleeding edge software engineering. This is a very different kind of risk than “bad at software development”.