惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
The Blog of Author Tim Ferriss
S
SegmentFault 最新的问题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 司徒正美
T
Tailwind CSS Blog
The Cloudflare Blog
The Last Watchdog
The Last Watchdog
PCI Perspectives
PCI Perspectives
博客园 - 聂微东
Stack Overflow Blog
Stack Overflow Blog
TaoSecurity Blog
TaoSecurity Blog
云风的 BLOG
云风的 BLOG
C
Cybersecurity and Infrastructure Security Agency CISA
O
OpenAI News
Recorded Future
Recorded Future
GbyAI
GbyAI
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
博客园 - 叶小钗
V
Vulnerabilities – Threatpost
F
Full Disclosure
Recent Announcements
Recent Announcements
Vercel News
Vercel News
S
Schneier on Security
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
V2EX - 技术
V2EX - 技术
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
B
Blog RSS Feed
宝玉的分享
宝玉的分享
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy & Cybersecurity Law Blog
T
Threat Research - Cisco Blogs
G
Google Developers Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
爱范儿
爱范儿
IT之家
IT之家
大猫的无限游戏
大猫的无限游戏
C
Check Point Blog
N
Netflix TechBlog - Medium
S
Security @ Cisco Blogs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Microsoft Azure Blog
Microsoft Azure Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cyberwarzone
Cyberwarzone

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Risks in Software Development: How to Match Your Caution to What’s Actually at Stake
Matt Watson · 2026-06-26 · via DEV Community

There’s one question every developer should ask before they change anything, and almost nobody is taught to ask it.

What’s the worst thing that happens if I’m wrong here?

Search “risks in software development” and you get the same article over and over. A tidy list of project categories. Budget risk, schedule risk, scope creep, technical risk, security risk. It reads like something a project manager keeps in a binder. None of it tells a developer how to do their actual job differently on a Tuesday afternoon when they’re about to push a change.

That checklist misses the risk that decides whether you’re any good. Every change you make carries a blast radius, the amount of damage it can do if it goes wrong. A senior engineer reads that blast radius before they start and lets it set how careful to be. A weaker one treats every line of code the same way, and that’s a problem in both directions. They move too slowly where nothing’s at stake, and they walk straight into the changes that look harmless but aren’t.

This is a guide to reading that blast radius. It’s written as much for our own engineers at Full Scale as it is for anyone else, because this judgment is the thing that separates a developer who moves the business forward from one who just takes tickets.

The real risk isn’t a checklist, it’s the blast radius of each change
Risk isn’t something you assess once at a project kickoff and file away. It’s a question you answer every time you open a pull request.

Think about the range of software a single company ships. Code that launches a rocket has to be perfect, because you can’t patch a spacecraft that’s already gone. Code that runs an internal dashboard three people glance at once a week can be wrong all day and nobody notices. It’s the same craft and the same language, but the stakes are nowhere close. If you build both the same way, you’re doing one of them wrong.

The skill is matching how carefully you work to how much damage a mistake can actually do.

Most developers never make that call consciously. They either bring the same heavy process to everything, which is slow, or they bring the same casual attitude to everything, which is dangerous. The good ones triage. They look at what they’re about to touch and ask how bad it gets if this breaks, and they spend their caution where it buys something.

Matt Watson: match how carefully you work to how much damage a mistake can do
A blast-radius ladder for the work in front of you
Here’s the mental model. Before you start, put the change on a ladder by its worst case. Two things set the rung: how much damage it can do, and how hard it is to undo. A bug you can roll back in thirty seconds is a different animal from one you can’t take back. The more damage and the less reversible, the more rigor it earns.

A simple way to judge reversibility is whether a change is a one-way door or a two-way door. A two-way door you can walk back easily: a small feature behind a flag, a config tweak, a deploy you can roll back in one click. A one-way door you can’t take back without enormous cost: the core architecture everything else gets built on, a database migration that rewrites millions of rows, a massive production cutover that swaps everything at once. Most day-to-day work is a two-way door, so it carries far less risk than it feels like, and you can move fast through it. Save your caution for the one-way doors, where getting it wrong has lasting consequences.

Catastrophic. Anything that touches money or sends messages to a lot of people. Billing code that charges a customer’s card twice. A job that fires emails or texts to your whole list. Anything that runs automatically at scale, so a single bug repeats itself thousands of times before a human even notices. Code like this can’t be wrong once. The clearest public example is the CrowdStrike outage in July 2024, where one faulty update crashed about 8.5 million Windows machines and grounded airlines, banks, and hospitals for roughly a day. One change, enormous reach, no easy undo. This rung earns the deepest testing, the most careful rollout, and a real review by someone who knows the system.

Serious but recoverable. This is where most of the real work lives, and it’s the hardest rung to judge. Customer-facing features, a data migration, an API change a few clients depend on. You can come back from a mistake here, but it costs you a bad day and some trust. The move is to find the one or two paths that actually matter and test those hard, not everything. On a checkout change, that’s the path that takes payment, not the one that updates the order-history label. On a data migration, it’s whether you can run it again safely if it dies halfway through. Test the paths that hurt if they break, get a second set of eyes on the tricky logic, and don’t get cavalier with the rest.

Low or trivial. The internal dashboard, the throwaway script, the new feature sitting behind a flag that only your own team can see. The worst case is you fix it in twenty minutes and nobody outside the building ever knew. Move fast. Heavy process here is pure waste, and waste is its own cost.

The same logic drives how much testing each piece deserves. We’ve made the whole argument for why testing depth is a leadership decision, not a QA checklist, and it comes down to this exact ladder. You don’t need test coverage on everything. You need it on the things that can hurt the business if they’re wrong, because that’s where tests buy you the confidence to move quickly. Security sits high on the ladder too, which is why we treat secure development as a set of practices baked into the work rather than a step at the end.

Blast-radius ladder: catastrophic, serious but recoverable, and low-risk changes
When software breaks, it is almost always about what changed
Here is something I want every engineer to internalize, because it changes how you should ship.

When something breaks, the cause is almost always whatever just changed.

When a system that worked yesterday falls over today, your first instinct shouldn’t be to go spelunking through the entire codebase. It should be to ask what changed since the last time it worked. That instinct only saves you if the answer is small. If you shipped one tight change, you can find the cause in minutes. If you shipped a giant release with forty things bundled together, you’re now hunting through forty suspects while production is down.

So the single most reliable way to lower risk is boring and unglamorous. Ship lots of small changes instead of a few big ones. A small change is easy to reason about, easy to review, and easy to reverse. A big release buries the cause of any problem in noise.

The rollout is the other half. You don’t have to turn a risky change on for everyone at the same moment. Feature flags let you decouple shipping the code from releasing the feature, so you can switch it on for a small group, watch what happens, and widen only when it holds.

Bugs are going to happen no matter how good you are, so the smart move is to find them with a small blast radius. Picture Tesla pushing a software update to every car on the road in a single night. If something’s wrong, the whole fleet has the same problem by morning. Now picture them rolling that update to a few thousand cars first, confirming everything behaves, and then expanding. Same update, wildly different risk. Get the change in front of a small set of real users first, especially when you already know it’s a heavy one.

Shipping to everyone at once versus rolling out to a small group first
The hidden risks: when “trivial” isn’t
The dangerous changes are the ones that look harmless. This is where developers who don’t understand production get hurt.

Adding a new index to a database table, or modifying an existing one, feels like nothing in your development environment. The table has a few thousand rows. The change runs instantly. You commit it and move on.

Then it goes to production, where that same table has 500 million rows. Now that “instant” index change can lock the table, run for hours, and bring the application to a crawl during the busiest part of the day. What was a one-line migration in dev needs a planned maintenance window and a careful rollout in production. The risk was never in the code. It was in the gap between what your laptop looks like and what production actually looks like.

Building a development team?
See how Full Scale can help you hire senior engineers in days, not months.

Book Discovery Call
You can’t judge a blast radius you can’t see. A developer who has never watched a system under real load, with real data volumes and real traffic, will keep mistaking high-risk changes for trivial ones. This is why understanding the production environment isn’t optional. The trivial-looking change that quietly breaks the thing next to it is the most common way good engineers cause bad outages.

8.5 million Windows machines crashed by one faulty update, July 2024
Most developers get risk exactly backwards
Now the uncomfortable part. Most developers don’t calibrate at all. They run scared on everything.

That fear is understandable. It isn’t their company. A mistake feels like it could cost them their reputation or their job, so they over-review, over-test, and ask permission for changes that carry no real risk. The whole team slows down to protect against downsides that were never going to be that bad.

I notice this because I don’t feel it. As a founder, I’m not afraid to make a change. If I break something, I’ll fix it, and I’m certainly not going to fire myself over it. An employee doesn’t get to feel that way as naturally, and that’s fine. The point of this guide isn’t to tell people to stop caring. It’s to help you see when to be cautious and when to ease off, so the caution lands where it counts.

There’s a catch to all of this, and it’s the fair objection to everything above. Telling people to move fast on low-risk work assumes they can tell low-risk from high-risk, and the index story just showed that they often can’t. So here’s the rule when you’re new to a system, new to production, or just not sure: treat the change as riskier than it looks and get a second read. Reading blast radius is a skill you earn by watching real systems break, not a license to skip review on day one. You ease off the caution as you learn where the bodies are buried, not before.

There’s a second way developers get this wrong, and it costs even more. They overengineer.

We needed a small internal tool recently, a quick and dirty MCP server, the kind of thing that should take a couple of days. Instead the developers wanted to architect it properly. They spent six weeks on it. When they finally delivered, it didn’t even work right, because in six weeks of building they never once let a real user try it. All that effort went into polishing something nobody had validated. The risk they should have been managing wasn’t “is this elegant enough.” It was “are we even building the right thing.”

The biggest risk is building the wrong thing
Every risk we’ve covered so far assumes the work is worth doing. The largest risk in software development is that it isn’t.

You can write perfect, well-tested, beautifully rolled-out code for a feature no customer wanted. All the rigor in the world doesn’t save you from building the wrong thing. At Stackify, we once spent $10,000 sponsoring a developer conference to launch a product, and we got zero new customers from it. The product wasn’t what people needed, and no amount of engineering quality was going to fix that.

We learned the same lesson a quieter way too. We assumed that more usage of our product meant more value, so we optimized to get people logging in more. Then we actually listened, and customers told us the opposite. “I just need to know why production is broken.” They didn’t want to spend time in our app. They wanted answers and to get back to work. The most valuable thing we could build was the thing that got them out of the product faster.

This is why getting real feedback early beats almost any other risk control. It’s also the heart of asking why before you build, a theme I come back to constantly in Product Driven. Shipping the wrong thing efficiently is still shipping the wrong thing.

Why reading risk is now the developer’s job, not the manager’s
For a long time the industry treated developers as order takers. Requirements came down, you built exactly what the ticket said, and judgment was somebody else’s department. That model is finished.

Now that AI generates so much of the code we ship, the bottleneck is no longer typing. It’s judgment. Developers have to understand the business problem, weigh the risk of different solutions, and go solve it without waiting for permission at every step. The 2025 DORA report put it well: AI amplifies what’s already there. Strong teams get faster and better with it, and weak teams just ship their problems quicker. The tool doesn’t supply the judgment. You do.

This is the real difference between a developer who multiplies a team’s output and one who drains it, and it isn’t raw speed or lines of code. It’s the ability to read risk and move accordingly, to go fast where it’s safe and slow down where it isn’t. The developer who treats every change like it might launch a rocket is the same drag on the team as the one who treats a billing change like a throwaway script. The one who reads each change correctly is worth far more than their salary.

That judgment is also exactly what you’re paying for when you hire a senior engineer, and exactly what you’re not getting when you chase the cheapest possible developer. We call that mistake cheapshoring, and risk judgment is one of the first things it costs you. A cheap body can write code. Reading the blast radius of a change, in your system, against your business, is the part that takes real experience.

How to actually calibrate: a software development risk management checklist
Risk management in software development doesn’t have to be heavy. Most of it is a handful of questions you run before you start, and a few habits that keep your blast radius small.

Before you make a change, ask:

What’s the worst case if this is wrong? Money, data, customer trust, or just a quick fix?
Is it reversible? Can I turn it off in seconds, or am I committed once it ships?
How many people does it touch if it fails?
Do I actually understand how this behaves in production, not just on my machine?
Then let the answers set your rigor:

High blast radius: deep testing on the risky paths, a real review, and a staged rollout behind a flag.
Medium: test the important paths, review the tricky parts, ship normally.
Low: move fast, skip the ceremony, fix forward if it breaks.
And keep two habits no matter what. Ship small so you always know what changed. Get the work in front of a real user as early as you can, because the worst risk is building something nobody needed.