Fallthrough Project Management 2 Shell
Dec 12, 2025
This discussion dives into a recent Cloudflare outage and a critical vulnerability in React that poses significant risks. The hosts explore how project management should shift from task execution to proactive risk management, emphasizing the importance of including domain experts early. They also reflect on supply chain vulnerabilities using the DDR5 example and critique rigid processes, advocating for cultural flexibility and bottom-up decision-making. Expect insights on effective estimating and planning strategies that can enhance project outcomes.
AI Snips
Chapters
Books
Transcript
Episode notes
Type Safety Reduces Operational Risk
- Cloudflare's outage was caused by a nil-expectation in Lua when a rollback skipped populating an execute object.
- Rust's stronger typing removed that class of bug, showing language choice reduces certain operational risks.
Server Components Expand Attack Surface
- React Server Components deserialized calls allowed touching prototypes and led to unauthenticated remote code execution.
- Shifting client execution to the server increases privilege and introduces new security surface area.
Manage Projects As Risk Portfolios
- Reframe software project management as risk management and explicitly track mitigations and acceptances.
- Include security, performance, and threat assessments as part of project planning to surface hidden risks.
