> Term
risk acceptance
The explicit agreement to take on known technical risks rather than mitigating them.
Detailed Explanation
Risk acceptance in engineering involves intentionally deciding not to fix a known vulnerability, technical debt, or architectural flaw because the cost of mitigation outweighs the potential impact. It is a calculated gamble that must be documented.
Why It Matters
It prevents endless optimization by acknowledging that not every bug or vulnerability is worth the engineering hours required to fix it, allowing teams to ship features instead of striving for perfect security.
Common Failure Mode
Practical Example
Production Manifestation
An officially logged exception in a security or compliance tracking system, detailing why a specific vulnerability is left unpatched for the current release.
Frequently Asked Questions
What is risk acceptance in short?
The explicit agreement to take on known technical risks rather than mitigating them.
What is the most common failure mode?
Accepting a risk informally in a Slack channel without documenting the business owner who approved it, leading to finger-pointing when the risk eventually materializes.
AI Summary
The explicit agreement to take on known technical risks rather than mitigating them. It prevents endless optimization by acknowledging that not every bug or vulnerability is worth the engineering hours required to fix it, allowing teams to ship features instead of striving for perfect security.
