Ask Your Dev Team
#009 Compliance March 3, 2026

Ask Your Dev Team what your risks are

Every software project carries risk. The best developers identify them early. Here's what to ask about aging tech, infrastructure gaps, and runaway cloud costs.

Every software project carries risk. The difference between a good developer and a great one is that the great one identifies risks early and communicates them clearly.

Your job as a stakeholder isn’t to eliminate risk. It’s to understand it and make informed decisions.

Three risks you should ask about

1. Aging or fragile technology

Technology has a shelf life. Languages, frameworks, and libraries go through active development, maintenance, and eventually, end-of-life. When a technology reaches end-of-life, it stops receiving security patches and bug fixes.

Ask your developer:

  • “Are any of our dependencies approaching end-of-life?” If so, there should be an upgrade plan.
  • “What happens if a critical library stops being maintained?” This is more common than you’d think, especially with open-source tools.
  • “How do you monitor for vulnerabilities?” There are automated tools for this. Your developer should be using them.

Fragile technology isn’t just about age. It’s about code that breaks when you look at it wrong: systems built without tests, without documentation, or by developers who are no longer available. Ask your developer to be honest about the fragile parts of your system.

2. Gaps in critical infrastructure

Infrastructure includes everything your software runs on: servers, databases, networking, monitoring, backups. Gaps here can be invisible until they cause a catastrophic failure.

Key questions:

  • “Do we have automated backups, and have we tested restoring from them?” Backups that have never been tested aren’t backups. They’re hopes.
  • “What monitoring do we have in place?” You should know when something breaks before your users tell you.
  • “What’s our disaster recovery plan?” If your primary server goes down, how quickly can you be back online? An hour? A day? Never?
  • “Are there single points of failure?” If one server, one database, or one API goes down, does everything go down?

3. Runaway cloud costs

Cloud computing is powerful, but it can get expensive fast, especially if nobody’s watching. Resources that auto-scale can auto-bankrupt you if there’s a traffic spike, a misconfiguration, or a runaway process.

Ask your developer:

  • “Do we have cost alerts set up?” You should know immediately if spending exceeds expected levels.
  • “Are we using the right-sized resources?” Over-provisioning is a common source of waste.
  • “What’s our monthly infrastructure cost, and is it trending up or down?” If it’s trending up, you should understand why.
  • “Are there resources we’re paying for that we’re not using?” Orphaned databases, idle servers, and forgotten staging environments add up.

Make risk a regular conversation

Don’t wait for something to break. Ask your developer to include a risk assessment in your regular check-ins. The best teams maintain a risk register, a living document that tracks known risks, their likelihood, their potential impact, and the mitigation plan.

Go build something and expect better from your developer.

Lead your dev team with confidence and clarity

One actionable tip every week. No fluff, no spam. Join founders who expect better.

Free, weekly, unsubscribe anytime.