Added new book details

Author: robmoffat

docs/ai/Practices/AI-As-Judge.md

@@ -18,6 +18,8 @@ practice:
      reason: "Can prevent harmful misinformation, disinformation, and deepfakes from spreading by having a second user-owned AI fact-check or block misleading content."
    - tag: Loss Of Human Control
      reason: "Can enforce alignment principles by rejecting responses that optimise for harmful proxy goals."
+   - tag: Unintended Cascading failures
+     reason: "Introduces a level of redundancy around AI systems, allowing them to sound the alarm when operational parameters are breached."
 ---
 
 <PracticeIntro details={frontMatter} />

docs/ai/Practices/Human-In-The-Loop.md

@@ -13,6 +13,8 @@ practice:
      reason: "Maintaining consistent human oversight in critical AI systems, ensuring that final decisions or interventions rest with human operators rather than the AI."
    - tag: Synthetic Intelligence With Malicious Intent
      reason: See Example of "Centaur" War Teams
+   - tag: Unintended Cascading failures
+     reason: "Human oversight of automated systems can help shortcut cascading failure."
 ---
 
 <PracticeIntro details={frontMatter} />

docs/ai/Practices/Multi-Stakeholder-Oversight.md

@@ -9,6 +9,8 @@ tags:
   - AI Practice
 practice:
   mitigates:
+   - tag: Synthetic Intelligence Rivalry
+     reason: "By involving multiple stakeholders, concentration of the gains from AI can be shared across civilisation, mitigating economic disruption."
    - tag: Loss Of Diversity
      reason: "Ensuring that AI governance involves multiple institutions, including governments, researchers, and civil society, to prevent monopolisation."
      efficacy: Medium

docs/ai/Threats/Unintended-Cascading-Failures.md

@@ -27,7 +27,7 @@ Unintended cascading effects are a dangerous aspect of AI deployment at scale.
 
 - **When Bots Teach Themselves to Trade** [Johnson et al., 2013](https://www.nature.com/articles/s41599-019-0224-3): Examines AI-driven financial crashes caused by autonomous trading systems responding unpredictably to market conditions.
 
-- **Supply Chain Resilience in AI Era** [Sheffi, 2020](https://doi.org/10.1080/00207543.2020.1813767): Explores how automated logistics and AI-based supply chain management can inadvertently amplify disruptions.
+- **Supply Chain Resilience in AI Era** [Sheffi, 2020](https://www.youtube.com/live/BkBuNFjLgFg?si=xvNL4hBkT4GCQMYQ): Explores how automated logistics and AI-based supply chain management can inadvertently amplify disruptions.
 
 - **AI and Workforce Displacement** [Brynjolfsson & McAfee, 2014](https://doi.org/10.7551/mitpress/9780262029470.001.0001): Investigates the macroeconomic impact of AI-induced job automation and its cascading social consequences.
 
@@ -55,6 +55,8 @@ Unintended cascading effects are a dangerous aspect of AI deployment at scale.
 
 - **Real-Life Example:** During the [COVID-19 pandemic](https://doi.org/10.1038/s41599-021-00729-4), automated supply chain optimizations led to stock shortages in essential goods as demand spikes outpaced rigid AI-driven distribution models.
 
+- **The Open Source Software Supply Chain:**  Vulnerabilities have led to large-scale cybersecurity incidents. Attacks on widely-used packages (e.g. Log4j, SolarWinds) propagated rapidly through automated update systems, revealing how technical interdependence can cascade into systemic digital risk.
+
 ## Mitigations
 
 ### AI System Redundancy

docs/books/Risk-First-Second-Edition.md

@@ -1,47 +1,61 @@
 ---
-title: 'Book: Risk-First Second Edition'
-description: "Risk-First Software Development Second Edition Coming Soon!"
+title: "Risk-First Software Development Second Edition"
+description: "Now available in digital format"
 slug: /Risk-First-Second-Edition
-featured: 
+featured:
   class: bg1
-  element: '<big-image imgsrc="/public/templates/risk-first/posts/book-grey.png" />'
-tags: 
- - Books
-sidebar_position: 2
+  element: '<big-image imgsrc="/public/templates/risk-first/posts/Cover_Image_Second_Edition.jpg" />'
+tags:
+  - Books
+sidebar_position: 1
 ---
 
-# Coming in 2024
+I'm pleased to announce that the second edition of Risk-First Software Development is [now available in Beta](https://pragprog.com/titles/rmrfsd/risk-first-software-development-second-edition)!
 
-I'm pleased to announce that the Pragmatic Bookshelf will be publishing a fully-revised and updated second edition of Risk-First Software Development!
+[![Risk-First Software Development Second Edition](/img/Cover_Image_Second_Edition.jpg)](https://pragprog.com/titles/rmrfsd/risk-first-software-development-second-edition)
 
-[![Pragmatic Bookshelf](https://media.pragprog.com/images/cms/logos/Bookshelf_4in.png)](https://pragprog.com)
-
-## Risk-First Software Development Second Edition
+## About Risk-First Software Development - Second Edition
 
 **Over 20 years ago an "Agile" revolution occurred** in the software development field.  But 20 years later, the very same proponents of the revolution are turning their backs on what they created, arguing that their ideals have been corrupted by zealotry, proscriptive norms, cargo-culting and an "Agile-Industrial Complex" focused on evangelism and certification.
 
-**Risk-First attempts something new:**   to "peel back the onion" and provide a language for understanding and evaluating not just Agile practices but *all practices* in software development.  Unlike the Agile of today, Risk-First is not a methodology telling you what to do, but a toolbox and a pattern language to help you figure out what you should do, and help you communicate with others to make your case.
+**Risk-First attempts something new:**   to "peel back the onion" and provide a language for understanding and evaluating not just Agile practices but _all practices_ in software development.  Unlike the Agile of today, Risk-First is not a methodology telling you what to do, but a toolbox and a pattern language to help you figure out what you should do, and help you communicate with others to make your case.
+
+**Understand How Projects Really Work:** Not all software projects go according to plan: many fail due to overlooked problems, misaligned stakeholders, or rigid methodologies. This book offers a groundbreaking framework for thinking differently by identifying risk at the center of every decision. You’ll gain the vocabulary, tools, and confidence to identify, evaluate, and mitigate risks before they derail your project.
+
+**All Scales Welcome:** Whether you’re managing a startup product, steering an enterprise system, or trying to incorporate new technologies such as AI, Risk-First helps you get your team aligned, spot trouble before it hits, and build software that delivers.
 
 The book aims to develop a **Pattern Language for understanding software risk**, and develop a practical framework for discussing how the activities we take on a project change the balance of the risks we are exposed to.
 
-## How Can I Get Involved?
+**Take Control!** Whether you’re a developer, team lead, or CTO, and irrespective of your tech stack or process preference, this book furnishes you with new tools to guide projects to better outcomes. Don’t let risk control you—make it your competitive edge.
 
-### Get Updates
+## What's Changed
 
-<BoxOut title="Join The Risk-First GitHub Organisation">
+This is a hugely updated and revised edition, containing a more thorough catalog of software development risks and a more in depth look at the entire risk process, from the smallest pet project up to the whole enterprise.
 
-If you [Add Your Star on GitHub](https://github.com/risk-first/website) you'll be sent an email invite to join the [Risk-First GitHub Organisation](https://github.com/risk-first/website/discussions) and the associated discussion group!
+It contains a fully-revised taxonomy of risks, breaking down each one systematically, giving worked examples of each, a list of common threats and best practices for dealing with each, as well as high-profile examples of where these risks have caused major headaches in real-life.
 
-This is where I will be adding blog materials discussing the content of the new book as it comes together, as well as providing access for beta testers.   
+It also contains two entirely new chapters dealing with technological change, responding not just to AI but the increasing pace of innovation we see globally.
 
-[![GitHub Star](/img/github_star.png) <br /> ☝️ Click This On GitHub ](https://github.com/risk-first/website)
+In essence, this is the post-agile, AI-aware manual for understanding and harnessing the forces of innovation in play when developing software systems.
+
+## Getting Involved
+
+<BoxOut title="What's A Beta For A Book, Anyway?">
+
+While the book is in beta form, you can purchase it from the link below and read it digitally. Over the course of the beta period, the book will be updated many times with suggestions and improvements - just as with a software beta.
+
+Once the book is declared "finished", it'll get published proper and you'll get the finalized digital version to keep.
+
+[Access the Beta Here](https://pragprog.com/titles/rmrfsd/risk-first-software-development-second-edition)
 
 </BoxOut>
 
-### Pre-Order
+<BoxOut title="Join The Risk-First GitHub Organisation">
+
+If you [Add Your Star on GitHub](https://github.com/risk-first/website) you'll be sent an email invite to join the [Risk-First GitHub Organisation](https://github.com/risk-first/website/discussions) and the associated discussion group!
 
-**Coming Soon!**
+This is where I will be adding blog materials discussing the content of the new book as it comes together.
 
-### Tell Us What You Think!
+[![GitHub Star](/img/github_star.png) <br /> ☝️ Click This On GitHub ](https://github.com/risk-first/website)
 
-Most of the material in the second edition book is published here on this website, so you can simply [start reading](overview/Start).  If you have any feedback, please get in touch.  What's missing?  What doesn't make sense?  What should be left out?  Knowing this will be super-helpful and **you will be credited in the book along with all the other [Contributors](/overview/Contributors).**
+</BoxOut>

docs/books/The-Menagerie.md

@@ -1,23 +1,23 @@
 ---
-title: 'Book: The Menagerie'
+title: "The Menagerie"
 description: "Risk-First Software Development Volume 1: The Menagerie.  Available to read online, on Kindle and to buy at Amazon"
 slug: /The-Menagerie
-tags: 
- - Books
+tags:
+  - Books
 
-featured: 
+featured:
   class: bg1
   element: '<big-image imgsrc="/public/templates/risk-first/posts/book-grey.png" />'
-sidebar_position: 1
+sidebar_position: 2
 ---
 
 # The Menagerie
 
-[Second Edition Coming Soon!](Risk-First-Second-Edition)
+[Second Edition Now Available!](Risk-First-Second-Edition)
 
-The software development world is crowded with different practices, metrics, methodologies, tools and techniques.  But what unites them all?
+The software development world is crowded with different practices, metrics, methodologies, tools and techniques. But what unites them all?
 
-Volume one of the Risk-First series argues the case for viewing _all_ of the activities on a software project through the lens of _managing risk_.  It introduces the menagerie of different risks you're likely to meet on a software project, naming and classifying them so that we can try to understand them better.
+Volume one of the Risk-First series argues the case for viewing _all_ of the activities on a software project through the lens of _managing risk_. It introduces the menagerie of different risks you're likely to meet on a software project, naming and classifying them so that we can try to understand them better.
 
 ![Risk-First Software Development: Volume 1, The Menagerie](/img/Cover_Book_image.jpg)
 
@@ -28,7 +28,7 @@ The book aims to develop a _Pattern Language_ for understanding software risk, a
 - [Download a Sample](/the-menagerie-sample.pdf)
 - [Kindle Edition](https://a.co/d/hmpmYl2) (From Amazon)
 - [Print Edition](https://www.amazon.com/Risk-First-Software-Development-1-Menagerie/dp/1717491855) (From Amazon.com
-) or [Amazon UK](https://amzn.eu/d/2i8sZH9)
+  ) or [Amazon UK](https://amzn.eu/d/2i8sZH9)
 
 ## Read It Here
 

src/images/generated/coso/communication.adl

@@ -0,0 +1,39 @@
+<?xml version="1.0"?>
+<diagram
+	xslt:template="/public/templates/risk-first/risk-first-template.xsl"
+	xmlns="http://www.kite9.org/schema/adl"
+	xmlns:xslt="http://www.kite9.org/schema/xslt" id="dia"
+	style="--kite9-layout: down; ">
+
+	<table k9-texture="none" style="--kite9-grid-size: 2 3; ">
+
+		<cell>
+			<description class="bold">COSO Action</description>
+		</cell>
+
+		<cell style="--kite9-layout: down; ">
+			<action>Informing and Communicating</action>
+		</cell>
+
+
+		<cell>
+			<description class="bold">Software Development</description>
+		</cell>
+		
+		<cell style="--kite9-layout: right;"> 
+			<group style="--kite9-layout: down; --kite9-vertical-align: top; ">
+				<action>Marketing</action>
+				<action>Stakeholder Management</action>
+			</group>
+			<group style="--kite9-layout: down; --kite9-vertical-align: top; ">
+				<action>Issue Management</action>
+				<action>Meetings</action>
+			</group>
+			<group style="--kite9-layout: down; --kite9-vertical-align: top; ">
+				<action>Documentation</action>
+				<action>Demos</action>
+			</group>
+		</cell>
+	</table>
+
+</diagram>

src/images/generated/coso/control-activities.adl

@@ -0,0 +1,38 @@
+<?xml version="1.0"?>
+<diagram
+	xslt:template="/public/templates/risk-first/risk-first-template.xsl"
+	xmlns="http://www.kite9.org/schema/adl"
+	xmlns:xslt="http://www.kite9.org/schema/xslt" id="dia"
+	style="--kite9-layout: down; ">
+
+	<table k9-texture="none" style="--kite9-grid-size: 2 3; ">
+
+		<cell>
+			<description class="bold">COSO Action</description>
+		</cell>
+
+		<cell style="--kite9-layout: down; ">
+			<action>Control Activities</action>
+			<description>Policies and procedures are established and implemented to help ensure that
+risk responses are carried out effectively.</description>
+		</cell>
+
+
+		<cell>
+			<description class="bold">Software Development</description>
+		</cell>
+		
+		<cell style="--kite9-layout: right;"> 
+			<group style="--kite9-layout: down; --kite9-vertical-align: top; ">
+				<action>Releases</action>
+			</group>
+			<group style="--kite9-layout: down; --kite9-vertical-align: top; ">
+				<action>Coding</action>
+			</group>
+			<group style="--kite9-layout: down; --kite9-vertical-align: top; ">
+				<action>Testing</action>
+			</group>
+		</cell>
+	</table>
+
+</diagram>

src/images/generated/coso/coso.adl

@@ -0,0 +1,39 @@
+<?xml version="1.0"?>
+<diagram
+	xslt:template="/public/templates/risk-first/risk-first-template.xsl"
+	xmlns="http://www.kite9.org/schema/adl"
+	xmlns:xslt="http://www.kite9.org/schema/xslt" id="dia"
+	style="--kite9-layout: down; ">
+
+	<table k9-texture="none" style="--kite9-grid-size: 2 2; ">
+
+		
+		<cell><action style="--kite9-horizontal-align: left; ">Internal Environment</action></cell>
+		<celltext>What is the internal philosophy 
+		and culture?</celltext>
+
+		<cell><action style="--kite9-horizontal-align: left; ">Objective Setting</action></cell>
+		<celltext> What are we trying to 
+		accomplish?</celltext>
+
+		<cell><action style="--kite9-horizontal-align: left; ">Event Identification</action></cell>
+		<celltext>What could stop us from accomplishing it?</celltext>
+
+		<cell><action style="--kite9-horizontal-align: left; ">Risk Assessment</action></cell>
+		<celltext>How bad are these events? Will they really happen?</celltext>
+
+		<cell><action style="--kite9-horizontal-align: left; ">Risk Answer</action></cell>
+		<celltext>What are our options to stop those things from happening?</celltext>
+
+		<cell><action style="--kite9-horizontal-align: left; ">Control Activities</action></cell>
+		<celltext>Let's create something to make sure they don't happen.</celltext>
+
+		<cell><action style="--kite9-horizontal-align: left; "> Information and Communication</action></cell>
+		<celltext>With whom will will we obtain information and communicate?</celltext>
+
+		<cell><action style="--kite9-horizontal-align: left; ">Monitoring</action></cell>
+		<celltext>How will we know that we've achieved what we wanted to accomplish?</celltext>
+
+	</table>
+
+</diagram>

src/images/generated/coso/event-identification.adl

@@ -0,0 +1,37 @@
+<?xml version="1.0"?>
+<diagram
+	xslt:template="/public/templates/risk-first/risk-first-template.xsl"
+	xmlns="http://www.kite9.org/schema/adl"
+	xmlns:xslt="http://www.kite9.org/schema/xslt" id="dia"
+	style="--kite9-layout: down; ">
+
+	<table k9-texture="none" style="--kite9-grid-size: 2 3; ">
+
+		<cell>
+			<description class="bold">COSO Action</description>
+		</cell>
+
+		<cell style="--kite9-layout: down; ">
+			<action>Event Identification</action>
+			<description>Identifying what could stop the organisation from accomplishing its goals.</description>
+		</cell>
+
+
+		<cell>
+			<description class="bold">Software Development</description>
+		</cell>
+		
+		<cell style="--kite9-layout: right;"> 
+			<group style="--kite9-layout: down; --kite9-vertical-align: top; ">
+				<action>Measurement</action>
+				<description>Working out what to track to monitor risks to our project.</description>
+			</group>
+			<group style="--kite9-layout: down; --kite9-vertical-align: top; ">
+				<action>Analysis</action>
+				<description>Ascertaining what risks exist within the environment you’re operating in, or
+what risks you’re addressing in the project.</description>
+		</group>
+		</cell>
+	</table>
+
+</diagram>