The hottest Risk management Substack posts right now

And their main takeaways
Category
Top Finance Topics

Top 10 OSS Risks

Resilient Cyber 99 implied HN points 13 Mar 23
🕹 Technology Risk management
  1. Open Source Software (OSS) is widely used, making up a large part of many software applications. However, it's essential to be aware of the risks it poses, as vulnerabilities in OSS can impact many users simultaneously.
  2. One major risk is the compromise of legitimate OSS packages, where attackers can hijack code or repositories to insert malicious elements, which can then spread to organizations using that software.
  3. Another concern is outdated or unmaintained OSS, which can lead to security issues if the software isn’t updated regularly. Organizations need to keep track of the OSS they use and ensure it's actively maintained.

ESG and the pricing of a Near Miss

ESG Hound 288 implied HN points 26 May 23
💼 Business Risk management
  1. Luck can sometimes prevent a disaster, like in a near miss incident.
  2. Second-order risks, not immediately priced, can lead to catastrophic consequences.
  3. ESG helps in evaluating and pricing risks like environmental compliance and social issues, offering investing insights.

The Combined Power of SAST and Threat Modeling

Resilient Cyber 99 implied HN points 07 Mar 23
🕹 Technology Risk management
  1. Using SAST tools helps find security problems in an app's code. It's important to have tools that are easy to use and can be customized based on your needs.
  2. Threat modeling is about figuring out what security risks exist and how likely they are to happen. It helps you focus on the most important threats to your applications.
  3. Combining SAST and threat modeling makes both methods stronger. By knowing your threats, you can use SAST better to fix specific vulnerabilities in your software.

FOMO and the optimal portfolio size

Klement on Investing 2 implied HN points 12 Jan 26
💰 Finance Risk management
  1. Random global portfolios need hundreds of stocks (often 250–750) to meaningfully diversify stock-specific risk and narrow return outcomes, because a few big winners drive returns while many stocks fail.
  2. ESG-weighted portfolios converge even more slowly, so applying ESG selection typically increases the number of holdings required to stabilize volatility and returns.
  3. Concentrated portfolios still make sense for genuinely skilled active managers because concentration amplifies and reveals skill quickly; if managers are effectively random, broad indexing or very large portfolios are the better choice.

Alternative Investment Guide #3 - Equity Crowdfunding

Concepts of Finance 🧠 59 implied HN points 25 Jul 23
💰 Finance Risk management
  1. Equity crowdfunding lets everyday people invest in startups by buying shares. This means you can own a small part of a new company, hoping it grows in value over time.
  2. Investors can make money through equity ownership, dividends, or selling their shares later if the company does well. However, there's always a risk of losing your investment since many startups fail.
  3. Before investing, it's important to research the company and its team, as well as understand the risks involved. Doing your homework can help you find promising investments.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Performative Failure

Investing 101 69 implied HN points 03 Nov 24
💼 Business Risk management
  1. Performative failure, where people act as if they are failing for show, can prevent real learning and growth. It's better to genuinely take risks and embrace true failure.
  2. Shame often stops people from trying because they confuse their self-worth with their success or failure. It’s important to separate who you are from what you achieve.
  3. Choosing the right challenges to pursue is key. Aiming for meaningful goals makes any failures valuable and worthwhile, as they contribute to growth and character.

A look at the DoD's Zero Trust Strategy

Resilient Cyber 119 implied HN points 27 Nov 22
🕹 Technology Risk management
  1. The Department of Defense is adopting a Zero Trust strategy to improve security by not automatically trusting any user or device, and it aims to fully implement this approach in five years.
  2. Key goals of the strategy include fostering a culture of Zero Trust within the organization, accelerating technology adoption, and ensuring DoD systems are secure and well-defended.
  3. Success relies on collaboration across all levels of the DoD, as well as proper funding and resources to support the technology and cultural shifts needed for this new security model.

✅ Using AI for tactical and strategic applications in public relations

Wadds Inc. newsletter 39 implied HN points 13 Oct 23
💼 Business Risk management
  1. AI tools can help public relations pros improve their writing by checking spelling and grammar, making them better at their jobs. Many people already use these tools without realizing how much they help.
  2. Focusing on using AI for just generating content can ignore its potential in strategy and management, which could provide even bigger benefits for PR practices.
  3. While AI can save a lot of time and make work easier, there's a risk of spreading misinformation, so it's important to use AI wisely and question its outputs.

Peacetime Bank Stress Tests: Who's That For?

Without Warning 39 implied HN points 19 Feb 23
💰 Finance Risk management
  1. The purpose of stress tests for banks in peacetime is not necessarily to predict future crises, but to ensure banks have enough capital and that the tests are tough and variable.
  2. It's important for stress test scenarios to change and remain tough to prevent banks from manipulating their capital levels and misrepresenting their financial health.
  3. The public stress test process during peacetime may not have a significant impact on capital allocation to the banking sector, unlike crisis-time stress tests.

Is your project on schedule? How do you know?

Respectful Leadership 54 implied HN points 29 Dec 24
💼 Business Risk management
  1. To keep projects on track, it's essential to dig deep into details and understand all aspects involved. This helps find hidden issues before they become problems.
  2. Unexpected challenges will always arise, so having backup plans is crucial. It's better to prepare for potential setbacks than to face surprises later.
  3. Effective project estimates need thorough discussions and clear communication among all teams. This helps ensure everyone understands what needs to be done and avoids over-optimism.

The fourth quarter effect in small caps

Klement on Investing 2 implied HN points 07 Jan 26
💰 Finance Risk management
  1. Smaller companies show a clear drop in earnings in their fourth fiscal quarter, with the effect strongest among the smallest 25–50% of firms.
  2. The decline is driven mainly by sudden rises in costs (COGS and SG&A) and outdated cost forecasting or weak internal systems, not by lower sales or audit-driven manipulation.
  3. Analysts usually don’t adjust for this Q4 effect, so misses are more common, but market reactions are muted since investors tend to focus on the coming fiscal year.

UCSF has match day outdoors & plans on contact tracing... in 2024

Vinay Prasad's Observations and Thoughts 132 implied HN points 16 Mar 24
🏥 Health Politics Risk management
  1. Population immunity to COVID-19 is high, making large outdoor gatherings unnecessary. Holding events outdoors may not significantly impact transmission and could be inconvenient.
  2. There is little evidence to support the need for contact tracing in 2024. The effectiveness of contact tracing for the virus is questionable.
  3. Medical school policies may sometimes prioritize perceived safety over rational decision-making, potentially impacting student experiences and learning.

Let's Talk About Malicious Browser Extensions: Part 2

!important 43 implied HN points 13 Feb 25
🕹 Technology Risk management
  1. Malicious browser extensions can steal sensitive information like passwords and cookies. This puts users at risk of losing their accounts and personal data.
  2. In workplaces, these risks are even more serious because a breach can affect the whole organization and its customers. It's crucial for businesses to be aware of these dangers.
  3. Many security professionals need better training and tools to recognize the risks of browser extensions and to protect their systems effectively.

Quant Letter: June 2025, Week-3

The Parlour 21 implied HN points 19 Jun 25
💰 Finance Risk management
  1. A new forecasting method called Bayesian VAR can predict complex time series data accurately by handling multiple variables and irregular data.
  2. Research on electricity markets reveals how hedging can be connected to market power abuse, which helps understand the economic behaviors in these markets.
  3. Recent studies show how machine learning and quantum methods are being applied to optimize trading strategies and predict market fluctuations.

Beware Of When The Smoke Clears

QTR’s Fringe Finance 21 implied HN points 23 Jun 25
💰 Finance Risk management
  1. Markets might not rise as expected after conflicts cool down, even if it seems logical. It's important to recognize that less news doesn't always mean success.
  2. Investors often think they will benefit when uncertainty decreases, but this could backfire. The reality can be different when the expected clarity arrives.
  3. The idea of a 'peace dividend' might be a trap; selling or getting out could be more common than investment growth after the news settles.

In Property Insurance, Climate Change is Everything

Equal Ventures 19 implied HN points 24 Jan 24
💰 Finance Risk management
  1. Insurers must adapt quickly to the impacts of climate change on property insurance, as changing weather patterns are leading to more natural catastrophe events and heavier losses.
  2. The property insurance market is experiencing shrinking margins, complex regulations, and increasing premiums due to climate change impacts, leading to carriers pulling back policies in high-risk areas.
  3. There is a need for more innovative approaches in underwriting and risk management, moving away from relying solely on historical zip code data and towards tailored risk assessment in the face of evolving weather risks.

Regulators Should Conduct "Material Loss Review" Of Synapse Disaster

Fintech Business Weekly 52 implied HN points 08 Dec 24
💰 Finance Risk management
  1. Regulators should look into the Synapse disaster to understand what went wrong. This could help prevent similar issues in the future.
  2. There is a significant amount of lost funds that still needs to be clarified, impacting many users. Authorities need to take responsibility and provide transparency.
  3. The emotional toll on the people affected is serious, as highlighted by the Synapse trustee's feelings during court. Many end users are suffering and need answers.

One Tech Stock I'm Hell Bent On Avoiding

QTR’s Fringe Finance 18 implied HN points 08 Jul 25
💰 Finance Risk management
  1. Some tech stocks can quickly increase in value, but that doesn't always mean they are a good investment. It's important to look deeper into the company before jumping in.
  2. Pay attention to any signs that suggest a company may not be trustworthy. If something feels off, it might be best to avoid that stock altogether.
  3. It's also wise to be cautious about the companies that a tech stock does business with, as they can impact its reputation and future success.

Thoughts on the MOVEit hack

Frankly Speaking 203 implied HN points 20 Jun 23
🕹 Technology Risk management
  1. The MOVEit hack highlights issues with software age and responsible disclosure.
  2. Progress handled the security incident well but third-party risk management needs a shift towards evaluating vendor security culture.
  3. Security teams should focus less on questionnaires and more on vendor security roadmap and practices.

Enter the Matrix

Resilient Cyber 79 implied HN points 13 Feb 23
🕹 Technology Risk management
  1. The Cyber Defense Matrix helps organizations understand their security tools better. It allows teams to see what tools they have, find overlaps, and spot gaps in their defenses.
  2. Cybersecurity tool sprawl is a big issue where companies use many different tools, often without fully understanding how well they work. This can make it harder to respond to threats effectively.
  3. Investing more in technology than in the people and processes can lead to a weaker security response when incidents occur. It's important to balance resources across technology, people, and processes.

Zomato fails to deliver [Finance Fridays]

Technology Made Simple 79 implied HN points 29 Jul 22
💰 Finance Risk management
  1. Food delivery business is unprofitable globally despite high fees; Zomato suffered major losses without solid plans.
  2. Zomato's acquisition of Blinkit with a massive cash burn was not beneficial due to lack of established cash flows.
  3. Investors should be cautious of hype; Zomato's crash led to retail investors facing significant losses.

A 50 million dollar hairline crack

Gordian Knot News 212 implied HN points 03 Apr 23
🔬 Science Risk management
  1. A small hairline crack in a nuclear reactor can lead to costly shutdowns for inspections.
  2. Regulatory bodies like the NRC are quick to order shutdowns to ensure safety.
  3. Implementing checks and balances in the industry is crucial for maintaining an economic and efficient grid.

The Boom Bust Cycle and how it affects tech[Finance Fridays]

Technology Made Simple 59 implied HN points 08 Oct 22
💰 Finance Risk management
  1. The economy goes through cycles of growth (boom) and contraction (bust), influenced by optimism and greed.
  2. Tech industry is more vulnerable to boom-bust cycles due to its rapid pace, scalability, and complexity, making it hard to predict and invest in.
  3. To survive economic fluctuations, it's important to build resilience by staying abreast of skills, having emergency funds, and not panicking.

A look at the Open Software Supply Chain Attack Reference (OSC&R)

Resilient Cyber 59 implied HN points 21 Feb 23
🕹 Technology Risk management
  1. The Open Software Supply Chain Attack Reference (OSC&R) is a tool designed to help understand software supply chain security risks. It provides a framework to assess various tactics that attackers may use.
  2. One important concept introduced by OSC&R is the Pipeline Bill of Materials (PBOM), which gives a detailed view of everything that happens to a piece of software from start to finish. This helps organizations see risk factors at every stage of the software's life.
  3. Security is a big concern across different areas like container security, open source software, and cloud security. Each area has specific practices to follow to help protect against potential threats.

Apollo's Web

Net Interest 12 implied HN points 18 Jul 25
💰 Finance Risk management
  1. Lockheed Martin transferred a large amount of pension obligations to Athene to reduce financial risk and focus on its main business.
  2. Athene, backed by Apollo Global Management, has rapidly grown its pension risk transfer business, sparking concerns about the safety of these arrangements for individuals.
  3. Some employees are worried that private equity's involvement in insurance may lead to higher risks and fewer protections for pension holders.

Leaked Treasury Prime Docs Show Risks Of BaaS Business: Churn, Concentration, Slowing Growth

Fintech Business Weekly 89 implied HN points 03 Mar 24
💰 Finance Risk management
  1. Leaked Treasury Prime documents highlight risks in Banking-as-a-Service business, including issues like churn, concentration, and slowing growth.
  2. Treasury Prime's strategic pivot to focus on selling to banks instead of fintechs resulted in drastic employee layoffs, shedding light on the challenging environment for middleware platforms in fintech.
  3. Fintech companies like Chime and Green Dot facing regulatory actions and penalties underscore the importance of compliance and customer service in the financial industry.

Going Down With the Ship

Resilient Cyber 39 implied HN points 31 May 23
🕹 Technology Risk management
  1. Many organizations have a huge number of open vulnerabilities, but they struggle to fix them fast enough. This creates a risky situation where bad actors can exploit these weaknesses quickly.
  2. Despite new tools and approaches, cybersecurity continues to lag behind the speed of threats. Adding more security tools doesn't necessarily make things safer and can actually create confusion and overload for teams.
  3. Security should be treated as an ongoing process, not just something to buy or check off a list. If we keep doing the same thing without real change, we’ll keep facing the same problems.

#24: Insurance for AI: Easier Said than Done

Loeber on Substack 40 implied HN points 04 Nov 24
💼 Business Risk management
  1. Insurance for AI risks is a complex topic due to the unpredictable nature of AI outputs, making it hard to find solid coverage options. Businesses want protection from costly mistakes by AI, but actual insurance products may be limited.
  2. The market for existing software error insurance is quite small, which raises questions about how large the market for AI error insurance could be. With many companies not even aware of current insurance options, it's a niche field.
  3. Insurers face challenges in accurately assessing AI risks due to information gaps and the rapid evolution of AI technology. This could lead to difficulties in creating effective insurance policies for AI applications.

#2: Degrees of freedom

The Uncertainty Mindset (soon to become tbd) 379 implied HN points 13 Nov 19
💼 Business Risk management
  1. To handle unexpected problems, a team needs the freedom to act. This freedom helps them adapt and respond to changing situations.
  2. Giving people freedom in their work can lead to mistakes, but it also allows for creative solutions. Balancing freedom and structure is important.
  3. Organizations that embrace both risks and uncertainties are often better at dealing with surprises. This means they can thrive even when things don’t go as planned.

Too Big To Fail

The Last Bear Standing 160 implied HN points 10 Mar 23
💰 Finance Risk management
  1. In the mid-2000s, banks faced a significant problem with growing leverage and inadequate cash reserves.
  2. The 2008 financial crisis led to emergency bailouts to address liquidity issues in the banking sector.
  3. While regulations and liquidity injections have reduced the risk of widespread liquidity crises in large U.S. banks, the 'too-big-to-fail' problem persists in the broader financial system.

Predicting earthquakes

The Works in Progress Newsletter 11 implied HN points 16 Jul 25
🔬 Science Risk management
  1. Scientists estimate that a major earthquake can occur in the American West Coast, causing massive destruction and loss of life. Planning for these events is crucial, given the high number of residents in these areas today.
  2. Funding for earthquake prediction is very limited, focusing mostly on understanding where earthquakes might happen rather than when. There is a big need for more resources to develop better warning systems.
  3. Using advanced technology and data sharing can significantly improve earthquake prediction. A centralized lab focusing on research and collaboration could potentially provide better warning times and save lives.

We don’t want auditors to be good at their job

Klement on Investing 2 implied HN points 11 Dec 25
💰 Finance Risk management
  1. Corporate accounting scandals recur and auditors are routinely made the public scapegoat, prompting regulatory fixes that don’t stop the next failure.
  2. If auditors actually caught all fraud, investors who lose money would still look for someone else to blame, because many people outsource their own due diligence.
  3. The blame cycle usually expands to regulators and then quiets after reforms, allowing auditors and the system to be gradually exonerated and the pattern to repeat.

The Everything Bubble Suddenly Feels Unstable

QTR’s Fringe Finance 29 implied HN points 15 Jan 25
💰 Finance Risk management
  1. Investors might need to prepare for tougher conditions in the market. It seems like the Federal Reserve might not be there to support them like before.
  2. The era of easily accessible money may be changing. Investors who relied on quick fixes might find it harder to bounce back from crises.
  3. It's important for investors to rethink their strategies. They may need to adapt to a new reality where traditional safety nets aren't guaranteed.

Secret Diary of a Hedge Fund Allocator

Net Interest 13 implied HN points 13 Jun 25
💰 Finance Risk management
  1. Hedge funds offer a way for individual investors to access top managers and diversify their investments, but they often come with extra fees that can eat into returns.
  2. The Brevan Howard fund stands out for its ability to manage risk and provide steady returns, even in tough market conditions, making it a reliable choice for investors.
  3. Investing in hedge funds can be a rollercoaster ride with ups and downs, so it's important to learn from both your successes and failures when picking managers.