Back in 2013, when I first started working on SimpleRisk in my spare time on nights and weekends, I started using a massive Trello board to track all of the features I would need to do my job as a risk manager. I used a relatively simple scheme of labeling each card as yellow, orange, or red to indicate the priority. With each new feature I added, more organizations would adopt the platform; and with each new organization came fresh ideas on how to continually drive the product forward. We still routinely get feature requests from customers and, today, that Trello board has grown to hundreds of cards and are generally prioritized based on three things:
- Severity: Coming from a background of running the Information Security Program for a large enterprise, I've always put my reputation in security above all else. As such, security vulnerabilities will always receive the highest level of attention from me and my team. We have a formal Responsible Disclosure Policy and host a private Bug Bounty Program on HackerOne. Many of the bugs we come across in the product will also fall into the high-severity category for prioritization. If it's something that impacts one of our customers, then it's something that needs to be fixed, plain and simple.
- Broad Appeal: Once we've addressed all of the high-severity cards, we will typically prioritize the cards which we believe have the broadest level of customer appeal. Typically, these stem from customer suggestions where we hear over and over again something like "It would be really useful if SimpleRisk did X". To date, the majority of the newly added features over the past few years were rooted in these requests and we do our best to track each requestor and notify them once the feature has been implemented.
- Low Hanging Fruit: As we are preparing for a new release, there's a point in time where we are doing a lot of testing and don't want to add any new major functionality so as not to create last-minute issues. This is where we will typically try and squeeze in smaller items that are less about function and more about visual appeal and utility.
Even as we've grown the team to include additional development resources, this prioritization process still serves us today, but we want it to be better, and that's where you come in. Recently, we've been revamping the SimpleRisk website to make our resources easily accessible to customers and prospects, alike. One of the brand new additions to the website, is a Suggest a Feature page which allows you to submit your own feature suggestions for SimpleRisk, as well as upvote suggestions from others. I've added a few items to get the conversation started, but my hope is that our community will embrace this as a means to help us to align our development resources to the things that matter most to our customers. The SimpleRisk Feature Roadmap page will continue to be a resource to find out about high level features we are actively working on putting into past, present, and future releases, but we cannot wait to hear what features you want to see added to SimpleRisk!