The risk taxonomy every FMEA starts from.
Sixteen categories, three test-level views, and the 2026 additions nobody used to need.

Failures that cause specific features not to work as specified.

Failures in scaling of the system to expected peak concurrent usage levels and data volumes. Distinct from Performance — Performance is "does a single request meet its SLO," Load is "does the system still meet its SLO with 10,000 concurrent users."

Failures to meet reasonable expectations of availability and mean-time-between-failure. Includes memory leaks, resource exhaustion, and degradation over uptime.

Failures under beyond-peak or illegal conditions, and the knock-on effects of deliberately inflicted errors. Covers recovery from power loss, network partition, and upstream service failure.

Failures in date math and handling — time-zone boundaries, daylight-saving transitions, leap seconds, year boundaries, fiscal vs. calendar year, and (still, in 2026) systems whose internal epochs expire.

Failures to match competing systems in quality. Frequently overlooked in internal risk analysis because it requires market research, not engineering research.

Failures that endanger continuing operation, including backup and restore, runbooks, on-call workflows, and the ability for operations staff to recover from production incidents without engineering escalation.

Failures in human factors — especially at the user interface, but also in the installation flow, onboarding, and recovery from user error.

Failures in processing, storing, or retrieving data. Includes silent corruption, precision loss, truncation, encoding mangling, and failed referential integrity.

Failures to perform as required under expected loads. Latency, throughput, and responsiveness against an SLO or budget.

Failures in specific localities — language, dictionary/thesaurus, collation order, number/date/currency formatting, and localized error messages.

Failures with specific supported OS / browser / device / runtime / dependency combinations. Includes regression against dependency upgrades (the kind CI finds before users do) and the combinatorial explosion of "minor versions."

Failures to protect the system and secured data from fraudulent or malicious misuse. Pair with the seven-step security risk reduction whitepaper — this is a surface area with its own deeper taxonomy (OWASP Top 10, MITRE ATT&CK, CWE).

Failures that prevent or impede deploying the system. In 2026 this also covers CI/CD failures, canary/blue-green/rollback integrity, database migration safety, and rollback data loss.

Failures in operating instructions for users or system administrators, including API reference accuracy, runbook accuracy, and deprecation notice quality.

Failures in interfaces between components — wire formats, contract violations, schema drift, protocol version mismatches, silent field removal.

Failures to meet accessibility standards (WCAG 2.2, Section 508, EN 301 549, ADA case law). In 2002 this sat inside Usability; in 2026 it is a distinct legal and regulatory exposure with its own testable surface (screen-reader behavior, keyboard navigation, contrast, motion/animation preferences, ARIA semantics, cognitive load, localization of accessibility affordances). Enterprise programs that ignore it invite lawsuits.

Failures in the instrumentation that would let an operator tell whether the system is working in production. Missing / mis-tagged / too-noisy logs, metrics without cardinality controls, spans that do not cross service boundaries, dashboards that contradict each other. This is distinct from Operations — Operations is "can we run it," Observability is "can we tell what it is doing." Pair with production-telemetry-driven test authoring (see building-quality-in whitepaper).

Failures that cause unexpected cost blowouts — runaway background workers, recursive retry storms, uncapped logging, uncapped LLM-API calls, storage leaks, N+1 query patterns in production traffic. For cloud-native systems this is first-class quality risk: a correctness-passing release can still cause a business-critical incident via the monthly bill.

Failures introduced via dependencies — vulnerable packages, transitive dependency drift, build-system compromise, dependency-confusion attacks, malicious maintainer takeover, SBOM inaccuracy. Includes the CI/CD pipeline itself and the ecosystems it pulls from. In 2002 this was a subset of Compatibility; in 2026 it is its own surface with its own tooling (SCA, SBOM attestation, provenance verification, pinned dependencies).

For systems whose primary job is inference (classification, generation, recommendation, forecasting), the output is probabilistic — correctness becomes a distribution, not a pass/fail. Risk items: held-out evaluation set accuracy, calibration (does 80% confidence mean 80%?), performance on adversarial / out-of-distribution / long-tail inputs, regression against specific demographic slices. Cannot be tested with example-based assertions; requires eval-set testing, golden-set testing, and slice-based metrics.

Distinct from generic Security: prompt injection, indirect prompt injection via retrieved documents, over-trust of tool outputs, jailbreaking, training-data poisoning, model-supply-chain risk, hallucination on high-stakes outputs, bias/fairness failures with demonstrable disparate impact. For LLM-backed systems, most of OWASP LLM Top 10 lives here rather than under Security.

Failures to produce a defensible account of why the system did what it did — in regulated contexts (credit, hiring, healthcare, underwriting, insurance pricing, immigration, education), increasingly mandatory. Includes decision logs, feature attribution, lineage of data and model versions, and the ability to reconstruct a specific production decision six months later. Pair with the Cost-of-Exposure and Compliance risks inside Security / Privacy.