Defensive design

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Paper cutting machine with two buttons required to be pressed simultaneously to cut the paper. A defensive design to prevent the operator from cutting their own hands because it makes it impossible to accidentally have one hand in the way of harm.

Defensive design is the practice of planning for contingencies in the design stage of a project or undertaking. Essentially, it is the practice of anticipating all possible ways that an end-user could misuse a device, and designing the device so as to make such misuse impossible, or to minimize the negative consequences. For example, if it is important that a plug is inserted into a socket in a particular orientation, the socket and plug should be designed so that it is physically impossible to insert the plug incorrectly. Power sockets are often keyed in such a manner, to prevent the transposition of live and neutral. They are also recessed in the wall in a way that makes it impossible to touch connectors once they become live.

Defensive design in software engineering is called defensive programming. Murphy's law is a well-known statement of the need for defensive design, and also of its ultimate limitations.


See also[edit]