Defensive design

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Paper cutting machine with two buttons required to be pressed simultaneously to cut the paper. A defensive design to prevent the operator from cutting his own hands.

Defensive design is the practice of planning for contingencies in the design stage of a project or undertaking. Essentially, it is the practice of anticipating all possible ways that an end-user could misuse a device, and designing the device so as to make such misuse impossible, or to minimize the negative consequences. For example, if it is important that a plug is inserted into a socket in a particular orientation, the socket and plug should be designed so that it is physically impossible to insert the plug incorrectly. Power sockets are often keyed in such a manner, to prevent the transposition of live and neutral.

Defensive design in software engineering is called defensive programming. Murphy's law is a well-known statement of the need for defensive design. It is considered the opposite approach to design by contract.[1]


See also[edit]


  1. ^ "Design by contract". Internet: Wikipedia. 2017-05-17. Archived from the original (HTML) on 2017-05-17. Retrieved 2017-07-25. The DbC approach assumes all client components that invoke an operation on a server component will meet the preconditions specified as required for that operation. Where this assumption is considered too risky (as in multichannel client-server or distributed computing) the opposite "defensive design" approach is taken, …