Editing Defensive design

{{Short description|Design practice that plans for contigencies}}
{{About|design to prevent misuse|the design of public places to prevent crime and other undesired actions|Hostile architecture}}
{{Unsourced|date=January 2024}}
[[File:G type plug and socket.png|thumb|[[BS 1363]] plug and socket, an example of defensive design: the plug can only be inserted in the correct orientation]]
'''Defensive design''' is the practice of planning for [[Contingency plan|contingencies]] in the [[design]] stage of a project or undertaking. Essentially, it is the practice of anticipating all possible ways that an end-user could misuse a device, and designing the device so as to make such misuse impossible, or to minimize the negative consequences. For example, if it is important that a plug is inserted into a socket in a particular orientation, the socket and plug should be designed so that it is physically impossible to insert the plug incorrectly. Power sockets are often keyed in such a manner, to prevent the transposition of live and neutral. They are also recessed in the wall in a way that makes it impossible to touch connectors once they become live.

Defensive design in [[software engineering]] is called [[defensive programming]]. [[Murphy's law]] is a well-known statement of the need for defensive design, and also of its ultimate limitations.

==Applications ==

===Computer software ===

Implementation decisions and [[software design]] approaches can make software safer and catch user errors.
[[Source code|Code]] that implements this is termed a [[sanity check]].

* Data entry screens can "sanitize" inputs, e.g. numeric fields contain only digits, signs and a single decimal point if appropriate.

* Inputs can be checked for legitimate values, e.g. for counts of workplace injuries (or number of people injured) the number can be 0 but can't be negative and must be a whole number; for number of hours worked in one week the amount for any specified employee can be 0, can be fractional, but can't be negative and can't be greater than 168, nor more than 24 times the number of days they were in attendance.

* A word processor requested to load a saved document should scan it to ensure it is in good form and not [[Data corruption|corrupted]]. If it is corrupted, the program should say so, then either accept the partial document that was valid, or refuse the entire document. In either case it should remain running and not quit.

=== Electronics ===

Many [[electrical connectors]] apply this principle by being asymmetric.
Alternatively, [[USB-C#Ease_of_use|USB-C plugs]] are mechanically but not electrically symmetric, but achieve an illusion of symmetry resulting from how devices respond to the cable, and hence can be plugged in either of two ways. Accompanying circuitry makes the plugs and cables behave as though they are symmetric.

==See also==
* [[Defensible space theory]]
* [[Fail-safe]]
* [[Idiot-proof]]
* [[Inherent safety]]
* [[Poka-yoke]]
* [[Usability testing]]

== References ==
{{reflist}}

{{Design}}

{{DEFAULTSORT:Defensive Design}}
[[Category:Design]]