Published on

Defensive Design

Authors
  • avatar
    Name
    Shichang Ke
    Twitter

Definition

People usually see Defensive Design as the other side of the coin from Inclusive Design, since Defensive Design by its name casts the question of who or what is the designer defending against? Moreover, since Inclusive Design is often associated with providing more accessibility to marginal users which has a positive social impact, Defensive Design, viewing as the opposite of it, are sometime perceived to be a negative phrase.

Nevertheless, Defensive Design in it’s definition is a neutral term: the practice of planning for contingencies in the design stage of a project or undertaking. It does not imply any inherent exclusiveness.

My personal example

I would say one defensive design from my everyday life is the auto turn off setting on my hair straightener. After 30 minutes without being used, the heated plates would switch off. I believe this design was to prevent possible damage or fire if the user forgot to turn of the straightener with inflammable items nearby. One time during lunch, I suddenly remembered I forgot to turn off the straightener and I ran straight home. Luckily, I did not see my apartment in flames, since the straightener turned itself off. Therefore, I presume designers for electronics would value defensive design very much since any possible misuse of their product may have severe consequences.

Defensive design in software engineering

Software engineers should also take defensive design seriously, since errors in computer software can sometimes lead to even more significant damage. For example, most registration forms on websites will prompt the users to setup a strong password with a combination of letters, numbers, cases, and symbols to form an unpredictable string of characters that doesn't resemble words or names.

This is because the engineering building the application wants to defend user’s data or identity from hackers and malicious softwares. Apart from password setting, there are numerous places on a web page that can go wrong, which made error handling in the design process extremely important since the designers has to prevent every possible problem.

It is easy to say “oh no one would fall into this edge case” then to design against an edge case. However, we never know for sure. One principle of defensive design is Murphy's law which is an adage or epigram that is typically stated as: "Anything that can go wrong will go wrong." In some formulations, it is extended to "Anything that can go wrong will go wrong, and at the worst possible time." Therefore, multiple iterations of testing for possible error are important in a design process.

Also, when developing a program, coders should remeber to account for any possible errors. One simple coding example like this below has demonstrated defensive programming: checking inputs before each computation, usually at the start of each function (preconditions). Sometimes we should also checking result value before returning (postconditions). One should always expect the user to be able to break their code, instead of the other way around.

example
function add(a, b) {
    if (a is not a valid number) {
        throw new Error('invalid first number to add ' + a);
    }
    if (b is not a valid number) {
        throw new Error('invalid second number to add ' + b);
    }
    return a + b;
}

Defensive design for IoT devices

Most web applications have evolved over the year to implement defensive design into their designe process, but one domain that lacks defensive design is IoT devices. IoT devices also have default usernames and passwords, but most of them do not have an interface to prompt the users to set their own passwords which makes it vulnerable to malwares. On October 12, 2016, a massive distributed denial of service (DDoS) attack left much of the internet inaccessible on the U.S. east coast. The attack was the work of the Mirai botnet, and Mirai was able to compromise a huge number of IoT devices by attempting to log in using 61 username/password combos that are frequently used as the default for these devices and never changed. This incident has shown people the harmful effects of poor security design of IoT devices.

Since IoT devices market is still in expansion period, most manufacturer concentrated more on improving the connectivity and usability of their devices. However, it appears that it is important to design with security in mind because you never know what could go wrong.