This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Defensive design" – news ·newspapers ·books ·scholar ·JSTOR(November 2025) (Learn how and when to remove this message)

Defensive design is the practice of planning forcontingencies in thedesign stage of a project or undertaking. Essentially, it is the practice of anticipating all possible ways that an end-user could misuse a device, and designing the device so as to make such misuse impossible, or to minimize the negative consequences.^[1] For example, if it is important that a plug is inserted into a socket in a particular orientation, the socket and plug should be designed so that it is physically impossible to insert the plug incorrectly.

Defensive design insoftware engineering is calleddefensive programming.Murphy's law is a well-known statement of the need for defensive design, and also of its ultimate limitations.

Implementation decisions andsoftware design approaches can make software safer and catch user errors.Code that implements this is termed asanity check.

• Data entry screens can "sanitize" input by requiring that, for example, numeric fields contain only digits, and if acceptable, a single positive or negative sign and/or decimal point.

• Inputs can be checked for legitimate values. For example, for counts of workplace injuries (or number of people injured), the number can be 0 but cannot be negative and must be a whole number; for the number of hours worked in one week, the amount for any specified employee can be 0 or fractional, but cannot be negative, greater than 168, or more than 24 times the number of days the employee was in attendance.

• A word processor requested to load a saved document should scan the document to ensure it is in good form and notcorrupted. If it is corrupted, the program should say so, then either accept the partial document that was valid, or refuse the entire document. In either case the program should remain running and not quit.

Manyelectrical connectors apply this principle by being asymmetric.Alternatively,USB-C plugs are mechanically but not electrically symmetric, but achieve an illusion of symmetry resulting from how devices respond to the cable, and hence can be plugged in either of two ways. Accompanying circuitry makes the plugs and cables behave as though they are symmetric.^{[citation needed]}

• Defensible space theory
• Fail-safe
• Idiot-proof
• Inherent safety
• Poka-yoke
• Usability testing

• Design

• Articles with short description
• Short description is different from Wikidata
• Articles needing additional references from November 2025
• All articles needing additional references
• All articles with unsourced statements
• Articles with unsourced statements from December 2025