The latest Harvard Business Review (paywall, but with limited free content) has two articles about design thinking that are relevant for teams working on security and privacy: Design for Action by Tim Brown and Roger Martin and Design Thinking Comes of Age by Jon Kolko. These articles describe how design thinking has moved beyond creating tangible products and on to supporting collaborative design of complex systems. They give an overview of design thinking’s evolution, from its roots in Herbert Simon’s The Sciences of the Artificial, through Richard Buchanan’s Wicked Problems in Design Thinking, and into addressing challenges for domains far outside areas historically considered “design.”

Each article presents an easy-to-understand list: one that presents problems, another that offers solutions.

Getting Past Common Criticisms

Brown and Martin highlight how design thinking can facilitate organizational change – including stakeholder buy-in – that helps teams get past common criticisms of work in progress.

  • This doesn’t address the problems I think are critical.
  • These aren’t the possibilities I would have considered.
  • These aren’t the things I would have studied.
  • This isn’t an answer that’s compelling to me. – Common negative reactions from Design for Action, by Tim Brown and Roger Martin

These criticisms occur in many contexts, including secure communications, and although the example in the article is of a CEO critiquing a consultant, the criticisms will probably be familiar to open-source developers too.

Principles for a Design-Centric Culture

Kolko’s article describes principles of a design-centric culture that help teams get past traditional criticism and get unstuck.

  • Focus on users’ emotional experiences
  • Create models to examine complex problems
  • Use prototypes to explore potential solutions
  • Tolerate failure
  • Exhibit thoughtful restraint. – From Design Thinking Comes of Age by Jon Kolko

Thoughtful restraint is particularly tough for open-source efforts because the collaborative nature of decision-making can lead to compromises resulting in an ever-longer feature list rather than necessary editing. For an example of thoughtful restraint in action, check out Open Whisper Systems’ Development Ideology: “The answer is not more options. If you feel compelled to add a preference that’s exposed to the user, it’s very possible you’ve made a wrong turn somewhere.”