Start free trial
EnglishEnglish
EspañolSpanish
简体中文Chinese
繁體中文Chinese (Traditional)
FrançaisFrench
DeutschGerman
日本語Japanese
PortuguêsPortuguese
ItalianoItalian
한국어Korean
РусскийRussian
NederlandsDutch
العربيةArabic
PolskiPolish
हिन्दीHindi
Tiếng ViệtVietnamese
SvenskaSwedish
ΕλληνικάGreek
TürkçeTurkish
ไทยThai
ČeštinaCzech
RomânăRomanian
MagyarHungarian
УкраїнськаUkrainian
IndonesiaIndonesian
DanskDanish
SuomiFinnish
БългарскиBulgarian
עבריתHebrew
NorskNorwegian
HrvatskiCroatian
CatalàCatalan
SlovenčinaSlovak
LietuviųLithuanian
SlovenščinaSlovenian
СрпскиSerbian
EestiEstonian
LatviešuLatvian
فارسیPersian
മലയാളംMalayalam
தமிழ்Tamil
اردوUrdu
Searching...
SoBrief
To Forgive Design

To Forgive Design

Understanding Failure
by Henry Petroski 2012 432 pages
3.53
217 ratings
Amazon Kindle Audible
Try Full Access for 3 Days
Unlock listening & more!
Continue

Key Takeaways

1. Failure is the ultimate catalyst for engineering progress

Understanding comes from failure; success comes from understanding failure and acting upon this knowledge.

Learning from mistakes. While success validates existing assumptions, it is failure that exposes the limits of our knowledge. When a structure collapses or a machine breaks, it acts as an accidental experiment, providing invaluable data that cannot be replicated in a safe laboratory. This feedback loop forces engineers to re-evaluate their theories and refine their designs.

The limits of success. Prolonged success can blind designers to latent vulnerabilities. Without the corrective pressure of failure, systems are pushed to extreme limits of economy and slenderness until they inevitably break. For example:

  • The collapse of the de Havilland Comet jetliners revealed the dangers of metal fatigue around square windows.
  • The Tacoma Narrows Bridge failure forced engineers to integrate aerodynamics into suspension bridge design.
  • The catastrophic loss of the space shuttles exposed deep organizational and technical blind spots.

A proactive mindset. To build resilient systems, engineers must actively study past disasters. Treating failure as a teacher rather than a source of shame allows the profession to advance safely. Ultimately, the path to structural wisdom is paved with the lessons of collapsed bridges and broken machines.


2. Success breeds complacency and a cyclical pattern of disaster

every success sows the seeds of failure. Success makes you overconfident.

The complacency trap. When a design performs successfully over a long period, engineers and managers grow overconfident. They begin to take safety margins for granted, assuming that past performance guarantees future safety. This mindset leads to a gradual erosion of safety factors in the pursuit of efficiency and cost-cutting.

The generational cycle. History shows that major engineering disasters tend to occur in roughly thirty-year cycles. This timeframe corresponds to a professional generation, during which the painful lessons of past failures are forgotten as veteran engineers retire. The new generation, having only experienced success, pushes designs past safe boundaries:

  • The 1847 Dee Bridge collapse occurred after decades of successful cast-iron bridge construction.
  • The 1879 Tay Bridge disaster happened because designers underestimated wind loads on a massive scale.
  • The 1940 Tacoma Narrows collapse repeated nineteenth-century mistakes regarding lightweight, flexible decks.

Breaking the cycle. To prevent these recurring disasters, the engineering profession must maintain an active institutional memory. Younger engineers must be educated not just in modern design codes, but in the historical failures that shaped those codes. Only by remaining vigilant and fearful of failure can we hope to disrupt this destructive generational pattern.


3. Minor design modifications can trigger catastrophic systemic failures

Making any change in a design can alter the entire context in which the detail is embedded and thereby introduce a failure mode that would have been impossible in the original design.

Unintended systemic consequences. A seemingly minor, well-intentioned modification to a proven design can completely alter how forces are distributed. When a single detail is changed, it can introduce entirely new failure modes that were never anticipated in the original analysis. Engineers often fail to realize that a structure is an integrated system, not just a collection of isolated parts.

The danger of shortcuts. Minor changes are often introduced during construction to save time or money, bypassing rigorous engineering review. These field modifications can have fatal results when they compromise critical load paths. Notable examples include:

  • The Kansas City Hyatt Regency walkway collapse, where a continuous hanger rod was split into two offset rods, doubling the load on a fragile connection.
  • The addition of heavy ballast to the Dee Bridge to prevent fires, which overloaded the already stressed cast-iron girders.
  • The substitution of bolts for welds in the Citicorp Center, which nearly caused the skyscraper to blow over in a hurricane.

Rigorous change management. Every proposed modification, no matter how trivial it appears, must be subjected to a complete failure-modes analysis. Designers must ask how the change affects the entire structural context. Treating modifications with the same skepticism as a completely new design is essential to maintaining safety.


4. The divide between engineers and managers compromises safety

the NASA or ga ni za tional culture had as much to do with this accident as the foam.

Conflicting organizational priorities. Engineering disasters are rarely just technical failures; they are often rooted in organizational dysfunction. A dangerous divide frequently exists between risk-averse engineers and schedule-driven, cost-conscious managers. When communication breaks down, critical technical warnings are silenced or ignored in favor of meeting deadlines.

The normalization of deviance. Over time, organizations can become accustomed to operating with known flaws, treating them as acceptable risks rather than urgent warnings. This normalization of deviance creates a culture of complacency that invites catastrophe. This pattern was clearly evident in several high-profile disasters:

  • The Challenger launch proceeded in freezing temperatures despite explicit warnings from booster-rocket engineers.
  • The Columbia reentry was cleared despite engineers' concerns about a foam strike on the wing's thermal shield.
  • The Deepwater Horizon blowout occurred after a series of management decisions prioritized speed over well-integrity tests.

Bridging the gap. To ensure safety, organizations must foster an open culture where engineers are empowered to halt operations when danger is detected. Managers must respect technical expertise and resist the temptation to prioritize short-term financial goals over long-term safety. A healthy partnership between the "beach" and the "rig" is vital for preventing systemic failures.


5. Substandard materials and fraudulent testing undermine flawless designs

An engineer who has not been educated as a spy or detective is no match for a rascal.

The supply chain threat. Even the most brilliant engineering design on paper is entirely dependent on the quality of the materials used to build it. When suppliers substitute inferior materials or falsify test results, they build invisible vulnerabilities directly into the structure. Engineers, who operate on a professional honor system, are often ill-equipped to detect deliberate deception.

Deception in construction. History is full of instances where unscrupulous contractors compromised public safety for financial gain. These fraudulent practices often go undetected until a catastrophic failure occurs. Examples of material fraud include:

  • The supply of rejected, low-strength steel wire for the main cables of the Brooklyn Bridge.
  • The falsification of concrete strength tests by Testwell Laboratories for major New York construction projects.
  • The widespread use of substandard, sulfur-emitting Chinese drywall during the American housing boom.

Vigilance and redundancy. To protect against fraud, engineers must employ strict quality control and independent, third-party testing. Furthermore, the use of robust factors of safety provides a vital buffer against material deficiencies. Ultimately, designers must design systems that can tolerate minor imperfections and human greed without collapsing.


6. Designing for intentional, controlled failure protects the larger system

Sometimes, a component must fail for the larger system to succeed, or at least survive an insult to its integrity.

Sacrificial design elements. Not all failures are negative; in fact, engineers frequently design specific components to fail on cue to protect the larger system. By creating a predictable, controlled breaking point, designers can prevent a catastrophic, unmanaged collapse. This concept of "managed failure" is essential for safety in a wide variety of technologies.

Examples of benign failure. Sacrificial elements act as physical or mechanical fuses, absorbing destructive energy before it can reach critical, irreplaceable structures. We encounter these designed-in failures every day:

  • Electrical fuses and shear pins that break to prevent motor overloads and fires.
  • Automobile crumple zones and shatterproof windshields that deform to protect passengers during a crash.
  • Structural steel fuses in the San Francisco-Oakland Bay Bridge designed to deform during earthquakes, sparing the main towers.

The danger of malfunction. When an intentional failure mechanism is blocked or modified, the consequences can be deadly. If a sacrificial element is made too strong, the destructive forces will bypass it and cause a catastrophic collapse of the entire system. Designing predictable failure planes is just as important as designing for ultimate strength.


7. Mathematical models and computer simulations cannot replace physical reality

theoretical mechanics seeks exact answers to approximate prob lems, while applied mechanics seeks approximate answers to exact prob lems.

The limits of abstraction. Modern engineering relies heavily on sophisticated computer-aided design and mathematical modeling. However, these digital tools are only approximations of the messy, complex physical world. When engineers mistake the clean, idealized world of a computer screen for physical reality, they invite disaster.

The danger of blind faith. Computer models can easily mask subtle, second-order physical phenomena that are not programmed into the software. If a designer does not understand the underlying assumptions of the model, they cannot recognize its limitations. This blind faith has led to several notable failures:

  • The Tacoma Narrows Bridge design, which relied on static wind calculations while ignoring dynamic aerodynamic flutter.
  • The collapse of the unreinforced concrete piers of the Crown Point Bridge due to unanticipated ice-bending forces.
  • The software algorithm error in the iPhone 4 that displayed incorrect signal strength bars, masking a hardware antenna flaw.

The necessity of physical testing. To validate complex designs, engineers must supplement digital models with physical testing and real-world observation. Large-scale testing machines, like the three-million-pound apparatus in Talbot Laboratory, remain the final arbiters of structural truth. We must never let the elegance of our equations blind us to the realities of concrete, steel, and wind.


8. The professional and ethical obligation of the engineer must be guarded

For my assured failures and derelictions, I ask pardon beforehand of my betters and my equals in my Calling here assembled

A solemn professional pledge. Because the public places its safety in the hands of engineers, the profession carries a profound ethical responsibility. This obligation is formalized in rituals like the Canadian "Ritual of the Calling of an Engineer" and the American "Order of the Engineer." These ceremonies instill a deep sense of humility and professional pride in young graduates.

The symbol of the ring. The iron or stainless-steel ring, worn on the pinkie finger of the working hand, serves as a constant, tactile reminder of the engineer's duty. It is a symbol of humility, designed to drag against drawings and keyboards to remind the wearer of their fallibility. The tradition is deeply linked to historical lessons:

  • The Canadian Iron Ring was historically believed to be made from the steel of the collapsed Quebec Bridge.
  • The ring represents a commitment to reject bad workmanship, faulty materials, and dishonest enterprises.
  • The American Order of the Engineer was established in 1970 to foster professional pride during a time of social unrest.

Holding safety paramount. An engineer's primary duty is to hold paramount the safety, health, and welfare of the public. When faced with pressure to cut corners or rush schedules, the memory of this professional pledge must guide their decisions. The ring is not a piece of jewelry, but a badge of ethical vigilance.


9. Forensic investigations reveal that failures are rarely simple or single-causal

usually, several things have to go wrong at the same time to cause a collapse.

The complexity of disaster. When a major structure collapses, the public and the media demand a simple, single-causal explanation. However, forensic investigations almost always reveal a complex cascade of minor errors, oversights, and environmental factors that converged at a single moment. If any one of these factors had been absent, the catastrophe might have been averted.

Unraveling the wreckage. Forensic engineers must act as detectives, sorting through twisted steel, crushed concrete, and contradictory eyewitness testimony to reconstruct the sequence of events. This process requires a deep understanding of both physical mechanics and human behavior. Notable multi-causal investigations include:

  • The Silver Bridge collapse, which was caused by a tiny, uninspectable crack in an eyebar, accelerated by stress corrosion and heavy truck traffic.
  • The I-35W bridge collapse in Minneapolis, which resulted from underdesigned gusset plates, heavy construction equipment, and high temperatures.
  • The sinking of the Titanic, which involved brittle iron rivets, cold water temperatures, and an inadequate bulkhead design.

The goal of investigation. The ultimate purpose of a forensic investigation is not just to assign legal blame, but to extract lessons that can improve future designs. By understanding the complex interactions that lead to failure, engineers can build more robust, redundant systems. Every disaster is an expensive, tragic experiment that we cannot afford to ignore.


10. Ignoring historical precedents guarantees the repetition of past mistakes

A successful design does not teach us anything beyond the fact that it works.

The value of history. In a fast-paced, forward-looking profession like engineering, history is often dismissed as obsolete. However, the fundamental principles of design and human error are timeless. When engineers ignore the history of their discipline, they are doomed to repeat the exact mistakes of their predecessors under new names.

The danger of historical amnesia. A long period of success can create a false sense of security, leading designers to forget the limits of validity of their methods. When we discard historical knowledge, we lose the context that keeps our designs safe. This historical amnesia has had devastating consequences:

  • The Tacoma Narrows Bridge designers ignored nineteenth-century lessons about the vulnerability of lightweight suspension decks to wind.
  • The Deepwater Horizon blowout repeated mistakes made thirty years earlier during the Ixtoc I exploratory well disaster.
  • Modern footbridges, like the London Millennium Bridge, suffered from sideways swaying because designers forgot how crowds interact with flexible structures.

A call for historical literacy. To build a safer future, we must maintain a deep literacy in the history of our technology. Case studies of past failures should be an integral part of engineering education and professional practice. Only by standing on the shoulders of both the successes and the failures of the giants who preceded us can we hope to design with true wisdom.


I confirm that I have written detailed takeaways for ALL 10 key takeaways in the format requested.

Last updated:

Report Issue

Review Summary

3.53 out of 5
Average of 217 ratings from Goodreads and Amazon.
Your rating:
Be the first to rate!
Want to read the full book?

About the Author

Henry Petroski was a distinguished American engineer whose expertise centered on failure analysis, a field dedicated to understanding why structures and designs go wrong. He held dual professorships at Duke University, teaching both civil engineering and history, a combination that reflected his unique ability to bridge technical knowledge with humanistic inquiry. Petroski was also celebrated as a prolific author, producing numerous books that made complex engineering concepts accessible to general audiences. His work explored the relationship between success and failure in design, arguing that failures often teach more valuable lessons than successes. He left a lasting legacy in both engineering education and popular science writing.

Want to read the full book?
Follow
Listen
Now playing
To Forgive Design
0:00
-0:00
Now playing
To Forgive Design
0:00
-0:00
1x
Queue
Home
Swipe
Library
Get App
Try Full Access for 3 Days
Listen, bookmark, and more
Compare Features Free Pro
📖 Read Summaries
Read unlimited summaries. Free users get 3 per month
🎧 Listen to Summaries
Listen to unlimited summaries in 40 languages
❤️ Unlimited Bookmarks
Free users are limited to 4
📜 Unlimited History
Free users are limited to 4
📥 Unlimited Downloads
Free users are limited to 1
Risk-Free Timeline
Today: Get Instant Access
Listen to full summaries of 26,000+ books. That's 12,000+ hours of audio!
Day 2: Trial Reminder
We'll send you a notification that your trial is ending soon.
Day 3: Your subscription begins
You'll be charged on Jul 4,
cancel anytime before.
Consume 2.8× More Books
2.8× more books Listening Reading
Our users love us
600,000+ readers
Trustpilot Rating
TrustPilot
4.6 Excellent
This site is a total game-changer. I've been flying through book summaries like never before. Highly, highly recommend.
— Dave G
Worth my money and time, and really well made. I've never seen this quality of summaries on other websites. Very helpful!
— Em
Highly recommended!! Fantastic service. Perfect for those that want a little more than a teaser but not all the intricate details of a full audio book.
— Greg M
Save 62%
Yearly
$119.88 $44.99/year/yr
$3.75/mo
Monthly
$9.99/mo
Start a 3-Day Free Trial
3 days free, then $44.99/year. Cancel anytime.
Unlock a world of fiction & nonfiction books
26,000+ books for the price of 2 books
Read any book in 10 minutes
Discover new books like Tinder
Request any book if it's not summarized
Read more books than anyone you know
#1 app for book lovers
Lifelike & immersive summaries
30-day money-back guarantee
Download summaries in EPUBs or PDFs
Cancel anytime in a few clicks
Scanner
Find a barcode to scan

We have a special gift for you
Open
38% OFF
DISCOUNT FOR YOU
$79.99
$49.99/year
only $4.16 per month
Continue
2 taps to start, super easy to cancel
Settings
General
Widget
Loading...
We have a special gift for you
Open
38% OFF
DISCOUNT FOR YOU
$79.99
$49.99/year
only $4.16 per month
Continue
2 taps to start, super easy to cancel