Security Lessons from a Power Saw

Lance Spitzner looks at the safety features of a power saw and tries to apply them to Internet security:

By the way, here are some of the key safety features that are built into the DeWalt Mitre Saw. Notice in all three of these the human does not have to do anything special, just use the device. This is how we need to think from a security perspective.

  • Safety Cover: There is a plastic safety cover that protects the entire rotating blade. The only time the blade is actually exposed is when you lower the saw to actually cut into the wood. The moment you start to raise the blade after cutting, the plastic cover protects everything again. This means to hurt yourself you have to manually lower the blade with one hand then insert your hand into the cutting blade zone.

  • Power Switch: Actually, there is no power switch. Instead, after the saw is plugged in, to activate the saw you have to depress a lever. Let the lever go and saw stops. This means if you fall, slip, blackout, have a heart attack or any other type of accident and let go of the lever, the saw automatically stops. In other words, the saw always fails to the off (safe) position.

  • Shadow: The saw has a light that projects a shadow of the cutting blade precisely on the wood where the blade will cut. No guessing where the blade is going to cut.

Safety is like security, you cannot eliminate risk. But I feel this is a great example of how security can learn from others on how to take people into account.

Posted on October 19, 2016 at 6:45 AM • 45 Comments


mike~ackerOctober 19, 2016 7:02 AM

the problem in communications is a bit different: where we generally fail is our FAILURE to AUTHENTICATE

we answer phone calls with no clue as to who is calling -- an invitation to the scamsters and grifters;

for computer based communication the problem goes deeper: we must authenticate SOFTWARE as well as callers & contacts

we're in a tough spot: the megacorps want everything "easy-peasey": as soon as you see that Tickle-me-Elmo they want that plastic card in the slot

and there was too much influence being bought,..... down on "K-Street"

Ryan October 19, 2016 7:03 AM

It is really interesting that a power saw is used in this example as the power tool industry has fought every safety innovation for both table and hand held power saws on account that the particular innovation cost too much.

ultramageOctober 19, 2016 7:13 AM

I also remember reading about a controversy regarding a patent where the metal saw is part of an electric circuit, and this is used to detect contact with the human body.

ultramageOctober 19, 2016 7:18 AM

There is also a computerized proximity sensor with 'flesh detection'.
PS: The link doesn't work, the blog uses dates, not post ids.

WmOctober 19, 2016 7:36 AM

Notice that the security problems are fixed at the source, not by looking to (corrupt) governments to fix them.

jngleOctober 19, 2016 7:38 AM

So it's basically secure fail-safe defaults and psychological usability, among other security principles that we already have?

Somewhere Saltzer & Schroeder are probably wondering when the computer industry (including the computer security industry) will figure out what they discussed almost four decades ago.

Couldn'tPossiblyCommentOctober 19, 2016 8:18 AM

Ah, this is a good insight on designing a fail-safe system, but it doesn't mention how we got here. Wm mentions that these issues were fixed at source. Very true, but why did the source care?

As a set of cultures producing such tools, if we'd not had a focus on health & safety, if we'd not had a litigious environment across enough countries that are targeted for sales, and if we'd not had a fair number of industrial/DIY accidents, this power saw would never have been created.

We had to pay in blood first. We had to have a situation where the creator of the saw gets direct legal/monetary hits from not taking adequate care in their designs. We had to care enough about lost limbs, deaths, etc to lobby/vote-with-wallet on such features. We had to wait for the power saw to evolve to a point where these things were considered normal, rather than expensive nice-to-haves, and corresponding prosperity to afford them.

Almost all software has none of this in today's environment (the possible exception being firmware in industrial equipment, and even then, security isn't as important as safety).

Security could indeed learn from this, just as humans could learn about physics before getting into a car. Whether it happens is down to motivations. There just don't seem to be any.

ChelloveckOctober 19, 2016 8:27 AM

Also look at the saw (and security) from a user's perspective. I don't have any experience with this particular saw, but I've seen (and owned) others in which the user defeats the "safety" features because they make actual usage a nuisance, or because they actually decrease safety.

* Does the safety cover actually get out of the user's way when necessary, or is it a constant nuisance? If it fails to retract fully the user might be tempted to move it aside by hand, while the saw is running. In that case it may be worse than no safety cover at all.

* The power switch must be constantly depressed to run the saw. Is it easy and convenient to use? Or is it awkwardly placed or difficult to press? How likely is it that the user will just clamp the switch into the "on" position so they can have both hands free to manipulate the material being cut?

* The shadow feature actually sounds good. I'm not sure if it's a safety feature that inadvertently adds to usability, or a usability feature that inadvertently increases safety. But, an accidental win is still a win!

Well designed security mechanisms need to be designed with the user and job in mind. If they're a nuisance or prevent the user from doing their job, the user will find a way around them as surely as the safety cover gets ripped off the saw the first time it gets in the way.

Anonymous CowOctober 19, 2016 8:53 AM

Safety is like security

While there are similarities, safety is an easier goal to achieve because in security you're dealing with threats that are intelligent and malicious.

TedOctober 19, 2016 9:13 AM

US Department of Labor > Occupational Safety and Health Standards > Machinery and Machine Guarding > Woodworking machinery requirements > Standard Number 1910.213

Starting devices which require the simultaneous action of both hands to start the cutting motion and of at least one hand on a control during the complete stroke of the knife; or

An automatic guard which will remove the hands of the operator from the danger zone at every descent of the blade, used in conjunction with one-hand starting devices which require two distinct movements of the device to start the cutting motion, and so designed as to return positively to the nonstarting position after each complete cycle of the knife.”

Ignacio CristernaOctober 19, 2016 9:15 AM

My Old Man used to be a carpenter but I never really learned anything about the craft. However, having said that, I think is is called Miter saw, unless a real expert thinks otherwise.

Great post, nonetheless, as usual.

Thank you.

StanleyOctober 19, 2016 9:24 AM


According to the article you linked, most of the bugs were from VeraCrypt's UEFI additions to the TrueCrypt base, mistrust of one of the Russian-based crypto algorithms that VeraCrypt now no longer supports (for container creation), as well as the now-outdated XZip and XUnzip libraries which were replaced with libzip. Nothing particularly concerning, really.

zOctober 19, 2016 9:47 AM

Those safety features can still get in the way of normal usage. The blade guard, for example, can be obstructed by awkwardly shaped wood and prevent the saw from being lowered. The natural reaction of the user is to manually (and gingerly) lift the guard so that the blade can be lowered.

Essentially, what we want is a device or system that does what the average user expects it to do and nothing else. Training is still necessary because risks will still exist, but is minimized because the risks are intuitive. Plugging in a USB should be safe because USB devices are designed to be plugged in.

A perfect example of this is the Glock handgun. It has multiple safeties, all of which are deactivated upon pulling the trigger. Our expectations of a handgun are A.) it will fire when the trigger is pulled, and B.) it will NOT fire if the trigger is not pulled.

You can always drop a loaded Glock and it will not fire. Doing that with a 1911 can be quite dangerous. Yet, you can immediately pull the trigger on a loaded Glock at any time and it will fire. Doing that with a 1911 requires the safety to be manually deactivated, which might get stuck, or might be slippery, or you might forget to do in the heat of the moment. Thus, the Glock's safety features don't get in the way of normal handugn use, while simultaneously providing the safety you expect in unusual situations, such as dropping it.

The intuitiveness here also encourages users to keep their fingers off the trigger. A manual traditional safety can encourage terrible trigger discipline ("It's okay, the safety is on!"). Yes, some people still have negligent discharges with Glocks, but that is usually because they expect them to behave like other handguns and somehow save them from making it do what a handgun is supposed to do. Still, millions of people carry them every day without incident.

Now, apply this to tech. Our expectation when using TLS is that we can see our data, but an attacker can't. We expect to visit websites without letting an attacker exploit the browser and control our machine. We expect that opening a Word doc will not result in our laptops being owned by an attacker. We expect to plug in a USB without running malware. We expect to open an email attachment without having our files encrypted by a bad guy demanding Bitcoins.

We expect things to do what they are designed to do and nothing else. The Glock accomplishes this absolutely perfectly.

rOctober 19, 2016 9:50 AM

I use these tools commonly, haven't read the article yet definitely going to.

But please note that saw literally only does 1 thing, we have things that do thousands of things. And, I can't cut basement walls out with that variant either so all it's safety features can be very limiting.

AlanSOctober 19, 2016 9:51 AM


But what you and Lance are proposing here is half a solution. You are saying changing the behavior of end-users is hard so trying to teach them complex behaviors like managing passwords is near impossible so we should design tools that don't demand much from the user to be used in a manner that is safe. In essence, the design takes away much of the discretion to behave in ways that aren't safe. This is a strong argument.

However, you are still in the world of behavior change; you are just focusing on the behavior of a different group of people: designers, engineers, managers, marketing professionals, regulators, politicians, and so on. Many of these people have more pressing things to be concerned about than safety. So what are the forces that need to come together and how do you bring them together to end up with "design for security" or "design for safety"?

Design is social, political and it has a history. If you were to examine the history of the circular saw, which has been around for about 200 years, you'd discover the evolution of its design was embedded in complex fields of social relationships.  And for most of that time people probably didn't have much reason to think about safety when they were designing saws. Lance's DeWalt Compound Mitre Saw is at the end of 200 years of technical/social evolution and the safety features may be a fairly recent innovation.

Lance also conveniently overlooks the issue of whether the safety features in this model are typical of circular saws. Do users have the discretion to buy cheaper models with fewer features? Also, in practice, are the safety features really transparent to the user or seen as a problem that has to defeated? Users will be creative at defeating safety features if they are seen as 'getting in the way'. See this for example.

Ergo SumOctober 19, 2016 10:32 AM


Design is social, political and it has a history. If you were to examine the history of the circular saw, which has been around for about 200 years, you'd discover the evolution of its design was embedded in complex fields of social relationships.

I am not certain, if social, political relations ships have anything to do with with the design changes in the circular saw, but...

Technology moves much faster than than the 200 years cycle, as it should, albeit it isn't always the direction of providing more security. In some cases, under the umbrella of "user friendliness" that sells well, it's quite the opposite.

There is also fast developing security technologies, take the RFID credit cards, passports, friver license, etc., for example. It didn't take long that security researches discovered that the credit card data can be skimmed just by running a reader on the street. The passive security developed against this skimming is the aluminum lined wallets; most if not all wallets sold in the US have this protection nowadays.

The chances are that the RFID protection in wallets is a better example of passive security protection, than the Circular saw. At least as far as computer security is concerned...

Geoffrey KiddOctober 19, 2016 10:53 AM

"All of our tools are important. But we can't forget the hand that holds them." -- Christopher Anvil

JoeOctober 19, 2016 11:16 AM

It is really interesting that a power saw is used in this example as the power tool industry has fought every safety innovation for both table and hand held power saws on account that the particular innovation cost too much.

The reason the power industry hasn't added some tech (like the SawStop flesh detection) is not because the industry cares about the cost. It's because the end user cares about the cost. For example, with SawStop you're talking about $1000 additional on top of what is usually a $300 saw, and if the device activates, you have to buy a new cartridge and a new sawblade. So there is a huge cost for the end user that most construction workers just don't think is worth it, especially when they are getting maybe $12/hour.

This is a good example of computer security as well - when does the technology become too costly for the user, because it is annoying for example?

Clive RobinsonOctober 19, 2016 12:17 PM

Appart from in the French language,

    security is not the same as safety

The primary difference is the when of the failure cause and effect. Usually you know immediately when safety has failed, because bits go flying around the place. However it's unusual to know when security has failed, because you only know when somebody decides to make it public in some way some time after the failure.

Osama S.October 19, 2016 12:31 PM

We know very well what we should be doing (nothing new in any of the safety principles mentioned to be learnt), but we just don't do it.

RSaundersOctober 19, 2016 12:58 PM


I have owned one of these DeWalt saws for 10 years. Mine doesn't have as nice a shadow as the new ones, but the other security devices are a decade old. They are flawless, never impact your work, and are completely invisible. You can even expose the blade without impacting how the security guard works on the next cut.

I've worked computer security for many more years than I've owned the saw, and we're going backwards. Multics had buffer overrun protection, in hardware. Interprocess protection was better in timesharing systems, it was taken out as "something not needed" in the personal computer.

Making better users isn't going to happen, poor production quality control in their central processor units makes them intrinsically unreliable. We're the engineers, and we need to be making systems that can't be used wrong. Don Norman wrote "The Psychology of Everyday Things" in 1988, 30 years ago, pointing out the importance of invisible features that users never need to understand.

Making better systems, particularly small IoT systems, is hard for the price Marketing wants to charge for the product. So rather than make seamless security that users never even know about, we choose to reuse some open source library. Rather than handle all the use cases in the GUI, we "simplify" things and require the user to deactivate security for some edge cases. Not only does this make security visible, a nuisance, and an obstacle to getting things done, but it tells users that sometimes it's OK to turn security off. That's just the opening every evildoer needs for their attack on our weakest link, the User.

My InfoOctober 19, 2016 1:27 PM


"the power tool industry has fought every safety innovation for both table and hand held power saws"

Safety is great and that looks like a fine saw that was linked. Table saws also have plastic guards. The only way a plastic guard on a table saw can be held in place is by a thin metal bar that is supposed to fit up through the cut you are just making in the piece of wood you are pushing through the saw. The trouble is that if you are making a cut that does not go entirely through the wood, that thin metal bar for the safety guard will get in the way of the portion of wood you have not cut entirely through, and that entire safety apparatus has to be removed in order to make such a cut. No one ever puts it back on because it involves reaching under the saw, lining up bolt holes, starting nuts on threads that are likely to be damaged or clogged with sawdust, and finding the right size wrench and socket if you haven't lost or misplaced the nuts, bolts, and washers by that time. Then the whole process just has to be repeated next time you need to make an incomplete-depth cut if you are that anal about safety.

Blade-into-flesh is not by any means the only safety issue on a table saw, either. If the wood is misaligned, or if it isn't held firmly against the fence and table as you are pushing it through, (always backwards against the spinning blade,) the saw will kick and send a piece of it flying toward you with great speed and force.

AlanSOctober 19, 2016 2:23 PM

@Ergo Sum

Of course they have to do with the design changes of the circular because technology is inherently a social phenomenon. It shapes social relationships and is shaped by social relationships. There are lots of essays and books on this topic. For a quick read see this discussion of a well-known essay: How the refrigerator got its hum. (The original essay can be found in the first edition of this classic text.)

My larger point is that baking security into technology to shape the behavior of end-users you are trying to fix a social problem using technical means but the engineering, design, economics, marketing, regulation etc. of the technical means is also a set of social problems.

Jesse ThompsonOctober 19, 2016 4:05 PM


Making better systems, particularly small IoT systems, is hard for the price Marketing wants to charge for the product. So rather than make seamless security that users never even know about, we choose to reuse some open source library. Rather than handle all the use cases in the GUI, we "simplify" things and require the user to deactivate security for some edge cases.

First of all, your sales price point is not decided by "what Marketing wants". It is decided by what The Market is willing to pay for your product. I think this distinction is an important one because Marketers are not just greedy rugs you can sweep all of your problems under.

However, most negative security side effects are either high-risk low frequency, or externalities born by third party actors (neither vendor nor customer). These are examples of costs that The Market cannot easily account for via it's own price discovery mechanism.

What this all means is that you are free, Saunders, to build whatever IoT product that you want to "the right way" and then try to sell that to users for 50% more. You are free to show them how much more well designed and thought out it is, and how much more secure it is against threats that the public already doesn't understand..

.. but by and large they aren't going to purchase it from you. They will get your competitor's copy much cheaper and then #YOLO the consequences. Once enough people have made that decision on price alone, then even more conscientious shoppers will follow the herd due to Metcalfe's law: everyone's already using that one, my purchase will be inter-operable with my peer's purchase, googling corner cases will come up with more results and practical-looking work arounds for the unit the largest population of people re already using, a more robust DIY and modding community has sprung up around the lowest common denominator, etc.

My InfoOctober 19, 2016 5:54 PM

@AlanS (@Ergo Sum) / refrigerators

From the article:

"Most fridges today do this control with a special electric-power pump called a compressor, but there’s also the technique of absorption, which is kicked off by a gas-fulled flame. The fridge’s hum wasn’t inevitable."

That involves gas in the home, which is not a good idea if you're not on good terms with the Mob, (which, many of those well-off enough to afford a refrigerator in those days were not.) Even so, they used to plumb gas with heavy iron pipe, and appliances that used it were sturdy and reliable. Nowadays, of course, they don't make 'em like they used to, and all kinds of flimsy, non-fire-retardent pipes are "approved" for residential gas plumbing.

I'm not sold on a "utility" that either by accident or otherwise incurs even the remote possibility of my four walls suddenly flying outward and my roof skyward with a loud noise. Couple that with the "Internet of All Things IPv6-Addressable."

DaveOctober 19, 2016 7:26 PM

I note that he says the risk with the saw is that it can "chop your hand/arm clean off". I've always wondered about the use of the phrase "clean off" (which seems to be US-specific), whenever someone says "this will X your Y clean off" what they universally mean is "this will X your Y in an incredibly messy manner". Example: "This sawn-off shotgun will blow your head clean off", there's nothing remotely clean about it.

rOctober 19, 2016 9:32 PM


Interesting catch, I'm certain the phrase clean-off originated in the shops during the industrial revolution. Maybe earlier from swords/iron? very few things should truly be capable of that, a saw certainly isn't one of them.

BillOctober 20, 2016 12:20 AM

@Dave I suspect the word "clean" there isn't referring to any lack of carnage or mess, but to the fact that no part of it will still be attached afterward... i.e. the hand/arm/head/etc will be "completely" off or separated. Of course we can argue whether a given word should or shouldn't be used in a certain way all day, but this I think is what is actually meant.

chris lOctober 20, 2016 12:38 AM

@My Info

I have a $100 table saw where the blade guard can be removed and installed in a few seconds. It has a single screw and a pin for alignment and a wingnut to tighten it. I mostly use it for ripping flooring, so I leave the guard on, but, but I store it with a tabletop over it, so I just remove the guard and stow it when I won't be using the saw very much.

I also have an older model of DeWalt miter saw (not the compound version). It doesn't have any light or shadow to indicate the cut location, but if you use a saw with any frequency you can line up accurately anyway. The blade guard and power switch are very well behaved. It also has a blade brake that engages when you let go of the switch, though mine doesn't seem to be engaging lately and I might need to replace the brushes.

DroneOctober 20, 2016 3:44 AM


In 2002, DeWalt ceased all tool manufacturing in the USA and moved manufacturing to China, Mexico, Thailand, Japan and Korea.


On Veterans Day of 2013, DeWalt issued a press release stating it would be bringing some assembly of a small selection of their products to US using globally manufactured parts from Brazil, China, the Czech Republic, Italy, Mexico, the UK, and the US. The products assembled in the US would be branded under the label, "Built in the USA with global materials."

Double Scumbags!

TL;DR: dDon't buy DeWalt.

wiredogOctober 20, 2016 5:28 AM

Wish I'd seen this yesterday, because I have a story....

So, many years ago when I was working in industrial automation we had a shop where large dip tanks for chemicals were built. Cut 4X8 foot sheets, route them out on the edge, stick the bits together, and weld. Nice watertight tank that resists most chemicals. The routing was done with high speed bits that stuck up through the table.

So we had an older guy in the shop and all those "safety" devices ,mostly covers to keep fingers away from high speed bits, got in the way and slowed him down. He also refused to use a push stick, because that cost him a bit of fine positioning control, and slowed him down. (The younger guys didn't have a problem with them.) He'd been warned a couple of times about disabling the safeties, mostly because the others got surprised if they weren't there. Well, one day he was routing out some plastic boards, with the safeties disabled, without a push stick, and the board got hung up a bit. So he pushed it a bit harder and it got, suddenly, unstuck. Ran his hand right through the router. Massive damage to the hand. As soon as he got out of the hospital he was fired.

Let me tell you, when someone does that, OSHA is all over it. They were measuring tread heights on stairs with rulers. They didn't find anything wrong, and in fact said that the clean room (where we worked with HF) was a model of the Right Way to do things.

My InfoOctober 20, 2016 9:30 AM

@chris I

"the blade guard ... has a single screw and a pin for alignment and a wingnut to tighten it."

So ... said blade guard is just for looks and compliance, because if it's that flimsy it will easily be knocked aside by the body parts it is supposed to protect.

Moral of the story:

"$100 table saw" -- thanks but no thanks. I'm sure there are applications for that lesson that are more relevant to this thread.

AlanSOctober 20, 2016 11:19 AM

@ My Info

Except gas was already in many homes.

You can find a PDF copy of the full essay here. Also see Shelley Nickles "Preserving Women": Refrigerator Design as Social Process in the 1930s. Technology and Culture 43(4) (2002) 693-727.

vas pupOctober 20, 2016 11:28 AM

We do have kind of independent certification by UL of electrical part safety.
Do we have same for other safety features similar independent certification OR we are waiting until lawyers bring law action through the court system against manufacturer for damages caused by poor safety design? When we become FINALLY proactive on security, safety, privacy or we will remain indefinitely in reactive (fire department modus operandi) forever? Any logical input highly appreciated as always.
Yeah, we may not like FDA process of approval of health related devices/drugs/etc, but at least this is something good to copy in other industries as well.

Something fresh out of the topic, but important to know:

How long is DNA traceable?
The oldest probe examined in our lab was a bone from the 10th century, and the DNA looked like a fresh trace. You should never expect not to find DNA because a probe is old.

NobodyOctober 20, 2016 11:29 AM

What "mike~acker" said.

I always know I'm using my own power saw, and it never tricks me into cutting wood that I had not meant to cut.

I'm not sure the analogy is all that useful. :)

My InfoOctober 20, 2016 11:50 AM

@vas pup

"How long is DNA traceable?"

You mean Dave's DNA? "X your Y" etc.?


"Preserving Women"

Icing the ladies? What next?

I hesitate to put my finger on these allusions and "call them out" so to speak but enough is enough. A crowd is a crowd, and when it becomes unruly, it's a Mob.

rOctober 20, 2016 9:13 PM

The blade guard, protects the users eyes too.


Stops stuff from getting kicked out at you like in a standard circular saw, it's a big help for fast cuts in the field. (miter saws are what you want for trim work, FAST)

rOctober 20, 2016 9:22 PM


RE: Cost, unlike with hardware - super scales where software is concerned.

The more bells and whistles the more people will buy it the more it lowers the end cost over time. Saws are hardware, but I think it scales a little less with tooling than it does with processors or some sort of hardware like that.

We've seen quotes around here that security (in software) costs 60% ?

Was that the lowest recent guestimate ???

So a $1000 software will be 1600 with enhancements, but it ultra scales out - there's little real cost other than development.

A saw that's $300, and becomes $1300 is a significant change in price scale for one extra feature.

How many people buy miter boxes vs windows boxes? :)

Windows likely has thousands of man hours more in development costs than a DeWalt, Craftsman or Ryobi, likely thousands more users too. Software isn't really comprised of hard resources either so maybe it's undervalued? (Unless you count coal, and maybe packaging) The dewalt you can hold in your hand, it consumes quantifiably hard resources for each copy.

Ed PeayOctober 21, 2016 9:32 AM

There is actually nothing new about the "Power Switch" safety feature. It is the same as the "Dead Man's Switch" that has been used on trains for a hundred years.

FrancesOctober 22, 2016 10:32 PM

@My Info • October 19, 2016 5:54 PM

Absorption type refrigerators are used in rv's and will work with electricity as well as gas.

RogerNovember 18, 2016 6:51 AM

Some of the commenters above seem to think that the safety features of this saw are novel, or were introduced due to litigation.

Wrong. Optical guides are relatively novel, but the other features have been present since soon after the saws were invented. The prototype hand-held circular saw came out in 1924; the first production model in 1926 had a fixed guard; by 1928 it was a self-retracting guard (made from aircraft aluminium alloy, not plastic.) Early models had a toggle switch because that was what was available off-the-shelf, but by 1930 they were fitted with "dead man's" type trigger switches. No lawsuits: just good, sensible engineering.

Optical guides are a bit more johnny-come-lately, having been invented in the early 90s; however they are now becoming much more common on cheaper saws because the original patents expired a couple of years ago.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.