The Reliability of Diverse Systems: A Contribution Using Modelling of the Fault Creation Process

Design diversity is a protection against design faults causing common-mode failure in redundant systems. Although we know that it is effective, we badly lack knowledge about how much reliability it will buy in practice, and thus its cost-effectiveness, in which cases it is an appropriate solution and how it should be taken into account by safety assessor and regulators. Both current practice and the scientific debate about design diversity depend largely on intuition about how the little hard empirical knowledge available should be extrapolated. We show a way of making this activity more scientific by substituting a detailed probabilistic model for broad-brush intuition. Simple assumptions on the process of fault creation in two separately-developed versions yield interesting conclusions about two questions that are commonly debated: what degree of reliability improvement in a redundant system an assessor can reliably expect from diversity; and whether this reliability improvement increases or decreases with higher-quality development processes. For instance, we show how software reliability assessments based on current practice for single-version software should be consistently extended to assessing a 1-out-of-2, twoversion system.