This is the unspecified version of the paper. This version of the publication may differ from the final published version. Permanent repository link: http://openaccess.city.ac.uk/1616/ Link to published version: http://dx. Abstract The limits to the reliability that can be claimed for a design-diverse faulttolerant system are mainly determined by the dependence that must be expected in the failure behaviours of the different versions: claims for independence between version failure processes

more »

... not believable. In this note we examine a different approach, in which a simple secondary system is used as a back-up to a more complex primary. The secondary system is sufficiently simple that claims for its perfection (with respect to design faults) are possible, but there is not complete certainty about such perfection. It is shown that assessment of the reliability of the overall faulttolerant system in this case may take advantage of claims for independence that are more plausible than those involved in design diversity.