Failure Probability

How redundancy fails when it is most needed — and why the systems that survive catastrophe are built on a quantifiable principle, not on a hope.

Documents ETOPS-240 aviation data showing twin-engine in-flight shutdown rates below 0.002 per 1,000 engine flight hours, establishing what separates high-SRR from low-SRR redundancy architecturally.

Dissects Boeing MCAS as a SRR < 1 case: a redundancy measure whose second sensor was eliminated to reduce complexity, guaranteeing that a single sensor failure would be catastrophic.

Analyses the Fukushima Daiichi disaster as a SRR ≈ 0 case: multiple redundant backup systems that all failed simultaneously because none were truly independent of the same failure mode.

Introduces the Safety Return on Redundancy metric using James Reason's Swiss Cheese model, revealing when redundancy genuinely protects and when it simply redistributes false assurance.