Executive Overview
Processes used for improving the quality of a system emphasize reducing the number of possible defects, but quality measures and the techniques applied to improved quality can vary in effectiveness and importance depending on the consequences of a defect and whether the measures and techniques are applied to hardware or software. Considerable experience exists on measuring hardware quality. For example, the mean time between failures is often used to measure the quality of a hardware component. Consistently long periods between failures is evidence of general hardware reliability.
For measuring safety, the mean time between failures is not sufficient. We need to identify and mitigate defects that could create hazardous conditions, which could affect human life. For security, the consideration of impact also applies. Voting machine quality includes accurate tallies, but also includes mitigating design defects that could enable tampering with the device.
There is an underlying assumption that a hardware device is perfectible over time. A reduction in known defects improves the quality of a hardware device. A comparison of the failure distributions for hardware and software shows that the same reasoning does not apply to the reliability or security of a software component.
The bathtub curve shown in Figure 1 illustrates the failure distribution for hardware failures. This curve consists of three parts: a decreasing failure rate (of early failures), a constant failure rate (of random failures), and an increasing failure rate (of wearout failures) over time. Defect modeling of hardware failures can identify defects that could be reduced by manufacturing and design changes.
