Due to copyright restrictions, the access to the full text of this article is only available via subscription.Firms, and other agencies, tend to adopt widely used software to gain economic benefits of scale, which can lead to a software monoculture. This can, in turn, involve the risk of correlated computer systems failure as all systems on the network are exposed to the same software-based vulnerabilities. Software diversity has been introduced as a strategy for disrupting such a monoculture and ultimately decreasing the risk of correlated failure. Nevertheless, common vulnerabilities can be shared by different software products. We thus expand software diversity research here and consider shared vulnerabilities between different software ...