The official predicated catastrophic failure rate for the Shuttle has been about 3% per launch from the time that the design was finalized. Various upgrades to improve safety haven't changed this number, since the "unknown unknowns" the dominant failure mode.<p>This failure rate, of course, was close to what we observed in experience.<p>What's funny about this is they were planning about 50 launches a year at the beginning, which, if they believed their own numbers, would have mean the loss of a vehicle and crew every year, and the complete destruction (or replacement?) of the Shuttle fleet on the time scale of five years or so.<p>The first failure (much like Three Mile Island) could be dismissed as a fluke, a problem which could be fixed. The second failure (like Fukushima) represented a typical failur e mode -- there was a lot of hand-wringing over the ceramic tiles on the first few shuttle flights, and after a few flights without a disaster, NASA assumed there was nothing to worry about, and that was wrong. The shuttle program was ended because there's no way to make the ceramic tiles safe.<p>Now, Fukushima is an extreme case of a failure -- it was probably the worst built nuclear power plant in the most dangerous location, but it represents the most likely LWR failure mode: not a stuck valve or simple operator error, but a major catastrophe that prevents cooling of the core and spent fuel. Unlike the shuttle, we can make that a lot less likely.