Abstract
Assurance of software systems has traditionally been sought through the rigour of the development process. The higher the assurance the more demanding the development process, the highest assurance requiring the use of formal methods during development. This approach has been followed for decades with some success, but increased assurance brings a disproportionate increase in cost and risk. In this paper a change in emphasis is suggested from the development of a system to its acceptance. The benefits for high assurance systems are illustrated through a case study and preliminary experience of high assurance techniques are reported.