Abstract
Procurers of critical computer based systems have to assess the suitability of implementations provided by external contractors. What an assessor requires is a clear, comprehensible and defensible argument, with supporting evidence, that a system will behave acceptably. In this paper we describe how the Goal Structuring Notation (GSN) can be used to capture suitability arguments with supporting evidence attached in the form of design models, test results, analysis results, audit reports, etc. We also describe associated tool support =96 the Safety Argument Manager (SAM). This paper describes work being carried out by the Defence Research Agency (DRA) and the University of York, supported by the UK Ministry of Defence s (MoD) Strategic Research Programme. It presents the preliminary results and expected future direction of the project. Nothing in this paper should be taken as the official position of the MoD or the DRA.