Littlewood and Strigini present a depressing summary of the use of software in ultrahigh-reliability applications. In situations where software must have a probability of failure less than 10 - 9 per hour of operation, the authors note that the state of the art prevents the verification of software beyond 10 - 4 faults per hour of operation. The paper reviews the specification of dependability requirements and the various methods and models for validating and proving the reliability of software systems. They conclude that a software solution for ultrahigh-reliability systems is almost impossible, and must be approached with simple design, evolutionary design, and hardware designs that remove the burden of ultrahigh dependability from the software. This paper is a good summary of the state of the art in software reliability and is intended for the architects of ultrahigh-reliability systems.