Assuring Trust in Autonomy:

Introduction

In an era where autonomy is reshaping the modern battlespace, unmanned systems and drones are becoming indispensable assets for defence forces worldwide. Whether conducting surveillance, supporting logistics, or executing precision missions, these platforms rely fundamentally on software to operate safely, securely, and reliably. As autonomy increases, so does the criticality of ensuring that software behaves predictably under all conditions, and that it can be trusted to make or support decisions in high-stakes scenarios.

This article explores the pivotal role of high-integrity software in enabling resilient, certifiable, and mission-assured unmanned systems. It outlines the principles and practices required to meet the demanding requirements of military and defence applications.

The Strategic Role of Software in Military Autonomy

From surveillance drones operating in contested airspace to autonomous ground vehicles navigating complex terrain, the effectiveness of unmanned systems hinges on their ability to operate with precision, resilience, and minimal human intervention. At the heart of this capability lies software. It is software that enables situational awareness, real-time decision-making, secure communications, and adaptive mission behaviour. In increasingly complex threat environments, software determines how a system performs and whether it can be trusted to perform at all. Moreover, as military autonomy evolves beyond remote control toward fully autonomous and cooperative operation (such as drone swarms or multi-domain mission orchestration), the demands placed on software in terms of correctness, predictability, and robustness are showing accelerated growth.

High-integrity software is, therefore, not a technical luxury but a strategic necessity. Ensuring the trustworthiness of that software is fundamental to operational success and national defence readiness.

What is High-Integrity Software?

High-integrity software refers to systems engineered to meet exceptionally stringent requirements for reliability, safety, security, and predictability. Failure is not an option for unmanned and autonomous systems operating in defence environments; even minor defects can lead to mission degradation, collateral damage, or catastrophic loss. High-integrity software is characterised by its ability to perform its intended functions correctly and consistently, even under adverse conditions. This includes rigorous handling of faults, resilience to cyber threats, and the capacity to operate within tightly defined real-time constraints. Importantly, it must also be verifiable. This means its behaviour must be demonstrably correct with respect to its specification, enabling it to meet formal certification and assurance requirements. In essence, high-integrity software embodies trustworthiness by design. It is not just software that works; it is software that can be relied upon to work correctly and securely, every time.

Formal Verification and the Elimination of Software Defects

In the development of high-integrity software, traditional testing alone is insufficient to provide the level of assurance required for military unmanned systems. Testing can reveal the presence of defects but can never prove their absence. Formal verification addresses this limitation by enabling developers to mathematically prove that software behaves as intended, under all possible inputs and execution paths. Techniques such as formal specification, model checking, theorem proving, and static analysis offer the ability to reason about program correctness properties with mathematical precision. Languages and toolsets designed with verification in mind, such as SPARK, facilitate this process by allowing properties like functional correctness, data integrity, absence of runtime errors, and information flow security to be proven at compile time. Exploiting continued improvements in proof technology and hardware performance, formal methods are a practical element in an organisation’s software development and verification infrastructure.

For defence applications, incorporating formal methods not only enhances confidence in software behaviour but also provides a justifiable assurance case for certification and operational deployment.

Lifecycle Assurance and Secure Supply Chains

High-integrity software in military unmanned systems must remain trustworthy not only at initial deployment but throughout its entire operational lifespan, which may span decades. This long-term assurance presents unique challenges, especially in the face of evolving threats, hardware obsolescence, and the need for updates or re-certification. Maintaining software integrity over time requires rigorous configuration management, robust version control, and clearly traceable change histories.

The software supply chain itself must also be subject to scrutiny. With increasing reliance on third-party components, external libraries, and complex toolchains, the provenance and integrity of every software element become critical. Organisations must adopt practices such as software bill of materials (SBOM) tracking, reproducible builds, and toolchain qualification to mitigate the risk of compromised dependencies or malicious insertions. Ultimately, lifecycle assurance is not a one-time activity, but a sustained commitment, one that ensures military systems remain secure, resilient, and certifiable throughout their operational use.

Closing Thoughts

As military capabilities increasingly depend on autonomous and software-driven platforms, it is imperative to recognise high-integrity software not merely as a technical deliverable, but as a strategic asset. The reliability, safety, and security of defence operations now rest as much on code quality as they do on hardware performance or tactical planning. Investment in rigorous software engineering practices, including formal verification, secure development pipelines, and lifecycle assurance, directly translates into operational readiness and mission success. Moreover, nations and organisations that prioritise software trustworthiness will be better positioned to adopt emerging technologies with confidence.

In this context, high-integrity software is not just about compliance or risk mitigation; it is about enabling innovation while safeguarding control. As the defence sector moves towards greater autonomy and digital transformation, the imperative is clear: trusted software must be engineered with the same discipline and foresight as any other mission-critical capability.