Brief Overview of SAFM: The Shuttle Abort Flight Management system (SAFM) was developed by NASA Johnson Space Center and General Dynamics Decision Systems as part of the Shuttle Cockpit Avionics Upgrade (CAU). SAFM is a single-threaded application written in 30 KLOC of C++ that follows coding standards appropriate to safety-critical applications. SAFM computes the potential abort options for the Space Shuttle under various contingencies and gives abort recommendations to the crew. Primarily as a result of the loss of Columbia and the subsequent re-focusing of NASA’s crewed space flight away from the space shuttle and similar vehicles, both CAU and SAFM were canceled before being deployed, but the developers of SAFM remained interested in the Software Assurance Research Program (SARP) initiative’s analyses of the software.