For safety-critical systems, it is insu cient to certify the developer and the development process. Certi cation of the software product itself is also needed. SFMEA (Software Failure Modes and E ects Analysis) and SFTA (Software Fault Tree Analysis) are two engineering techniques that have been used successfully for a number of years and in a variety of safety-critical applications to verify software design compliance with robustness and fault-tolerance standards. This paper proposes the use of Bi-directional Analysis (BDA), an integrated extension of SFMEA and SFTA, as a core assessment technique by which safety-critical software can be certi ed. BDA can provide limited but essential assurances that the software design has been systematically examined and complies with requirements for software safety.