Many safety systems, such as those in nuclear power plants, are systems for which the consequences of failure can be severe or catastrophic. These systems must be developed, implemented, and maintained in ways that provide assurance that catastrophic consequences will be prevented. This paper discusses various aspects of the question of using commercially available software in these systems. Risk, grading, and system assessment are discussed, and relevant standards are summarized. Recommendations for addressing key issues are given.