There is a write up about the development of the STS-software[1]. If memory serves, the key is specifying everything extremely rigorously. It seems to me though, that writing such specification (if sensor A detects such-and-such value and sensor B...) would share most of the problems writing actual software does.
Another look at how to get "NASA like" confidence is provided by Richard Feynman[2] and Diane Vaughan[3].