The development of aviation engine control software is a prime example of a process in which the overriding concern is safety. In building such a complex system, change is inevitable. This paper discusses the aims of CONVERSE, an EPSRC-funded project to investigate change management in safety-critical software development. The aim is to reduce the costs which occur due to change, while allowing rapid re-collection of the safety evidence required for such systems.