A system and method for providing assurance to a host executing a piece of software that the software possesses a particular property. A certifier determines if a piece of software possesses a particular property, and if it does, it cryptographically signs the software, producing a signature. The software and a certificate that includes the signature is then distributed to a host. The host checks the signature. If the signature is valid, then the host is provided with assurance that the software possesses the particular property. If the signature is not valid, then the host is provided with no such assurance.