> Do we, really?

Formal verification to EAL7[0] in theory, as long as your requirements are correct.

In practice I'm not aware of any bugs being discovered in any EAL7 software, but it's so expensive there isn't a lot of it.

[0]https://en.wikipedia.org/wiki/Evaluation_Assurance_Level