JPcont,

Your alternative perspective (#370) is interesting. Whilst the basic information (AoA) is the same for both ‘systems’, each system has alternative views and thus use of the information. MCAS receives a valid, but inaccurate value of AoA, the computation and activation works exactly as designed - except that the output is not what the aircraft situation, nor crew requires.

Alternatively the crew do not have any direct information about AoA, the validity or magnitude of any error; they can only deduce a problem from the aircraft a motion - which is not as required.

Thus if I reframe my concern (#365) about the possibility of a software error - parity bit (discussed elsewhere), then whatever soft system changes are made, they must also reduce the possibility of inaccurate AoA from any other source, both for use by MCAS and pilots. i.e. any new dual system architecture can still malfunction if both inputs are simultaneously wrong - same software error.

The additional concern is if an AoA error is combined with a hardware fault, or that an independent hard fault can produce a false AoA. Although a new dual system should detect any difference and stop activation, without understanding the origin of a hardware fault, then the theory might not be provable for certification, and further more not eliminate the possibility of such a fault occurring simultaneously in both systems.

Thus if the issue is software related, any solution has to demonstrate both ‘soft’ compliance and tolerance to ‘hard’ faults.
As yet neither view has been disclosed as contributing to the accident, but if it is ‘software’, this and its fix should not be taken as a guarantee of cure.