Originally Posted by
Vilters
You can update the software from now till eternity.
The main issue remains.
These "events" are triggered by failing AOA sensor/systems. => That is where the main focus should be => Why is the AOA probe/system failing.
That MCAS was single probe only is an error, but secondary and wat MCAS is/was trying to do is third.
But, and this should be the main focus point => With a solid AOA signal, nothing of this would have happened in the first place.
As stated before, the consequences of all failure modes must be evaluated and a hazard level assigned to each. Only when the combination of failure rate and hazard level of the consequences are considered together can a design be determined to be acceptable.