Originally Posted by
bsieker
I have a feeling Boeing's idea that the pilot has to save the day will fall short of regulators' approval. They can no longer maintain after two accidents (where in the second one the crew almost certainly knew about the first) that any pilot "without exceptional skill" (which is the regulatory requirement, and, if you think about it, is a lot less than "average") will be able to handle it.
Bernd
I absolutely agree. The aviation authorities have the hardest of evidence possible that “average” pilots are unlikely to cope. Boeing’s dilemma is this then means the MCAS system (at least) has to be considered as a “catastrophic” safety critical system. The MCAS software then has to be “Level A” according to DO-178C.
IMO no amount of software patching can turn a Level C software package into a Level A.
The Level A process is a full life-cycle development process, starting with the top level system requirements down through the coding process and then through the validation and verification processes; a lot of the reviewing and compliance checking has to be carried out “independently”, i.e. not by the supplier. In addition any “safety critical” item of data, such as AoA, has to be at the appropriate level. Typically this means triplex sensors, BUT without Common Mode Failure characteristics. So, another (same technology) vane on the nose would not be suitable.