Originally Posted by
VicMel
I absolutely agree. The aviation authorities have the hardest of evidence possible that “average” pilots are unlikely to cope. Boeing’s dilemma is this then means the MCAS system (at least) has to be considered as a “catastrophic” safety critical system. The MCAS software then has to be “Level A” according to DO-178C.
IMO no amount of software patching can turn a Level C software package into a Level A.
The Level A process is a full life-cycle development process, starting with the top level system requirements down through the coding process and then through the validation and verification processes; a lot of the reviewing and compliance checking has to be carried out “independently”, i.e. not by the supplier. In addition any “safety critical” item of data, such as AoA, has to be at the appropriate level. Typically this means triplex sensors, BUT without Common Mode Failure characteristics. So, another (same technology) vane on the nose would not be suitable.
You may be right. However, all automation systems currently have a predicate that in the 'otherwise case' or if things get difficult, the automation can drop out and give the aircraft to the pilot.
As soon as pilots start to say 'we cannot cope in manual flight; we cannot switch off systems that are in error - even though the switches have been there for decades as have the NNC for the failure and we were specifically told of the issues.....
THEN money will be spent on automation that does not hand back to a pilot but manages itself even in cases of unknown error. There will then be no pilot shortage as the automation will have taken over entirely and automation doesn't need a pension or a union and doesn't care about hours worked.