Originally Posted by
bsieker
Au contraire. Aviation is the industry which mandates appropriate techniques. They are well-known, and used.
Add-on systems that bring airliners back into compliance, which are not by themselves aerodynamically completely compliant to regulations, are literally as old as jet airliners themselves. Many types have stick-nudgers or stick-pushers, and they work fine, and are perfectly sensible to use. But that does not mean one can skip due diligence in developing them, which includes a thorough risk and hazard assessment.
I fully agree Bernd. As someone who has worked for years on aviation safety critical software, I am stunned at the poor specification and implementation for the MCAS software. The Ethiopian flight FDR showing an AoA of 75 – where is the limit check?? Even for software that was (incorrectly) not considered as DO-178C Level A, I still find it impossible to comprehend how someone somewhere in the development process did not suggest to put in a “if AoA > x deg, no trim”, perhaps only as a “just in case – belt and braces couple of lines of code”. It grieves me to think that if they had, we might not have lost 2 aircraft.
IMO the MCAS software has to be redeveloped from scratch as Level A, not just patched. The risk of a bug in the software that could cause an AND runaway has to be reduced to ALARP (As Low As Reasonably Practical).