bsieker

I'm not sure what gave you that idea. There are various levels of criticality for different pieces of software.

However, there are bigger issues at stake. MCAS has the potential, without quick and correct intervention by the crew, to cause a catastrophic outcome ("catastrophic" is not just a fancy term, it is quite well defined in certification specifications.) Therefore software for systems with such severe possible consequences, need to be developed to particularly stringent standards of requirements specification, analysis, coding practices, planning, documentation, verification, etc. That is what some people here mean when they refer to "DAL A" or "Level A": That is the most stringent category for safety-critical software in airborne systems, as defined in DO-178C (or ED-12C in Europe, which is excatly the same standard):

As we now know, MCAS is just such a system. So, as others have pointed out repeatedly, at least in hindsight, anything less than Level A is not appropriate.

Objectives that need to be demonstrated include things like

• High-level requirements are accurate and consistent.
• Low-level requirements are verifiable.
• Software architecture is verifiable.
• Source Code is verifiable.
• Source Code is traceable to low-level requirements.
• Source Code is accurate and consistent.
• High-level requirements are accurate and consistent.
• Low-level requirements are traceable to high-level requirements.

And many more. That is "the cheapest fix possible". It's not cheap, but it's doable in significantly less than 8 years for a company which has the procedures in place, which Boeing does.


Bernd