Originally Posted by
VicMel
I absolutely agree. The aviation authorities have the hardest of evidence possible that “average” pilots are unlikely to cope. Boeing’s dilemma is this then means the MCAS system (at least) has to be considered as a “catastrophic” safety critical system. The MCAS software then has to be “Level A” according to DO-178C.
IMO no amount of software patching can turn a Level C software package into a Level A.
Has it been stated anywhere what design assurance level (DAL) the new MCAS software will be?
I have read there are several changes:
- Compare L & R AOA (and inhibit if they disagree, and display raw AOA values)
- Only allow 1 trim application
- Limit MCAS input to less than control column authority
But nowhere have I seen what the DAL is going to be. Since the hazard assessment seems to be where the errors started, allowing one sensor, what's the new hazard assessment?