PPRuNe Forums - View Single Post - Note: April 5th! Additional Software Problem Found In Boeing 737 Max Control System:
Thread: Note: April 5th! Additional Software Problem Found In Boeing 737 Max Control System:
View Single Post
Old 16th May 2019, 08:12
  #3 (permalink)  
safetypee
 
Join Date: Dec 2002
Location: UK
Posts: 2,471
Likes: 0
Received 9 Likes on 5 Posts
Takwis,
The article fails to clarify what the exact nature of the problem was.

Relating the report to the ET piloting actions in the accident, could conclude that the issue is about the ineffectiveness of the AD emergency drill, which was based on the Trim Runaway drill. The FAA have launched an investigation into this.

Alternatively the issue could be a re-run of the AoA Disagree alert option which was not working in some aircraft. A superficial view might conclude that the modification was not enabled - ‘we paid for it, but it was not delivered’. In isolation, not a particular safety issue, but of greater concern if used with another option of AoA display.

More recently, the absence of the alert has be interpreted as the failure of the software to detect differences in AoA and thus provide a display; the modification was correctly enabled, but it did not work. Again in isolation this is not a safety issue - ‘so don’t tell operators they will want a fix which costs time and effort during a demanding certification programme’.

However, HOWEVER; the use of this software comparison logic in the proposal to alleviate AoA Disagree in MCAS indicates an appalling lack of understanding across departments or external vendors, and a significant weakness in the checking and validation process - design and certification.

The errors were only detected during regulatory assessment of the proposed modification (FAA / other regulatory agencies). Thence the proposal was rejected and Boeing invited to resubmit proposals for modification - a low key, polite, regulatory rejection, likened to WIHIH (with some hidden embarrassment as to why the original fault was not detected).

This ‘double-double’ error, design and process, which if extended across other products further reduces confidence on how things have been done. Not that these are unsafe, but perhaps that not all of the advanced (dual / triple) safeguards have the expected depth of redundancy.

The magnitude of the latter interpretation drives one to use pictures - and some levity, but so true.
https://dilbert.com/strip/2015-02-27
https://dilbert.com/strip/2011-02-03
https://dilbert.com/strip/2011-08-15
https://dilbert.com/search_results?terms=agile
safetypee is offline  
Reply