[ams6110]

The software that runs safety-critical flight controls is actually developed nothing like typical ecommerce or social media. It is designed and developed to an engineering standard. You can review DO-178C requirements[1].

Not all software has the same consequences for failure. The highest level is when failure is catastrophic, i.e. "Failure may cause deaths, usually with loss of the airplane." This requires the highest "Level A" assurance level.

Presumably MCAS was not originally evaluated as needing to meet the highest level. If it were, the single AoA input would have immediately disqualified the design right off the bat.

There's some speculation that the delays on the "fix" are because if they have to redevelop the software at a "Level A" standard that means basically a complete reimplementation with full tracability of requirements from design to source code through compilation to executable, with independent verification. That won't happen in a few weeks.

[1] https://en.wikipedia.org/wiki/DO-178C

[Bendingo]

> designed and developed to an engineering standard

Hmmmm. Interesting. Is it legally required to use this standard for these critical softwares?

And are developers legally required to be licensed, in the same way that civil engineers are?

[cjbprime]

Yes, the FAA must certify the plane as airworthy for it to be legally flown, and the FAA does use this standard's criteria.

[cjbprime]

It looks like Boeing submitted MCAS at DAL C, using the rationale that it only mutates the stabilizer angle by a few degrees, so it can't be catastrophic. This was a terrible argument for two reasons:

1) It mutates it a few degrees at a time in a non-terminating loop, so it effectively has control authority of the entire stabilizer.

2) Even DAL C would require using more than a single input!

[jgust]

Do _most_ companies follow DO-178C requirements? Do _most_ software engineers even know what that is?

[ams6110]

Companies that develop aircraft control software do. I read your comment as implying that they don't.

[ncallaway]

> Do _most_ companies follow DO-178C requirements?

No, because most companies aren't developing life-critical software.

I would imagine most companies that are developing life-critical software are familiar with those requirements.