[bumby]

Of course they realize it makes it statistically less reliable. I think the gap is it becomes much more difficult to assess the probability of failure between different systems. In the case of MCAS, they already had the ability to override it. In complex systems one domain may think a simple mitigation is sufficient (e.g., the pilot can override MCAS) without understanding the layering of other issues (e.g., human factors like complex controls, lack of training etc.) Meaning from the standpoint of a single domain, that simple mitigation maybe incorrectly be assumed to bring the risk probability into a reasonable range.

I think it’s important to acknowledge the process failures like lack of communication between domains rather than acquiesce to simple conclusions that are more clear only in hindsight.