[Retric]

Cropping the cause is misleading, this is all under cause:

> determines that the probable cause of this accident … Aircraft Engines. The subsequent catastrophic disintegration of the disk resulted in the liberation of debris in a pattern of distribution and with energy levels that exceeded the level of protection provided by design features of the hydraulic systems that operate the DC-10's flight controls.

Under recommendations:

> Encourage research and development of backup flight control systems ·for newly certificated wide-body airplanes that utilize an alternative source of motive power separate from that source used for the conventional control system. (Class II, Priority Action) (A-90-168)

> Conduct system safety reviews of currently certificated aircraft as a result of the lessons learned from the July 19, 1989, Sioux City, Iowa, DC-10 accident to give all possible consideration to the redundancy of, and protection for, power sources for flight and engine controls. (Class II, Priority Action) (A-90-169)

>Analyze the dispersion pattern, fragment size and energy level of released engine rotating parts from .the July 19, 1989, Sioux City , Iowa, DC-10 accident and include the results of this analysis, and any other peripheral data available, in a revision of AC 20-128 for future aircraft certification. (Class II, Priority Action) (A-90-170)

Etc. So calling this a design issue rather than an inspection issue is quite reasonable. Inspections are guaranteed to eventually fail, the aircraft being 100% dependent on them is a recipe for future disasters.

[kube-system]

In aviation safety investigations, all contributing factors are considered, and there are usually multiple factors involved in any incident.

My purpose of quoting that wasn't to be a wholly inclusive description of the situation (that's what the full report is for), it was to refute the above idea that engine defect was not the root cause.

> So calling this a design issue rather than an inspection issue is quite reasonable. Inspections are guaranteed to eventually fail, the aircraft being 100% dependent on them is a recipe for future disasters.

Likewise, we don't just require "good designs" instead of inspections, because even a "good design" will experience failures. In the swiss-cheese model of safety, all of the slices are important. In this case, the inspection was the first failed slice.

[Retric]

> was to refute the above idea that the engine defect was not the root cause

You misunderstand what a root cause is. An accident has multiple root causes in the swiss cheese model.

Each process update is supposed to address a root cause.

This is separate from contributing factors. IE: It happened at night.