[SystemSafety] B737M MCAS

Olwen Morgan olwen at phaedsys.com
Tue Mar 19 22:07:45 CET 2019 

Another egregious example of this is the FDA 501(k) route for 
certification of medical devices. I've also heard from someone qualified 
to know (but under Chatham House rules) that at least one medical device 
has been certified as hardware only and then received certification 
under 501(k) when the software was added on the basis that it was 
"substantially the same" as the hardware-only device.

... WTF??? ... %-{


As regards the 737 MAX series, the apparent susceptibility to nose-down 
attitude ought surely to have been detected in software testing. 
Properly designed simulated stress testing ought to have discovered it 
quite easily. For aircraft, this involves using stress test drivers that 
mimic both the external atmospheric conditions and pilot behaviour. 
Unfortunately, very few system engineers that I've ever met understand 
that all relevant external systems need to be simulated in this kind of 
testing ... and I wouldn't trust overly many of them even to spell 
"atmospheric physics" properly.


Olwen


On 19/03/2019 16:40, Littlewood, Bev wrote:
>
>
>> On 19 Mar 2019, at 13:38, Andy Ashworth <andy at the-ashworths.org 
>> <mailto:andy at the-ashworths.org>> wrote:
>>
>> In summary, there was a failure in the engineering of the overall 
>> system rather than a failure within a specific component or discipline.
>
> That sounds right to me. The following may be a rather naive 
> observation (i’m no expert on these aeronautical matters), but I 
> wonder whether the problem was compounded by a regulatory regime which 
> seems to allow a new “version” of an aircraft “type” to have an easier 
> certification passage than a new type. How different does a new 
> version have to be, compared with its predecessor(s), before it is 
> regarded as a new type, with all the extra certification rigour that 
> that seems to imply? Deciding to fit larger engines, and needing to 
> move them upwards and forwards, seems a rather fundamental design 
> change to me, which might be expected to have correspondingly 
> fundamental consequences.
>
> Cheers
>
> Bev
>
> _______________________________________________
>
> Bev Littlewood
> Emeritus Professor of Software Engineering
> Centre for Software Reliability
> City, University of London
> EC1V 0HB
>
> _______________________________________________
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20190319/b3fb3886/attachment.html>

More information about the systemsafety mailing list