[SystemSafety] Correctness by Construction
Peter Bernard Ladkin
ladkin at causalis.com
Fri Jul 10 13:24:01 CEST 2020
On 2020-07-10 12:24 , Dewi Daniels wrote:
>
> There is no evidence that the MCAS software failed to satisfy its requirements. It appears that the
> MCAS software behaved correctly according to its requirements, but that those requirements specified
> unsafe behaviour. It seems that the system safety engineers and the requirements engineers only
> considered a single activation of MCAS. They do not appear to have considered the possibility that
> MCAS could activate repeatedly, eventually driving the stabilizer to a fully nose down position.
The Congressional report also makes it clear that the company also altered the activation conditions
of the (sub)system (which Boeing still calls a "function" of the STS), without either revisiting the
hazard/risk analysis or informing the regulator.
PBL
Prof. Peter Bernard Ladkin, Bielefeld, Germany
Styelfy Bleibgsnd
Tel+msg +49 (0)521 880 7319 www.rvs-bi.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20200710/7d0bdeae/attachment-0001.sig>
More information about the systemsafety
mailing list