How the Boeing 737 Max Disaster Looks to a Software Developer

BigGrizzly CC BY-NC-SA 19/04/2019

How the Boeing 737 Max Disaster Looks to a Software Developer - IEEE Spectrum
▻https://spectrum.ieee.org/aerospace/aviation/how-the-boeing-737-max-disaster-looks-to-a-software-developer

That’s because the major selling point of the 737 Max is that it is just a 737, and any pilot who has flown other 737s can fly a 737 Max without expensive training, without recertification, without another type of rating. Airlines—Southwest is a prominent example—tend to go for one “standard” airplane. They want to have one airplane that all their pilots can fly because that makes both pilots and airplanes fungible, maximizing flexibility and minimizing costs.
It all comes down to money, and in this case, MCAS was the way for both Boeing and its customers to keep the money flowing in the right direction. The necessity to insist that the 737 Max was no different in flying characteristics, no different in systems, from any other 737 was the key to the 737 Max’s fleet fungibility. That’s probably also the reason why the documentation about the MCAS system was kept on the down-low.
Put in a change with too much visibility, particularly a change to the aircraft’s operating handbook or to pilot training, and someone—probably a pilot—would have piped up and said, “Hey. This doesn’t look like a 737 anymore.” And then the money would flow the wrong way.

#Boeing #737 #ET302

BigGrizzly CC BY-NC-SA

BigGrizzly @biggrizzly CC BY-NC-SA 19/04/2019

Autre texte, issu du newgroup comp.lang.ada :
One of the criticisms of the decisions leading to the MCAS software is that the software is certified only at DO-178B level C, defined as software whose consequences are ( ▻https://en.wikipedia.org/wiki/DO-178B ):
Major – Failure is significant, but has a lesser impact than a
Hazardous failure (for example, leads to passenger discomfort rather
than injuries) or significantly increases crew workload (safety
related)
This is instead of level A (catastrophic, the whole plane can be lost), or level B (hazardous, people can be injured). The rationale was that at worst MCAS going wrong would change the nose pitch by a few degrees and then the pilot could fix it. They didn’t consider the possibility of it activating over and over again, tilting a few more degrees each time.
Since the software was treated as level C, its development and certification process was less rigorous than what it would have gotten at a more critical level.

Et la conclusion :
Certifying and developing this system at level C instead of level A was itself obviously some kind of process failure. I believe finding out how that happened is one of the investigation’s objectives.
Tu m’étonnes...

BigGrizzly @biggrizzly CC BY-NC-SA
Simplicissimus @simplicissimus 19/04/2019

sur la détermination du niveau de risque pour les exigences relatives à la certification des modifications, tu avais l’article de la Tribune, dans mon commentaire du 17/03
►https://seenthis.net/messages/767310

Simplicissimus @simplicissimus
BigGrizzly @biggrizzly CC BY-NC-SA 19/04/2019

Merci du rappel. Les articles précédents ne sont pas aussi explicites je trouve. Là, tu comprends qu’il y a eu soit négligence fautive, soit volonté délibérée de sous-classer le composant. Et présenté comme cela, tu comprends que Boeing est vraiment très mal judiciairement parlant, si leur budget corruption ne permet pas de couper court aux enquêtes à ce sujet (ce qui n’est évidemment pas impossible).
Y-a un fabricant chinois qui doit se frotter les mains... pour le futur. (Airbus devrait, dans un monde normal, se frotter les mains... mais le saccage « Tom Enders » va avoir du mal à être réparé, s’il existe la moindre volonté politique d’un jour le réparer... et à observer le parachute doré dont il bénéficie, on comprend que... ... ...).

BigGrizzly @biggrizzly CC BY-NC-SA
BigGrizzly @biggrizzly CC BY-NC-SA 23/02/2022

#737_max

BigGrizzly @biggrizzly CC BY-NC-SA

Écrire un commentaire