| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the Boeing 737 Max 8 aircraft has happened again within the same organization, Boeing. The incident involved the new Maneuvering Characteristics Augmentation System (MCAS) that was not properly disclosed to pilots during their transition training courses, leading to confusion and potential safety issues [81908].
(b) The software failure incident has also occurred at multiple organizations, specifically involving pilots transitioning to the Boeing 737 Max 8 aircraft from older 737 models at Southwest Airlines and American Airlines. Pilots at both airlines reported that the transition courses they took did not explain the new MCAS system, which has been identified as a critical factor in the Lion Air crash and the Ethiopian Airlines crash [81908]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the case of the Boeing 737 Max 8 aircraft. Pilots transitioning to this new model were not adequately informed about the new Maneuvering Characteristics Augmentation System (MCAS) which was a critical system in the aircraft. The transition courses provided to pilots did not explain or mention the MCAS system, which was designed to automatically command a plane to pitch down if it senses an imminent stall. This lack of information about a crucial system in the design of the aircraft contributed to the software failure incident [81908].
(b) The software failure incident related to the operation phase is evident in the lack of hands-on experience and training provided to pilots for the Boeing 737 Max series aircraft. Pilots expressed concerns about the self-administered online courses that did not adequately cover the MCAS system, which could lead to confusion in emergency situations. The failure to provide sufficient training and simulator experience for pilots operating the aircraft contributed to the software failure incident during the operation phase [81908]. |
| Boundary (Internal/External) |
within_system |
(a) The software failure incident related to the Boeing 737 Max 8 aircraft was primarily within the system. The failure was attributed to the new Maneuvering Characteristics Augmentation System (MCAS) that was installed in the aircraft but was not disclosed to the pilots during their transition training courses [81908]. The MCAS system, designed to automatically command a plane to pitch down if it senses an imminent stall, became the focus of the Lion Air crash and was potentially a major factor in the Ethiopian Airlines crash as well. The lack of proper training and information about this system led to confusion and potential safety issues for the pilots [81908]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident related to the Boeing 737 Max 8 aircraft was primarily due to the introduction of the new Maneuvering Characteristics Augmentation System (MCAS) by Boeing without proper disclosure to pilots. The MCAS system, designed to automatically command a plane to pitch down if it senses an imminent stall, was a key factor in the Lion Air crash and potentially in the Ethiopian Airlines crash as well. Pilots transitioning to the 737 Max 8 were not adequately informed or trained about this new system, leading to confusion and potential safety issues [81908].
(b) The software failure incident occurring due to human actions:
The failure related to human actions in this incident involves the lack of proper training and disclosure by Boeing and the Federal Aviation Administration (FAA) to pilots regarding the MCAS system. Pilots' unions highlighted that the transition courses for the 737 Max 8 did not adequately explain or mention the MCAS system, leading to a situation where pilots were not fully aware of the new system and its potential implications. Additionally, the decision to certify the 737 Max series without requiring simulator time for pilots was also a human action that contributed to the lack of hands-on experience and understanding of the new system [81908]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
- The article does not mention any specific hardware-related issues contributing to the software failure incident. Therefore, there is no information provided regarding hardware-related factors in this incident.
(b) The software failure incident related to software:
- The software failure incident in this case is primarily related to software factors. Specifically, the failure is attributed to the new Maneuvering Characteristics Augmentation System (MCAS) installed in the Boeing 737 Max 8 aircraft. The MCAS system, designed to automatically command a plane to pitch down if it senses an imminent stall, has been identified as a key factor in the Lion Air crash and the Ethiopian Airlines crash. The failure was due to the lack of adequate training and information provided to pilots regarding the MCAS system, leading to confusion and potential safety risks [81908]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident discussed in the articles is non-malicious. The failure was due to contributing factors introduced without intent to harm the system. Specifically, the failure was related to the lack of proper training and information provided to pilots transitioning to the Boeing 737 Max 8 aircraft. The incident involved a new system called MCAS (Maneuvering Characteristics Augmentation System) that was not adequately explained or disclosed to the pilots during their transition courses. This lack of information and training on the new system could have contributed to the fatal crashes involving the 737 Max 8 aircraft [81908]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was poor_decisions. The failure was due to contributing factors introduced by poor decisions made by Boeing and the FAA regarding the training provided to pilots transitioning to the Boeing 737 Max 8 aircraft. The software system at the center of the crash investigations, known as MCAS, was not adequately explained or disclosed to the pilots during their transition training courses. This lack of information and training on the new system led to confusion and potential safety issues, ultimately resulting in the two fatal crashes involving the 737 Max 8 aircraft [81908].
(b) The software failure incident was not due to accidental_decisions or unintended mistakes, but rather a result of poor decisions made by Boeing and the FAA in not providing sufficient training and information to pilots regarding the new MCAS system on the Boeing 737 Max 8 aircraft. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence is evident in the case of the Boeing 737 Max 8 aircraft. Pilots transitioning to the new model were not adequately informed about the new Maneuvering Characteristics Augmentation System (MCAS) which played a crucial role in the two crash investigations involving the aircraft. The transition courses provided to pilots did not include information about the MCAS system, leading to confusion and potential safety risks [81908].
(b) The software failure incident related to accidental factors is highlighted by the lack of proper training and information provided to pilots regarding the MCAS system on the Boeing 737 Max 8 aircraft. The omission of crucial details about the MCAS in the transition courses was not intentional but rather a result of oversight or negligence in the development of the training materials. This accidental omission contributed to the confusion and potential risks faced by pilots operating the aircraft [81908]. |
| Duration |
permanent, temporary |
The software failure incident related to the Boeing 737 Max 8 aircraft can be considered as both temporary and permanent based on the information provided in the articles.
Temporary:
- The temporary aspect of the software failure incident is highlighted by the lack of proper training and information provided to pilots transitioning to the Boeing 737 Max 8 aircraft. Pilots were not adequately informed about the new Maneuvering Characteristics Augmentation System (MCAS), which played a significant role in the two crash investigations involving the aircraft [81908].
- The temporary nature of the failure is also evident in the fact that Boeing developed a software patch and a pilot training program in response to the issues identified after the fatal crashes, indicating that corrective measures were implemented to address the specific software-related issues [81908].
Permanent:
- The permanent aspect of the software failure incident is reflected in the initial design and certification process of the Boeing 737 Max 8 aircraft. The introduction of the MCAS system without proper disclosure to pilots and the reliance on self-administered online courses without adequate information about critical systems like MCAS point to systemic issues in the software integration and training processes [81908].
- The permanent nature of the failure is further emphasized by the need for additional training, including ground school and flight simulator time, to ensure pilots are proficient in handling the new aircraft systems. This indicates a fundamental gap in the initial training provided to pilots transitioning to the 737 Max series aircraft [81908].
In summary, the software failure incident related to the Boeing 737 Max 8 aircraft can be seen as both temporary, due to specific circumstances leading to the lack of information and training, and permanent, due to systemic issues in the design, certification, and training processes. |
| Behaviour |
crash, omission, value |
(a) crash: The software failure incident in the articles is related to a crash. The Boeing 737 Max 8 aircraft experienced crashes, with the Lion Air crash in October and the Ethiopian Airlines crash in March, resulting in the loss of 189 and 157 lives, respectively. The crashes were attributed to the new Maneuvering Characteristics Augmentation System (MCAS) that automatically commanded the plane to pitch down if it sensed an imminent stall, leading to the failure of the system and subsequent crashes [81908].
(b) omission: The software failure incident also involved an omission in the training provided to pilots transitioning to the Boeing 737 Max 8 aircraft. Pilots of Southwest Airlines and American Airlines were given transition courses that did not explain or mention the new MCAS system, which was a critical omission as the system played a central role in the crash investigations. The courses highlighted differences between the Max 8 and older 737 models but failed to address the MCAS system, leading to a lack of crucial information for the pilots [81908].
(c) timing: The timing of the software failure incident can be related to the delayed response in providing adequate training and information about the MCAS system to the pilots. The omission of the MCAS system in the transition courses, which was only addressed after the crashes, indicates a timing issue where the necessary information was not provided in a timely manner to prevent the tragic events [81908].
(d) value: The software failure incident also involved a failure in the system performing its intended functions incorrectly. The MCAS system, designed to prevent stalls by automatically adjusting the plane's pitch, malfunctioned in both the Lion Air and Ethiopian Airlines crashes, causing the aircraft to pitch down erroneously and leading to the fatal outcomes. This incorrect performance of the MCAS system highlights a value-related failure in the software functionality [81908].
(e) byzantine: The software failure incident did not exhibit characteristics of a byzantine failure, which involves inconsistent responses and interactions within a system. The focus in this case was on the omission of critical information about the MCAS system in the training provided to pilots, rather than on inconsistent behavior or interactions within the system [81908].
(f) other: The software failure incident can be categorized under the "omission" behavior, as the critical failure was due to the omission of information about the MCAS system in the transition training courses for pilots. This omission of crucial details led to a lack of awareness and preparedness among the pilots, contributing to the tragic crashes of the Boeing 737 Max 8 aircraft [81908]. |