The MCAS system detects when that erroneous pitch occurs at high speeds and uses the stabilizer on the airplane’s tail to move the nose back down. On the downed planes, a faulty sensor may have triggered MCAS when it shouldn’t have, leading the pilots to wrestle with the planes as they struggled to pull their noses back up.

Which is all to say: Building perfect software is hard, and testing it for faults is complicated. “I think there isn’t anything that makes finding defects in aircraft software uniquely difficult. Rather, finding subtle defects via testing is difficult in all software,” says Philip Koopman, a professor of electrical engineering at Carnegie Mellon University and the CTO of the startup Edge Case Research, which tests safety-critical software for defects.
More>>