The other problem from what I can see was a lot of frog-boiling. MCAS was actually originally designed for a slightly different aerodynamic situation, but in flight testing, they discovered a different and more serious instability.
The engineers determined that they could use the MCAS to fix this problem too, but the amount of control input had to be about 4x as much for this situation (2.5 degrees vs. 0.6 degrees of stabilizer movement). They also made it so MCAS could activate multiple times. The original safety analysis was based on the 0.6 degrees for one shot, which wouldn't have put the plane in a situation where the pilots couldn't overpower it, like what happened in the two crashes, so the system was put in a lower safety category that didn't require the same redundancy. Dominic Gates wrote about this in [1]
Given that the plane was already built and in flight test, the production lines were ready to start, and there were massive contract penalties for either late delivery, or additional pilot training, the pressure to hack something in and ship must have been enormous.
The only place to make a change and still hit the deadline was in the software, and unfortunately even the software was limited by Boeing's redundancy strategy of having two completely independent sets of flight computers and sensors. Having one computer look at sensors from both the left and right sides compromises the concept of having them be completely independent, and so it wasn't done, even though ultimately that was what was used as the fix.
The engineers determined that they could use the MCAS to fix this problem too, but the amount of control input had to be about 4x as much for this situation (2.5 degrees vs. 0.6 degrees of stabilizer movement). They also made it so MCAS could activate multiple times. The original safety analysis was based on the 0.6 degrees for one shot, which wouldn't have put the plane in a situation where the pilots couldn't overpower it, like what happened in the two crashes, so the system was put in a lower safety category that didn't require the same redundancy. Dominic Gates wrote about this in [1]
Given that the plane was already built and in flight test, the production lines were ready to start, and there were massive contract penalties for either late delivery, or additional pilot training, the pressure to hack something in and ship must have been enormous.
The only place to make a change and still hit the deadline was in the software, and unfortunately even the software was limited by Boeing's redundancy strategy of having two completely independent sets of flight computers and sensors. Having one computer look at sensors from both the left and right sides compromises the concept of having them be completely independent, and so it wasn't done, even though ultimately that was what was used as the fix.
[1] https://www.seattletimes.com/business/boeing-aerospace/faile...