They have chaos monkey like systems all over the place when designing and building commercial aircraft.
They perform tons of analyses like FMEA on their processes, their designs, then they have tons of SimIL/SIL/HIL testing partially derived from those analyses to verify their safety case, and at almost every layer of the development lifecycle they do tons of fault-injection oriented verification.
The MCAS system went through an amount of rigor that dwarfs anything applied to typical software or IT infrastructure, but the issue persisted due to fundamental underestimation of risk associated with this kind of failure and a confusingly terrible design & implementation from a functional-safety and human factors perspective.
They perform tons of analyses like FMEA on their processes, their designs, then they have tons of SimIL/SIL/HIL testing partially derived from those analyses to verify their safety case, and at almost every layer of the development lifecycle they do tons of fault-injection oriented verification.
The MCAS system went through an amount of rigor that dwarfs anything applied to typical software or IT infrastructure, but the issue persisted due to fundamental underestimation of risk associated with this kind of failure and a confusingly terrible design & implementation from a functional-safety and human factors perspective.