It is not all Boeing software
For those unfamiliar with commercial aircraft avionics, here is how it works.
Boeing has a new* aircraft and it has been decided it needs electronic flight control system hardware and software so they issue a RFP (request for proposal) pack.
Various vendors of this type of avionics bid for the job**
Boeing awards the lowest bidder the job***
The vendor is supplied with control laws that are to be implemented (amongst a great deal of other information such as communication interfaces and protocols). This is where the first push back should have occurred. There should be no way any flight controls vendor would look at the single sensor for a system that can vary the control surfaces and not say 'Are you nuts?' I hope the vendor has something in writing from Boeing on this subject or they may well get dragged into the inevitable sueballs. A safety analysis is supposed to be done that would have thrown up a common mode failure big red flag; that is the next issue that should have been dealt with.
The vendor implements the control laws which are rigorously tested****
The kit, after a lot of integration rig testing is installed in an aircraft and eventually flown by a test pilot who is supposed to test the entire flight envelope. There are usually numerous test flights where sensors are supposed to be deliberately disabled or errors injected.
The system then moves to platform certification.
A lot of things apparently went wrong in this process that really should not have occurred, so whatever else comes out of this a major process fix will be in order.
*Boeing claimed this was not a new aircraft, but simply a derivative. Adding an extra AoA sensor would not let them claim this. Based on the aerodynamics of the aircraft, it is a far cry from the original 737 apparently but no-one challenged Boeing effectively on this, or so it would seem.
**In commercial avionics, the development cost of the kit has to be amortised across sales; there is usually no NRE payment (although there are some cost sharing arrangements for technology insertions and upgrades under some circumstances). For this reason, there has to be an expectation of several thousand sets of kit for a vendor to bid a reasonable price. As soon as a piece of kit is level A (safety critical, failure can cause death) there is at least 5000 hours of paperwork involved. It is not much less for level B (which is what Boeing classified the system as which may be the get out of jail card for the vendor).
***Generally, although vendor reputation is supposed to be a key part of the decision
****Usually on an integration rig at the aircraft manufacturer after being tested at the vendor to show the control laws are met. There are strict standards for software and firmware (DO-178B/C and DO-254) that are supposed to be met.