“Companies have to assume they’ve already been compromised, then figure out how to limit the blast radius.” This model is perhaps most familiar to readers in Apple’s “sandboxing” of apps on the iPhone. Apple designed its system so that each app does not have access to other applications or data without an iPhone user’s express permission. While attackers can still find critical bugs and “sandbox escapes,” Apple has significantly raised the ante, driving up hackers’ time and costs.
