I direct these notes to someone who is computer savvy but not already wrapped up in the capabilities world. We have largely failed to convince computer industry decision makers that capabilities are a necessary part of providing computer security. At best we have been a noisy minority proclaiming “We can do it.” without much to make people take us seriously. Recent achievements of seL4 has recently have startled a segment of customers with their admirable platform. Some of those customers have heard “capability” in that context.
Here is my elevator pitch which does not start by answering the question “What is a capability?”.
What can go wrong?
This pitch completely ignores the original motivation for capabilities from my perspectives which was the arrangements of authority to enable new secure interactions.