It occurs to me as I read CHERI white paper  that the technology is to help careless programmers write safe code. This is in turn to help thwart malicious senders of data from external sources. These sources are presumably crafted by malicious programmers who become aware of bugs in the first programs. The system spec  includes compartmentalization as a goal and this was hardly mentioned in the white paper.
White paper: The CHERI capability model: Revisiting RISC in an age of risk (meat) (my note)
Light Blue Touchpaper
Spec Intro: Capability Hardware Enhanced RISC Instructions: CHERI Instruction-set architecture,
Spec (my note)
Kwon: Low-Fat Pointers: Compact Encoding and Efficient Gate-Level Implementation of Fat Pointers for Spatial Safety and Capability-based Security,
my note on Talk