Most articles I've seen are focussed mostly or entirely on what this could mean for Mac OS X on the Mac platform, but I'm intrigued by the parallels with the iPhone/iPod version.
Currently, each app on the iPhone platform runs only with access to its own limited filesystem area with no access to other apps' data. This makes it difficult for apps to work together, but it dramatically reduces the potential impact of some kind of malware. The malware would be restricted to its own area, which does not allow too much mischief.
This is similar though nowhere near as sophisticated as Ivan Krstic's Bitfrost for OLPC. Under this system, each app is virtualized into a sandbox that only allows interactions that are explicitly allowed by the OS. This prevents an app from accessing hardware, software, or data that has not been explicitly allowed thus preventing any malware misbehavior.
While Mac OS X has always been in a much better position than Windows XP (based on smaller market share and underlying design), this hire signals an effort on Apple's part to really take security seriously. This addition could mean great things with the foundation they already have in place. Just as the geek-set have started to point out some of the glaring chinks in OS X's armor, Apple is moving to fix the problems.
Combining Bitfost-type functionality with the existing application signing infrastructure and Mach kernel features could allow Apple to extend and secure their security lead. And as Apple grows their market share in both computers and handhelds, this will continue to become more important. I'm looking forward to see how they implement a slick UI and make this easy yet still safe for users.
Links:
