hello dev,


The computations are sandboxed in an isolated virtual machine and executed with the minimal required privileges.
Crackers can defeat sandboxes though, so Golem's Application Registry will have a class of users called Validators. They review and certify apps as safe and trustworthy by adding them to their own whitelists (or adding them to blacklists if they're definitely unsafe).

Providers can choose to only run apps that are on a given whitelist or, if they're willing to take more risk, only refuse apps that are on a given blacklist.