Another problem of Architecture I is that its damage
containment may not be effective. Architecture I contains
the damage by disallowing transactions to read the set of
data objects that are identified (by the Damage Assessor) as
corrupted. This one-phase damage containment approach
has a serious drawback, that is, it cannot prevent the
damage caused on the objects that are corrupted but not yet
located from spreading. Assessing the damage caused by a
malicious transaction B can take a substantial amount of
time, especially when there are a lot of transactions
executed during the detection latency of B. During the
assessment latency, the damage caused during the detection
latency can spread too many other objects before being
contained.