blast radius
also: impact radius, failure domain
The scope and severity of damage or impact caused by a single failure, misconfiguration, or security breach in a system. A larger blast radius means the failure affects more users, services, or systems.
In Linux and infrastructure contexts, blast radius refers to how far-reaching the consequences of a single problem can be. A misconfigured firewall rule, a compromised account, or a failed service can have impacts ranging from a single user to an entire data center depending on the blast radius.
For example, if you accidentally delete files in /tmp, the blast radius is small—only temporary files are lost. But if you accidentally run rm -rf / as root, the blast radius is catastrophic—the entire system is destroyed. Similarly, if a web server process runs as root and is compromised, an attacker gains root access to the entire machine; if it runs as an unprivileged user, the blast radius is limited to that service.
Good system design minimizes blast radius through techniques like privilege separation, containerization, redundancy, and monitoring. Running services with minimal required permissions, isolating critical systems, and using rollback mechanisms all reduce potential damage from unexpected failures.