Comment by lucasluitjes
3 hours ago
Agree with all of that, especially modern supply chain risk (imho the more important reason to opt for VM isolation rather than containerization). But the original article specifically talks Vagrant as an isolation solution, and describes it as not protecting against VM escape, but also that guest-to-host 0day is rare.
Hence pointing out that VM escape is a lot easier than that if your VM management tool syncs folders the way that Vagrant does by default.
No comments yet
Contribute on Hacker News ↗