Comment by fsflover
1 day ago
Every piece of software definitely has serious vulnerabilities, perfection is not achievable. Fortunately we have another approach to security: security through compartmentalization. See: https://qubes-os.org
1 day ago
Every piece of software definitely has serious vulnerabilities, perfection is not achievable. Fortunately we have another approach to security: security through compartmentalization. See: https://qubes-os.org
Once you get the compartmentalization working well, and “all” of the vulnerabilities are out of it too, of course…
But even then you’ll have users putting things in the same compartment for convenience, rather than leaving them properly sequestered.
> and “all” of the vulnerabilities are out of it too
This is a good point; however the isolating code should be much smaller and easier to verify.