Comment by syndeo

1 day ago

Once you get the compartmentalization working well, and “all” of the vulnerabilities are out of it too, of course…

But even then you’ll have users putting things in the same compartment for convenience, rather than leaving them properly sequestered.

1 comment

syndeo

Reply
fsflover  16 hours ago

> and “all” of the vulnerabilities are out of it too

This is a good point; however the isolating code should be much smaller and easier to verify.