[nickpsecurity]

It's perfectly reasonable to extrapolate his views against virtualization to a general case given these two lines:

"x86 virtualization is about basically placing another nearly full kernel, full of new bugs"

"You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes."

He clearly hates x86 more than most but his point applies in general. He's not the only one whose made it and there's truth in it. It's why high assurance virtualization... well.. applied high assurance to those parts haha. Also, why attempts at robust, resource virtualization typically pushed as much complexity out of the hypervisor as possible upward to the OS's that were on less privileged rings or capability-isolated depending on which system.

However, I said then he was wrong because the hypervisor and even VMM functions are less complex than a whole OS. The past examples showed they can be implemented very simply. We got further confirmation with the NOVA microhypervisor, OKL4 platform, separation VMM's (eg LynxSecure), and so on. People are still finding kernel flaws in the UNIX-like OS's due to architecture, language used, and intrinsic complexity. Many less problems in aforementioned software.