Author of the paper here. Thanks. As for Jails and Illumos, I would be willing to bet it's people not looking, but I haven't looked, so I can't really say. I agree it's kind of a mess, but it's getting better!
You would lose that bet so fast your head would be both spinning and smoking: zones have been hardened and worked on for enterprises since 2006, and in ten years have had three known vulnerabilities, the last two having already been fixed in illumos (and not exploitable without being able to be explicitly run by a user inside of a hypervisor).
As Bryan Catrill has said in one of his talks:
"we walked the trail if tears since our customers were very large companies; if they had a problem, we had a problem!"
The illumos and smartos mailing lists are hyperactive, with bugs being fixed, and new functionality added, which even Oracle Solaris doesn't have -- just subscribe to those two mailing lists and see for yourself. I warn you in advance: be prepared to be buried under the vortex of e-mails.
Invoking the Trail of Tears to describe development hardship is, I think, inappropriate. Wish that guy would be a bit more cautious with his metaphors.
Given that you have affixed your name and have now heard of Jails and of Illumos (and SmartOS), you may want to consider amending your paper to state as such.
Also, Illumos was forked off Solaris, and I'm sure that you know of Solaris' security.
Looking forward to your amendment and revised paper.
As Bryan Catrill has said in one of his talks:
"we walked the trail if tears since our customers were very large companies; if they had a problem, we had a problem!"
The illumos and smartos mailing lists are hyperactive, with bugs being fixed, and new functionality added, which even Oracle Solaris doesn't have -- just subscribe to those two mailing lists and see for yourself. I warn you in advance: be prepared to be buried under the vortex of e-mails.