[Deukhoofd]

The VM part of WASM is not per se the interesting part. The really interesting part is having a VM that is not able to access the system besides what it's being explicitly allowed to by the host. This is an extremely useful security tool.

[angelmm]

The component-model proposal makes this statement even more interesting. It will allow to set capabilities to the libraries that your Wasm module uses. For me, this is critical as in most language ecosystems, libraries gets the same permissions as the main application.

[kllrnohj]

Java tried that and it is an ongoing disaster that is itself the source of security bugs.

Library boundaries are not often so rigidly clear cut as to be a security boundary, ignoring also the performance & compatibility issues that come with such a thing.

[amelius]

Sounds like something you could build a phone OS on top of.