[debarshri]

This is a genuine concern. But this sounds a bit independent of the execution environment. It could either be containers or VMs.

[tptacek]

On a local machine, yeah, I think it's pretty situational. VMs are safer, but in risk management terms the win is sometimes not that significant.

In a multitenant cloud environment, of course, totally different story.

[DeborahEmeni_]

I’ve been experimenting with this recently. Running services inside microVMs instead of plain containers makes the threat model easier to reason about, especially for multi-tenant or untrusted workloads. I’ve been trying it out on Northflank and the trade-offs become pretty obvious.