Hacker News new | ask | show | jobs
by fsflover 68 days ago
Every piece of software definitely has serious vulnerabilities, perfection is not achievable. Fortunately we have another approach to security: security through compartmentalization. See: https://qubes-os.org
1 comments
syndeo 68 days ago
Once you get the compartmentalization working well, and “all” of the vulnerabilities are out of it too, of course…

But even then you’ll have users putting things in the same compartment for convenience, rather than leaving them properly sequestered.

link
fsflover 67 days ago
> and “all” of the vulnerabilities are out of it too

This is a good point; however the isolating code should be much smaller and easier to verify.

link