[hershel]

The idea behind qubes is to use the security properties of virtualization layers to enable a secure , easy to use system. Given that virtualization layers are relatively small ,code wise ,that's a good place to start.

Given that amazon uses xen in the EC2 platform(as many others), we're not only talking only about "worldwide collection of software engineers " but also of some serious commercial interests in it's security.

And XEN might not be the end point of that approach. There has been some research on formally verified hypervisors.While it's not 100% foolproof since you still have to depend on hardware security, which is a unknown(does intel cooperate with NSA?), that could give great assurances for system security.

[progman]

> does intel cooperate with NSA?

Intel and NSA are not the problem. The real problem are hackers who want to steal our bank accounts, or the commercial providers who want to have all our private data to sell it secretely. For such daily problems I consider Qubes a very good protection. It's very nice to be able to do banking or web browsing in isolated VMs. It's also nice to have insecure OS like Windows run almost securely in a VM.

[throwaway2048]

xen is over 100k lines of code, not counting the kind of interfaces software exposes using its APIs, and stuff like drivers.

its not small

[hershel]

You don't need to review all that code. From the qubes architecture document:

"it is possible to move all the drivers and driver backends out of Dom0. The same is true for moving the IO Device Emulator (ioemu) out of Dom0."