Anytime someone suggests that they have a "secure" piece of software without providing caveats relating to the inherent insecurity of every modern CPU and firmware stack based on closed-source proprietary blobs that the software will undoubtedly be running on it alerts to anyone with any meaningful understanding of the complexity of security that they are at best omitting crucially important information and at worst incompetent.
Sure, the size and complexity of the Linux Kernel is a problem, but the crumbling foundation needs to be addressed before problems with the first floor.
I don’t think the goal of the software is to be hardened from all attacks from every angle.
I think they are trying to prevent human error by compartmentalizing the system so they can work with sensitive data and avoid commingling it with public data.
Also, the vast majority of breaches are due to this human error.
Anything that attempts to mitigate that in one way or another is to be welcomed.
From browsing the docs[0], CLIP OS looks like an interesting project. However, I do question how much of it is.
One of the more interesting approaches using containerization in recent years is sandstorm.[0] It's unfortunate it wasn't a commercial success, because a lot of the ideas in there would go a long way to mitigating the majority of breaches that can occur at the userspace level.
In sandstorm, web apps are containerised in a really minimal environment. Each app only has access to files it operates on. There is no procfs or sysfs. All communication with the outside world takes place through a unix socket that is opened by the supervisor.[2]
Anytime someone suggests that they have a "secure" piece of software without providing caveats relating to the inherent insecurity of every modern CPU and firmware stack based on closed-source proprietary blobs that the software will undoubtedly be running on it alerts to anyone with any meaningful understanding of the complexity of security that they are at best omitting crucially important information and at worst incompetent.
Sure, the size and complexity of the Linux Kernel is a problem, but the crumbling foundation needs to be addressed before problems with the first floor.