> Taken to the extreme you end up with something like "network connected physical machines aren't a security boundary" which is just silly.

1. This is why some places with secret enough info keep things airgapped.

2. OTOH, from what I recall hearing the machines successfully targeted by Stuxnet were airgapped.

Yeah, you have to move it off-planet to achieve an actual security boundary.

In our threat model the upper bound on the useful lifetime of the system is limited by the light-distance time from the nearest adversary.

Ah yes, the "maximally aggressive grey goo" threat model.

No software is perfect but there is a massive difference betwen these two boundaries. If there is a escape in KVM its news worthy unlike in docker. I don't feel like pulling up cves but anybody following the space should know this.

There's an even bigger difference between using Docker and not using any sort of protection, it's always going to be a security vs convenience tradeoff. Telling people who want to improve their security posture (currently non-existent) that "Docker is not a security boundary" isn't very pragmatic.

What percentage of malware is programmed to exploit Docker CVEs vs. just scanning $HOME for something juicy? Swiss cheese model comes to mind.

It is better the same way a rope is better than no seat belt at all. Recommending Docker as a sandbox gives a false sense of security.