Security isn’t virtual

When speaking with some people, it has been evident that they figured virtual servers were more secure than traditional physical servers.

This quote: “I don’t want to be reverse engineering our products to find exploits or figure out signatures, fundamentally, that means we have to partner. Fortunately, there is a bunch that are happy to partner and I encourage that.” by VMware founder and chief scientist Mendel Rosenblum certainly indicates that there are security concerns (found via: VMTN Blog).

My take on it is this: not only do virtual servers have the same set of security issues as a physical server, but because there are now ‘more components in the system’ there are also more ‘points of failure’, that is, there are now more things to consider in order to make things safe.

Update 21st Sept 2007 3:32pm: see this on latest VMware bugs.