Xen is worse than Linux in terms of quality, and therefore security. That Linux is much bigger doesn't make Xen any better.
What de Raadt means to say is, generally speaking, you can't build security on top of bad code. No amount of patching, sandboxing, or whatever will help. Security comes from quality and Xen (like Linux) is very lacking in quality.
What de Raadt means to say is, generally speaking, you can't build security on top of bad code. No amount of patching, sandboxing, or whatever will help. Security comes from quality and Xen (like Linux) is very lacking in quality.