When you're running malicious code on your server, it's way, way different. And in fact, supply chain attacks are a great example of this.

I think seL4 is interesting, but nobody actually runs production servers on this research project.

>on this research project.

seL4 is much more than a research project today, with a well-established seL4 foundation that has a lot of high-profile commercial members[0].

It is already used in the most critical applications that require levels of assurance only seL4 can provide.

0. https://sel4.systems/Foundation/Membership/

> It is already used in the most critical applications that require levels of assurance only seL4 can provide.

This sounds to me like embedded controĺ systems (airplanes, life support, etc.), not production servers for everyday internet services.

seL4 isn't exactly an everyday pull from a security toolkit though? It's like an entire paradigm. You build a business around the fact that you use seL4, you don't pull it off the shelf for an internet server.

In order to make a pie from scratch you must first create the universe. That's seL4.

>In order to make a pie from scratch you must first create the universe. That's seL4.

While somewhat true still, much progress has been made and the situation isn't the same as five years ago.

Furthermore, there's multiple ongoing efforts to bring seL4 closer to turn-key, such as Makatea[0], Genode[1] and sel4cp[2].

0. https://trustworthy.systems/projects/TS/makatea

1. https://www.genode.org/

2. https://trustworthy.systems/projects/TS/sel4cp/

I wasn't aware of these projects, thanks