@Suiseiseki @sally A virtual machine is supposed to be the last step of a defense in depth that starts at auditable source-code (this pretty much requires Free Software to be tractable) in a memory-safe language (or failing that the code being formally-verified) running with only as few privileges as it needs to do the job.

Hardware vulnerabilities can skip around the /entirety/ of that defense besides the auditable source-code.

So they deem some proprietary malware running with arbitrary privilege and directly able to attack either the hypervisor or the hardware to be acceptable.