> Lambda uses containers vs. cloudflare workers use v8 isolates. v8 Isolates are much much faster and more secure for serverless functions.

You're right that v8 Isolates are blazing fast, but Lambda runs functions in a microvm spawn by Firecracker [0], which is likely to be more, not less, secure than Isolates [1].

[0] https://github.com/firecracker-microvm/firecracker/

[1] https://fly.io/blog/sandboxing-and-workload-isolation/

> Firecracker [0], likely to be more, not less, secure than Isolates [1]

This is debatable. It's true that V8 is a much larger attack surface than Firecracker, therefore likely to have more security bugs than Firecracker itself. However, Firecracker runs attacker-provided native code directly on hardware, which means that hardware itself becomes an attack surface, one that is quite wide, not fully documented, and very hard to patch if problems arise. It's much easier to work around hardware bugs when you're working from JS / Wasm and can control the code generation.

Ultimately I don't think you can really say one or the other model is more or less secure.

(Disclosure: I'm the tech lead for Cloudflare Workers so I am obviously biased here.)

Thanks Kenton.

> Firecracker runs attacker-provided native code directly on hardware, which means that hardware itself becomes an attack surface, one that is quite wide, not fully documented, and very hard to patch if problems arise. It's much easier to work around hardware bugs...

I see your point. I mean, Google wouldn't put as much effort as they are on gVisor if KVMs were the best possible answer.

To be fair, gVisor also runs native code directly on hardware. Any modern VM-based system is still depending on the CPU to enforce boundaries. A big CPU bug could ruin that at any time. (Spectre has been pretty bad, but not quite a showstopper...)