Any time these come up i don't find a comprehensive analysis on security. The best, supposedly most secure libraries in the world get significant vulnerabilities.
This is not make any software magically secure. It‘s only purpose is to _sandbox_ a library to prevent it doing anything malicious. As wasm cant do any more than computing you simply contain the library, it cant anymore open any files, make network calls, etc.
> As wasm cant do any more than computing you simply contain the library, it cant anymore open any files, make network calls, etc.
That presumes the WASM implementation is bug free, which is not a great presumption, especially for the more sophisticated implementations with JIT engines, and even more so for those adding multi-threading, GC, etc.
You can probably use wasm to build a very comprehensive secure sandbox but right now it's actually somewhat of a regression when you care about making an application secure. Your OS is safe, at least, as long as you don't let the app make any syscalls.
