Not true. A good security model is added.

It remains to be tested on the wild.

Lets see when the first examples pop up on Project Zero or CCC.

It reuses the existing Javascript security model, which has been tested pretty extensively in the wild.

Really? Yeah, it's been tested extensively, but it's security has also been found to be quite lacking. I'm legitimately surprised someone can say this with a straight face.

>the javascript security model

:Ddd

So you’re saying they have mitigated every cross-origin-based exploit? I bet they really mean it this time.

Nobody's claiming it's flawless. I'm just objecting to the claim that it's untested.

Should I list all of the CVEs related to exploits on JavaScript VMs?

Just today there were a few on another HN thread.

It happens, yes. But we're not building WAsm on a greenfield.

> I can easily imagine that Adobe R&D already has a working WebAssembly prototype for Flash.

Actually Haxe and Openfl will probably beat them to the punch since Adobe has pretty much killed flash by 2020.

Adobe has around 4 guys working on the whole Flash codebase.

>other than a format that makes all browser vendors happy

No small feat!

Sure it is. Find a way to lock down all user access and demand that Google and Microsoft get paid or your data gets it. Mozilla will do whatever Google says. Apple doesn't care as much, a new core tech means a new generation of iPhone/iPad/iPod/iHateThisNamingConvention, which means more money for them.