So because 95% of worldwide software developers write PHP web servers full of security holes, it is not possible for a different group of developer to create a secure interface? None of these web developers ever cared one bit about the security of their app. You can't compare that with someone intending to develop a secure interface. Security doesn't happen by mistake.
The value proposition of Xen is that it's a well-defined interface. The host OS kernel takes care of hardware initialization, and Xen becomes an interface on top of this kernel, through which untrusted client applications access hardware resources. So the innovation of Xen is not that it's supposedly bug-free. It's that it separates concerns: not mixing together hardware initialization (Linux) and resource access/isolation for user space code. That alone leaves less room for bugs.
The value of Linux is its drivers, not the actual kernel. So let's use Linux for its drivers, rather than as a standard library. The only reason people use, for example, the Linux CPU scheduler, is that it's inextricably tied to the Linux drivers, because no interface exists (all code runs in one huge blob). This is what Xen wants to fix. If the Linux folks concentrated on creating secure driver interfaces, rather than implementing CPU schedulers and memory managers themselves, it would mean that all the other developers of the world could write CPU schedulers, rather than only the select few people who think they know the Linux code base (who still end up producing bugs). An interface is worth so much more than just an implementation of one, because it not only makes access easy for the client, but also makes the creation of new server implementations easy (by having a well-defined protocol/interface to which they must conform).
From my point of view it's like saying if you sell virtualization as a way to isolate different OSes + applications for security reasons (compared to cost savings and all associated from using this kind of technology), clearly you better think twice about that.
And really, it's pretty much always a selling point when you talk to a marketing rep or your PHB or her/his PHBs.
My hypothesis is that we do not fully understand what "security" means yet in this reality, which would imply that security does happen by accident. We (software developers of all skills) go around talking about security in terms of lines of code written by humans (with suffering), teams of humans (with competition) and companies (with objectives of profit) as if it is something obtainable with the right intent and tongue set just so in cheek.
It isn't, and until we realize we're running counter to that intent, we're just shooting in the dark.
The value proposition of Xen is that it's a well-defined interface. The host OS kernel takes care of hardware initialization, and Xen becomes an interface on top of this kernel, through which untrusted client applications access hardware resources. So the innovation of Xen is not that it's supposedly bug-free. It's that it separates concerns: not mixing together hardware initialization (Linux) and resource access/isolation for user space code. That alone leaves less room for bugs.
The value of Linux is its drivers, not the actual kernel. So let's use Linux for its drivers, rather than as a standard library. The only reason people use, for example, the Linux CPU scheduler, is that it's inextricably tied to the Linux drivers, because no interface exists (all code runs in one huge blob). This is what Xen wants to fix. If the Linux folks concentrated on creating secure driver interfaces, rather than implementing CPU schedulers and memory managers themselves, it would mean that all the other developers of the world could write CPU schedulers, rather than only the select few people who think they know the Linux code base (who still end up producing bugs). An interface is worth so much more than just an implementation of one, because it not only makes access easy for the client, but also makes the creation of new server implementations easy (by having a well-defined protocol/interface to which they must conform).