I’m always looking insights into the user vs kernel space debate.
In a world in which high-performance code continues to be written in a fancy assembler, a.k.a. C, with no memory safety and plenty of other risks, the only recourse is to stick to software engineering basics. Reduce the amount of code in harm’s way (also known as the attack surface), keep coupling between subsystems efficient and explicit, and work to provide better tools for the job, such as static code checkers and large suites of runtime tests.
Or, you know, just take all that carefully crafted kernel code, chuck it into user space, and hope for the best. Because, as we all know, hope is definitely a programming best practice.
My experience of vendor “black box appliances” suggest that “hoping for the best” is the current best practice.
Popping Kernels – ACM Queue : https://queue.acm.org/detail.cfm?id=3180444