So sys-usb to AppVM link should be red?
We didnāt discuss that in particular (but we did discuss the sys-net <-> sys-firewall. For that one even though the argument āVM-interconnects are trustedā, I think there is an associated risk of exposing that VM to a Bab USB, so Iād argue it should be red.
Another thing, I just noticed that bellow āAppVM 1ā there should be label āpersonalā (all other AppVMs have a label). But I donāt think itās to important to justify another change (at least from my part).
I agree - AppVM1 just stands for any AppVM, it could also be āworkā or even āuntrustedā - but then we would again get into the colour discussion. For me, itās just fine as it is!
1 Like