I have no issues with it really, its a really cool system and she is a smart security researcher. Qubes focuses on isolation, one of the three main strategies used by security professionals. The other strategies are correctness and randomization. Many people prefer defense in depth and like to layer the techniques as much as possible. I talk with some very very good hackers, and it is a bit surprising how much their opinions differ. Some are huge fans of using virtual machines for isolation, others think that it isn't going to stop a determined attacker (after all hackers are apparently penetrating through 8 layers of isolation in some cases). People who are big on correctness tend to use two main strategies, intensive code audits by experts looking for bugs (OpenBSD) and mathematical proofs of correctness (formal verification, like the sel4 micro kernel). The first technique allows for larger code bases to be audited, and is quite good at removing potential security vulnerabilities before they are exploited (and all together after a while). Formal verification apparently allows for a mathematic proof of correctness, but is extremely time consuming to do even for experts, and this has so far limited the ability to verify much more than micro kernels. In either case, only the audited or formally verified components can be expected to have a very high or perfect degree of correctness, and in most cases users are adding applications that have not been held to such high standards. There have not been extremely large code bases with such intensive auditing and very very little has been formally verified. Randomization attempts to protect from attacks like buffer overflows even if there are vulnerabilities in code, unlike isolation it attempts to prevent an attacker from gaining any access to the system (isolation attempts to contain malicious access). Most operating systems come with a variety of tools for getting security in a few different ways, but some are better for other types. For example OpenBSD has very highly audited code in its base install, and default full address space layout randomization, but it doesn't have much support at all for virtualization solutions and it has no mandatory access control system. The OpenBSD devs are security experts who seem to think pretty lowly of most types of isolation, although they do have two tools for isolation with OpenBSD, systrace and a hardened chroot. Likewise, Qubes has a minimized code base and probably a significant degree of correctness but they really focus more on the security benefits of isolation than on having intensive code audits. I am not sure if Qubes supports ASLR or mandatory access control systems, I will need to look into it more. Anyway I think Qubes is great but it really is better as a framework to build something else on top of , or to copy the concepts from. I would prefer to configure things with multiple layers of isolation used.