Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house.  The development team is evaluating the software runtime environment of the client with security concerns as the first priority. Considering the confinement and bound issues, which of the following is the most secure or restrictive environment?
A. Application Runtime Framework (e.g. JVM or .NET)
B. Modern Web Browser
C. Bare metal hypervisor (Type I)
D. Hosted hypervisor (Type II)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Modern Web Browser.

The web browser is the runtime environment for JavaScript. It is the most restrictive software runtime environment as no disk I/O is allowed and many low-level operations are banned.

• The bounds of a process consist of limits set on the memory addresses and resources it can access.
• process confinement allows a process to read from and write to only certain memory locations and resources. This is also known as sandboxing.
• When a process is confined through enforcing access bounds, that process runs in isolation.

Stewart, James M.; Chapple, Mike; Gibson, Darril. CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide. Wiley.