Let’s start with security. It’s at the forefront of many minds these days, with supply chain issues, cryptojacking and data breaches being common news stories. WebAssembly brings some big guns to the security fight in a number of ways, starting with its security sandbox.
When WASM is executed, the code is not given access to anything, including the network, file system or anything else out of the box. This is known as a deny-by-default security model. For the code running inside the WASM sandbox to interact with the outside world, it must be explicitly granted access to host functions.
To combat the rise of supply-chain attacks, there are also efforts to make cryptographic signing of WebAssembly modules a standard part of the specification. The ability to sign a module with a trusted key and have that signature verified any time a system attempts to run that module will be a big win, and helps cement the “defense in depth” mindset when working with WebAssembly to build applications.
Language portability is the ability for modules written in one language, like Rust, to run inside a system written in another, like Go. Because WASM runtimes can be embedded within other software, they can be used to introduce specialized components that wouldn’t otherwise be possible in your team’s primary language.
This concept can also be applied to applications that are built by composing together multiple WASM modules written in different languages to form a single piece of software, such as with the Atmo framework, which our company, Suborbital maintains.
WebAssembly is not tied to any hardware architecture, so it can be executed on several different platforms without needing to re-compile. When a WASM module is executed, it is compiled to machine-native code either ahead-of-time (AOT) or just-in-time (JIT).
WASM runtimes such as Chrome’s V8, Wasmtime or Wasmer perform this compilation automatically. I can see this becoming useful in scenarios where your code gets moved automatically from a central cloud instance to an edge compute network when a spike in traffic causes a certain module to be pummeled by incoming requests.
WebAssembly is intended to execute code at native or near-native speeds.
❤️ Brainstash Inc.