I find myself quite often in the following situation.
Colleague: “Elixir/Erlang is problematic because we cannot secure the VM (i.e. Beam). It is vulnerable to code injection because anybody that gets to the system can start a remote shell and change running code without anybody noticing it. On the JVM in contrast this is not possible.”
To some extend this argument is correct. The JVM (and most other runtime systems) don’t offer the debug or cluster capabilities BEAM offers which make debugging a lot harder but also works in favor of securing the system (completely neglecting the code that is actually running withing the VM).
My question is: What are good arguments in favor of the security of BEAM and what are best practices to secure a running system (both in cluster mode and as a single isolated VM) as much as possible?