Should we add broken multi-tenancy and side-channel vulnerabilites to Other Risks?

[MarcinHoppe]

Serverless environments are inherently multi-tenant environments. If the multi-tenant isolation mechanisms were broken, this would be a very serious attack vector on serverless applications.

Similarly, side-channel attacks (such as Meltdown) pose a serious risk to secrets processed by serverless applications and the integrity of the processing logic itself.

[CarryWise]

Interesting how this attack always seems to be considered at the platform/service layer, and not at the application layer. Multi-tenant applications are becoming extremely prevalent, yet app-layer tenant isolation doesn't seem to have any clear patterns or solutions. Who cares if the cloud platform is secure if the application allows cross-tenant attacks?