You mean a VM like the one that contains a 0day that can escape the sandbox that gets found every year at pwn2own?
Presumably you’re also using a browser to view this web page. There have also been vulnerabilities in that. You have to draw a line somewhere.
I run mine as a separate unprivileged user. (No VM.) Am I pwned?
Maybe, but the sort of 0days you're talking about aren't exploited in any meaningful way for almost all developers.
"Seatbelts don't save the life of everyone who gets into an accident, so why bother wearing one?"
Presumably you’re also using a browser to view this web page. There have also been vulnerabilities in that. You have to draw a line somewhere.
I run mine as a separate unprivileged user. (No VM.) Am I pwned?
Maybe, but the sort of 0days you're talking about aren't exploited in any meaningful way for almost all developers.
"Seatbelts don't save the life of everyone who gets into an accident, so why bother wearing one?"