Low-level Container runtime

runc docker
kata open infra foundation
gvisor google
firecracker amazon
nabla ibm

Kata Containers is more secure than gVisor thanks to VM-based isolation.

Containers exposed directly to the web could be secured using Kata or gVisor.