Start with Five Immutable Laws of Virtualization Security. Follow through to the Burton Blog for details. (Pete Lindstrom, Spire Security)
Maybe read Virtualization and Security: The Full Story
Thoughts on auditing virtualized environments, separation of duties, and audit controls. Are your auditors going to declare all the vm's that share the same hardware cluster in scope for the audit of one of the vm's? Ours will. (Hoff, Rational Security)
Bits on PCI compliance (Hoff, Rational Security)
The operational issues surrounding virtualized servers, or - how are you going to manage the siloed operational domains of system management, network and security, when all of the above are in one box? (Hoff, Rational Security)
The performance issues that you should think about before dumping your virtualized network and security functions onto the same processors that serve up your application. Can we say context switches? I keep thinking about a spanning tree meltdown in a virtual switch. That would be amusing. Hint: There is no wire to pull. (Hoff, Rational Security)
An analysis of Patch frequency for VMWare ESX. Yep - you now have another platform to patch-manage, another patch repository, another patch management console, another set of patches to run through the patch test-QA-deploy cycle. (Ronald Oglesby and Dan Pianfetti @ GlassHouse Technologies)
A few bits on securing ESX. Really basic and obvious, but likely not followed by most vm system managers. Certainly not a substitute for separating vm's by security classification. (Amol Sarwate, SC Magazine)
A few basic rules you to match up your vm infrastructure to your security containers. Really important rules. (Rich Mogull, Securosis)
A summary of the four big issues surrounding virtualization. (Hoff, Rational Security)
And last, but not least, Theo's thoughts on virtualization.
"x86 virtualization is about basically placing another nearly full
kernel, full of new bugs, on top of a nasty x86 architecture which
barely has correct page protection. Then running your operating
system on the other side of this brand new pile of shit."