Assuming that the reward doesn't drop (and it certainly hasn't -- that's gone up every year as VMs have become more and more critical), the collective knowledge keeps growing and thus this will always trend towards more attacks, not fewer.
Definitely designed and assured to be shattered. I'd like to see what results they get on mCertiKOS or Muen.
So, it's not just VMWare specifically.
Secondly, it is interesting to see that all (except one) security teams, that won the contest, were Chinese teams. I am surprised at the absence of US/Russian/EU hackers. Perhaps they are selling their exploits at much larger premium in black market, to NSA et all.
It's really not. The browser does have some new innovations... But it isn't something new from the ground up.
EdgeHTML is a fork of Trident. They dropped legacy code, and fixed a ton of things... But still a fork. In fact, EdgeHTML was available as an experimental feature in IE11.
Edge is nowhere near a brand new browser. But it does look like they're on the way to get IE right under the new name. (Though security still needs some more work, apparently.)
Here's recent work on securing networked apps:
They're capable of making most of a browser immune to attacks likely to hit it. They can also make a strong system for containment. These simply weren't present in Edge to degree MS Research had designed. There's something blocking the transfer of those quite-practical tech that MS Research has been building.
Or they could give up to do a better architecture instead for damage containment with interface checks on potentially-malicious input:
Such architectures have been commercially deployed in embedded, mobile, and desktops for quite a while. Earliest one I remember still supported was about 2005 for x86 desktops. All by companies or CompSci groups much smaller than VMware in labor and budget simply applying methods that worked in the past in high-assurance security. Cutting assurance down where complexity or budget demanded but only where it was necessary. These big, mainstream companies cut it way down for reasons of profit maximization of existing market share. Then they end up at Pwn2Own or their customers on breach lists.