Level 15
I just took notice of Announcing WSL 2 | Windows Command Line Tools For Developers

Soon the Linux subsystem will run on a proper Linux kernel, not on a syscall translation layer. This can have big security implications, both good and bad but I'd rather focus on a very good one, we'll be able to run snap apps on Windows.

This is pretty big, eg no more injections, we will be able to complement UWP apps with Snap apps ( when there's no UWP app ).
We will also be able to use ready-made hardened AppArmor Profiles and Firejail as well (on non-snap apps), so there will be little need for any Sandboxing software.