Comments by "KpCraftster" (@kpcraftster6580) on "Which Operating System has the Most Vulnerabilities?" video.

  1. The more eyes on the code, the more CVEs. So a great way to accumulate CVEs is to be open source and have a big userbase. Conversely, a great way to keep your CVEs low is to be closed source and/or have a small userbase. I find myself increasingly a proponent of OpenBSD. But unlike such unreliable people as Mental Outlaw or, even worse, that ignoramus Root BSD, it is not because of the low number of CVEs. In fact, are you familiar with Stein's 36c3 talk "A systematic evaluation of OpenBSD's mitigations" or his subsequent website "Is OpenBSD secure?" ? He (and others) argue that most of OpenBSD's so famous and praised mitigations do little or nothing to actually increase security. That they are mostly form over function - a marketing ploy, if you will. And, at least when it comes to priding themselves on a low number of CVEs, I have to agree with that conclusion.
    1
  2. But a big problem when it comes to linux security, is most users' unbelievable arrogance on the subject. Most linux users do nothing to harden their systems at all and leave everything at out-of-the-box defaults. According to DistroWatch polls - for what that's worth - 75% of users don't use any form of sandboxing; and only 4% use AppArmor/SELinux, 4% use containers and 6% use Firejail. Meanwhile, anyone who takes antivirus on linux seriously is pointed and laughed at.
    1