
Are the BSDs dying? Some security researchers think so (2018) - gilesgate
https://www.csoonline.com/article/3250653/is-the-bsd-os-dying-some-security-researchers-think-so.html
======
jillesvangurp
There's also this other BSD derivative out there called Mac OS:
[https://stackoverflow.com/questions/3446231/how-closely-
are-...](https://stackoverflow.com/questions/3446231/how-closely-are-mac-os-x-
and-bsd-related)

Depending on your point of view this is or isn't BSD. But either way it
undeniably includes a lot of BSD variants of tools (like grep, sed, etc.) and
BSD licensed code.

Other than that, I've not really encountered BSD in the wild, ever. I know
some companies still use it. It's just that I've never crossed paths with such
companies in my career over the last two plus decades. I've encountered some
companies sticking with Solaris for unclear reasons (pain in the ass to deal
with these days) but that's been a few years.

The "it's more secure" argument seems to come up a lot and indeed is a strong
value in the BSD community. However, you could legitimately wonder if this is
more a case of security through obscurity than a technical reality these days.
So few people use BSD these days that hacking it has got to be a pretty
specialist skill for a wannabe hacker and probably not worth investing a lot
of time in given the limited number of interesting targets. Not necessarily a
bad thing if you want to keep hackers out but not exactly a user growth
strategy either for any of the BSDs.

------
roryrjb
The impression I got, and it's only an impression based on various blog posts,
articles and mailing lists over the years, is that OpenBSD is the most secure
operating system even though it's mostly programmed in C (and that they're not
looking to replace that with Rust, et al) with mitigations like W^X and
pledge, etc; and the fact that their code base is the smallest. I mean I know
this is a wide and complicated area with different classes of bugs and
vulnerabilities, but still I thought it was generally accepted.

~~~
gilesgate
That would be my impression as well.

Linux does have a much wider user base, however, and that enables the
community to even stumble across problems more frequently, while a smaller
project like OpenBSD might have to orchestrate specifically-themed hackathons
and auditing sprints (as they have). But I would take "security by choice"
over "security as a byproduct" any day of the week.

Keeping in mind the breadth of resources that aspiring kernel hackers have
access to when introduced to Linux, contrasted to OpenBSD's relative scarcity,
it makes the latter quite the underdog success story.

(That is not to say that Linux or the larger of the BSDs is the product of
monkeys randomly typing on VT100s -- there is considerable and commendable
skill in these projects as well.)

------
lsofzz
Nope. They are alive, well and kicking arse on multiple fronts.

------
aquabeagle
(2018)

~~~
dang
Added. Thanks!

