cross-posted from: https://piefed.world/c/uncommon/p/1089778/linux-is-actually-very-vulnerable-to-exploits-and-it-s-showing-with-high-value-vulnerabi
I hate when people keep repeating the myth that Linux is more secure than X OS without any understanding of how much Linux gets exploited.
On the other hand, FreeBSD rarely suffers from wide security issues.
Overall, I don’t think anyone should repeat the myth that Linux is secure.
And at least if they gonna recommend Linux, they better recommend a good distro with SeLinux, hardened kernel and hardened OS.
What does it mean to “make Linux secure”? What does secure mean to you (genuine question). I see people say they can make Linux secure but from what kinds of attacks. I think madaidan’s blog explains why you can’t as an individual fix an issue with the entire ecosystem, or fix the kernel of its inherent security flaws https://madaidans-insecurities.github.io/linux.html
I think “good security” in my personal opinion means that even if you try to run a malicious app, it either crashes out right or can’t do anything because it doesn’t have the permission to.
One thing that I think is very misunderstood is that messy or extremely large/dense code can be very hard to understand, even if you have the source code. Like systemd, it is several million lines of code and is very tangled together. Is it that much better than a blackbox if no one can audit the whole thing (unless you are a massive team)? I do think it is better to have source code and documentation, but vulnerabilities arise from unintended interactions in the code. The more code there is, the higher the chance of this happening.