The open source Berkeley Software Distribution (BSD) versions of UNIX suffer from a lack of eyeballs on their code, and that hurts their security, Ilja von Sprundel, director of penetration testing at IOActive, told an audience at 34c3 in Leipzig, Germany at the end of December.
Struck by the small number of reported BSD kernel vulnerabilities compared to Linux, von Sprundel sat down last summer and reviewed BSD source code in his spare time. “How come there are only a handful of BSD security kernel bugs advisories released every year?” he wanted to know. Is it because the BSDs are so much more secure? Or is it because no one is looking?
