I wonder if the security reputation of OpenBSD is only based on the fact
that they ship the system in a secure by default mode, or if the OpenBSD
kernel itself is more secure than the FreeBSD kernel.
Theoretically, I can take a win2k box and lock it down to the point of
being 'secure'. I know people who have done just that, and have maintained
a high profile and incident-free (so far as anyone knows)
existence. However, beyond out-of-the-box security, the (already
mentioned) approach and philosophy of the OpenBSD development group is why
I'm using OpenBSD wherever possible. People who devote time and resources
into proactively doing it right are far less likely to produce the flawed
tools so prevalent in our industry (not to mention stability/performance/etc)
Plus, I'd rather bust my butt through my own actions than simply by
installing an OS.
Yes, OS' are a tool, and you should pick the right one for the job. But
sometimes two wrenches can be manufactured in fundamentally different
ways. Given that situation, I'm opting for the one whose designer made a
conscious effort to produce it w/o defects.