FreeBSD security design flaws

[T-Aoki]

And there's HardenedBSD, which (as far as I know and if I understand correctly) configures security features FreeBSD has activated as much as possible (minus anything depending on running hardware having specific feature or not that cannot make as defaults on releases) and adding some additional tools.

It's still (almost) FreeBSD (rebasing their repo with FreeBSD), but released as different downstream release as it should break backward compatibilities with previous releases of FreeBSD. And breaking backward compatibilities disallows FreeBSD project to switch to HardenedBSD's defaults.

 

[Beastie7]

I'm not fond how of HardenedBSD has splintered the community and potential resources for FreeBSD. They could've simply relegated to being a security patchkit for vanilla FreeBSD. (ie. grsecurity, Hardened Gentoo) With pkgbase, I see less reason for it.