I agree. Especially FreeBSD as it kicks ass in terms of features and general stability. I think them pausing for a week out of every month or even a few days to audit plenty of critical code & do bugfixes wouldn't have set them behind much. Maybe incorporate more mitigation tech out of OpenBSD, grsecurity, etc while they're at it.
Matter of fact, I can prove it with an example [1] that predates OpenBSD's approach while succeeding in market at least while under good management (sighs). Used a combo of good design, OS features, and code quality to achieve reliability most still haven't beaten. Coding approach, which I'm focusing on here, was to alternate between developing features and fixing bugs with tests (esp regression) run on weekends while developers were off. One week build stuff, tests on weekend, one week fixing by priority, rinse, repeat. That simple. OpenBSD took it further with security focus and systematic audits but this basic method produced robust and marketable code. So, what's other commercial players' excuse? ;)
