Your original point seemed to be that FreeBSD is more secure than Linux. I'd say you haven't made your point.
He doesn't really need to.
I contend that if you are making an argument then it's up to you to support it. Clearly, he doesn't need to convince you. That's well and good but it still leaves the point as conjecture.
In the CS community, it's well known that BSD is more stable, secure, and the best OS for critical infrastructure, while Linux is more friendly, flexible, and better for hobbyists or businesses that can save money (by hiring cheaper Linux fanboi rather than expensive real computer scientists).
I always find it interesting that people want to refer to the outcome of applying a complex and nuanced term like "security" to some product as being "well known". Speaking as a member of the aforementioned "CS community" (a la Dijkstra :-) )
Referring to a commonly known fact, such as the security of BSD vs Linux, is not an argument.
If it were a fact, then you would be able to point to some clear and objective evidence of that right? (Keep in mind that because you are referring to 'security' as some kind of blanket term you'd be responsible for providing that kind of evidence for the majority of aspects of the term and of course how exactly you know that your set of aspects is the majority).
Even if there happens to be a gainsaying fanboi present to dispute the widely recognized consensus reality.
Nice labeling there mac. This isn't gainsaying. I, simply as a IT security professional and the holder of a degree in computer science, have seen no set of well-defined, broadly scoped evidence that BSD is superior in "security" to Linux. Nor in my conversation with other security professionals or members of the CS community (like my alumni, Usenix attendees) see any clear consensus as to the superiority of BSD. I have, certainly met people who make that claim but they always seem to fall down when trying to come up with a general definition of security or if they do they fall down in substantiating it with regard to their favored OS/Platform/Giant Spider. Ergo it seems reasonable to me to call such a term "complex" furthermore given that even the most secure systems from a theoretical point of view can be entirely undone in implementation (such as EMF side-channel attacks on QKDS) it seems again reasonable to me to call such a system "nuanced". Given these two facts (using the term correctly here). I think it is entirely justified to be mistrustful of any and all who consider "security' as an open and shut case for product (or platform or giant spider) X over product (you get the idea) Y.
Please re-read my use of the phrase "well-known" in its proper context of me speaking about the real CS community. And by "real" I mean EECS engineers and computer scientists, not cloud-happy corporate consultants and l33t Geek Squad linux fanboi.
What do you want from me here guy? The two sentences above tell me to look at your use of the term "well-known" as:
your opinion of the opinions of two very large groups of which your sample size is probably so small and poorly randomized it's useless. Not to mention that even if the majority of those two groups held the opinion you claim
it still isn't necessarily meaningful Computer Science and EECS people do not always have a background in computer security. Making their opinion anywhere from questionable to useless. Given the size of the groups and the variance in the population's skill set you could easily be getting the opinion of the least qualified people. I mean would you really rank the opinion of someone's who's focus was in Combinatorics or AI or Queuing Theory as equal or greater than Bruce Schneier or (going old school) D. J. Bernstien when it comes to an application or operating systems "security". If you don't then how many Combinatoricists, AI researchers or Queuing Theorists make one Bruce or Dan?
Not to mention it's not hard to find high-profile people in computer security who disagree on "well-known" concepts.