OpenBSD appears to be more heavily audited though. Maybe it's just appearance. You may have seen in the Debian Weekly News that I'm working on a rough audit project and in such I would like to say that security must include a heavy code audit.
i think 'appears' is a great word here. from what i've seen over the years all of netbsd, freebsd and openbsd have done 'code audits'. infact, largely they've spread to all.. you may notice that there are far fewer set-id programs in *bsd than ever before... i know that i personally read pretty much all the netbsd libraries, set-id programs, and network daemons, back in 1996 and while i found and fixed a few holes, i missed a lot too. code audit doesn't mean that he bug was found... espcially after you've been reading 100 new peices of code .... .mrg.
