Re: Cyanogenmod: not tested, or no vulnerabilities?
Its based on Android, so it would have almost all the same bugs. Your contention fails the 'duh' test - there's no way in hell they found and fixed all but one of those hundreds of Android bugs before Google or security researchers found them!
The only way to make a secure mobile OS these days is to have it do almost nothing. Look at all the Android bugs around receiving MMS messages - the fix for that is to disallow MMS. The only fix for the various bugs everyone has where a web page with the right code can exploit the browser is to not support web surfing. Basically if you make your smartphone a feature phone that can't browse the web, can't run apps, can't do anything besides calls and SMS, you can probably make it bulletproof. You do everything a modern Android or iPhone can do, you are going to have to accept security issues as a consequence of that convenience.
OpenBSD won't help you here, BTW. Perhaps it has a more secure userland, but that doesn't help if you are running Chrome or Firefox and getting all their bugs.
Biting the hand that feeds IT
