I'm not sure objectively what the current state is. However, it's a little known fact that Linux kernel specifically (due to fame) benefits from tons of academic work on bug hunting tools. Every time they run a new one, they find all kinds of problems that are preventable with a safer language or sound architecture. Many of them would've been contained in a microkernel architecture rather than have full access to memory.
So, one could say it's pretty bad even if the "many eyes" and code audits are finding/fixing a ton. Simply too many to justify if their process is any good. An recent example I found was the Saturn project throwing an automated tool at it and finding 100+ real bugs in one go.
So, one could say it's pretty bad even if the "many eyes" and code audits are finding/fixing a ton. Simply too many to justify if their process is any good. An recent example I found was the Saturn project throwing an automated tool at it and finding 100+ real bugs in one go.
http://saturn.stanford.edu/pages/papersindex.html