My apologies if this is the wrong place to ask this.
I've been reading around online about keeping software secure, and I've been puzzled by something for a while now. I'm not sure if this is a stupid question or not.
Generally, when I see online conversation about Linux vulnerabilities, I often see people detailing the how big the attack surface of the Linux kernel itself is due to its' monolithic kernel; I saw a blog post about this very thing linked somewhere here on Lemmy recently. I also see folks glamoring about how the BSD 'spinoffs' (?) all have much better fundamental approaches to security, and they get compared to Linux quite often as 'the superior platform' due to things like the non-monolithic kernel and BSD Jails. Hell, one of the main self-touted benefits of the BSDs is that there is significant effort placed on discovering vulnerabilities.
Could someone knowledgeable tell me why desktop Linux has seemed to be 'chosen' in comparison to something like FreeBSD or OpenBSD? I don't see any open-source forks of a BSD spinoff (only proprietary ones like what runs on the PS5), nor do I see anyone talking about using them for desktop computing purposes. Is there a fundamental challenge too great to overcome right now with using something like FreeBSD as a desktop OS, or has there simply not been enough volunteer manpower to throw at it, and Linux already has that problem, in comparison, solved? It shocks me that the adoption is so low, especially considering the reportedly amazing binary compatibility with most existing Linux software.
Why Linux ended up being the big thing is pretty well answered in the historical sense if you want to go looking for it. As for its low modern adoption. No one can really answer that for certain. I'll give you my two cents on the matter, but that's all anyone can do. All of this is based on research done on and off over the years in regards to this very topic as well as personal anecdote and hearsay. I will point out specific examples that I am familiar with, but don't fault me for missing anything.
Everyone is already on Linux. Both companies and individual people. While the BSD's work just fine for some people, it is largely hardware dependent. I have heard many people liken it to where Linux was 10 - 15 years ago in terms of hardware support. That alone means that most people can't use it. Less people = less developers making things better = less people trying it. We've all seen that song and dance before. Good ole chicken and egg problem.
Furthermore, while BSD certainly has its strengths. Being technically better has never been enough with anything. There are lots of equivalents to BSD features that are good enough eg: cgroups and others for jails. More importantly with a lot more big players using and contributing to Linux. Those things also see a faster rate of development and more quickly meet the needs of companies.
There is of course the license debate. While not as important now as it was before at least to a lot of individuals, I have personally been trying to answer this question for years doing my own research. The only reason I bring this up is that companies often upstream there work. Netflix famously chose freebsd over linux for their simpler and faster networking stack. They have contributed many improvements to that upstream and there are examples floating around as to how those improvements helped to improve freebsd networking for others. Although according to many Linux has largely caught up in that regard if not surpassed it. There are after all many tech giants that use linux and also need to serve similar amounts of traffic if not more than Netflix. However, regardless of if its is better or worse. The point is I feel like examples like this are far and few between. Because companies can simply take the bsd code and choose not to give anything back. It certainly feels like they do so more often than not. I based that on my ability to find useful examples in the first place. Which is of course admittedly flawed.
You will notice a lot of the use of the word "feels" in that last paragraph because I don't have any concrete proof. It is hard to measure how much a company has contributed to freebsd. It is less talked about and even combing through commits you would need to know who is behind those aliases. There are concrete examples of things that were contributed, but in my opinion a lot of the contributions are even more company specific than those on linux.
For example when it comes to changes that matter to a desktop user. Sony contributed drivers for their ps5 controller on linux. Here is a random article for that here: https://androidexperto.com/sony-releases-official-ps5-controller-driver-for-linux/ I found many articles of bsd people digging into linux code to get the ps5 controller working on bsd as recently as 2024. Here is just one of those https://forums.freebsd.org/threads/playstation-5-dualsense-controller-pairing.80786/. In my opinion however, it is kind of strange that they would have to do any work to get it working considering that the ps5 and ps4 if I remember correctly were based on freebsd in the first place. Why did Sony not contribute drivers upstream for bsd? They must have them because the console itself needs them. This harpens back to me saying that it feels like companies more often than not choose not to contribute back when they don't have to.
It has been hard for me to find equivalent examples on the bsd side. Little things like hardware or software support for user facing things that have been contributed to the bsd's by the big names, but not to Linux
Anyways, that's the short version of a random miss mash of things I could think of.