Hello. I'm a young computer hobbyist and I would like to get involved with computer security. I am famiiar with the basic concepts, C programming and I'm currently studying x86 assembly.

I have doubts regarding what operating system to learn and later perform security research/dev. Personally I'm a fan of the FreeBSD system which has incompareably less users than Linux Distributions.

I'd like to ask any person involved in vuln-dev viewing this thread if the popularity difference between Linux and FBSD is very important from a sec-research/devel point of view.

Let me explain. Although much of the 3rd party software available for Linux is also available for FBSD, probably many (most?) bugs are only exploitable on one system and not exploitable on the other (please tell me if this is correct from your experience). So, considering these bugs which are operating-system dependant, a new Linux-oriented bug/poc would affect therefor interest more people than a FBSD-oriented one ..?

On the other hand .. the availability of Linux POC is significantly higher than that of FBSD .. so .. would a FBSD bug/poc be of higher "significance" ?

*** Note: If I'm wrong, and most bugs are "system-independant" (let's say Linux/FBSD) .. (i.e. a bug affecting software X under Linux will in most cases also affect software X under FBSD) .. please tell me .. and also I would appreciate it if I'd know if a POC designed for Linux would have to undergo significant changes to be "ported" (i.e. work against) FBSD (I know it depends on the bug, method of exploitation etc. .. but I'm looking for a "statistical view", i.e.: "most poc against linux require little to no modif to work against fbsd" .. or the contrary..)

Thank you for you attention !

It really depends how you want to approach this.
The most security-minded OS is probably OpenBSD. Not many users at all, but focused just on security and vulnerability prevention. If I studied security, this would be the one OS I'd look into. You'll learn a lot there.

You don't understand.

I'm not trying to learn from the operating system secure coding practices.

I'm asking:

#1. Are most 3rd party bugs exploitable both on Linux and on FreeBSD (or NetBSD or whatever)?
#2. If answer to question #1. is "NO" .. then for a security "expert" seeking fame, what would get him there faster: PoC for FBSD or PoC for Linux .. or both will do just as good..
#3. If the answer to question #1 is "YES" .. how much modification would a PoC for FBSD need to work against Linux ? (statistically speaking .. "a lot" / "little to nothing")

I hope this makes things clearer, thank you for the reply however

#1 -> if they are OS exploits, probably not; if they are application exploits, I think so
#2 -> If you seek fame, crack OpenBSD. OpenBSD claims "Only one remote hole in the default install, in more than 8 years!". No other OS has this AFAIK.
#3 -> again, if it's an application exploit, probably none most of the time