On kernel security:
I’m sure we could do better, but we have a fair amount of tools to do static checking for common patterns--and we haven’t had anyone say this is unfixable, rewrite it all. Don’t get me wrong, security people will always be unhappy. But the kernel poses special challenges, because any bug can be a security bug. We also have to keep in mind that most of the kernel is drivers, a big chunk of the rest is architecture specific, and there are 25 million lines of code. So it’s really hard to have people go over it; we have to rely on automated testing and on tools. There are too many lines in too many obscure places for humans to really check.
Even with my very limited experience of this, it seems like this equates to proper code auditing not really being possible because there's 'too much code' to audit? With most of the Linux kernel being drivers, you have to wonder what percentage of those drivers are unmaintained and supporting long dead hardware which 99.999% are not using?