Most vendors and FOSS ignored them despite those methods getting consistently-great results but preferred method not doing so. They then pick and choose among lowest-level techniques for verification. They also slowly relearned independently some of the vast body of security engineering knowledge they're ignoring to this day.
In this case, one camp is about trying to make code in an insecure language perfect with probabilistic mitigations to stop problems. Another barely cares about code security but uses strong measures for containment to hopefully limit damage. Author of OP supports doing both as far as I can tell. High-assurance supports doing what was proven, mathematically and empirically, to get the job done going back to the 1960's-80's extended with what we've learned today. Commercial, CompSci, and a few FOSS projects attempt various levels of adoption of such techniques with safety-critical proprietary (eg aerospace, trains) doing it the most.
"There's not enough data / samples of secure operating systems to make an intellectually honest assertion that one approach is definitively superior"
There really is. Certain methods I outlined consistently worked better. Others didn't. OpenBSD avoids most of what worked outside code review, hardening, and pledge then continues to use language and architecture proven to cause problems vs alternatives for UNIX compatibility. One can definitely make predictions from that about kinds of issues they'll face or upper limits of assurance that can be provided.
http://pastebin.com/xZ6m4T8Z
Most vendors and FOSS ignored them despite those methods getting consistently-great results but preferred method not doing so. They then pick and choose among lowest-level techniques for verification. They also slowly relearned independently some of the vast body of security engineering knowledge they're ignoring to this day.
In this case, one camp is about trying to make code in an insecure language perfect with probabilistic mitigations to stop problems. Another barely cares about code security but uses strong measures for containment to hopefully limit damage. Author of OP supports doing both as far as I can tell. High-assurance supports doing what was proven, mathematically and empirically, to get the job done going back to the 1960's-80's extended with what we've learned today. Commercial, CompSci, and a few FOSS projects attempt various levels of adoption of such techniques with safety-critical proprietary (eg aerospace, trains) doing it the most.
"There's not enough data / samples of secure operating systems to make an intellectually honest assertion that one approach is definitively superior"
There really is. Certain methods I outlined consistently worked better. Others didn't. OpenBSD avoids most of what worked outside code review, hardening, and pledge then continues to use language and architecture proven to cause problems vs alternatives for UNIX compatibility. One can definitely make predictions from that about kinds of issues they'll face or upper limits of assurance that can be provided.