alexfru wrote:
I wonder what exactly the authors that are making such undoubtedly bold claims mean, basically, how they are going to achieve that level of security.
Have you tried to learn more about those claims? Have you discussed the issue with the claimers? It seem you just wondering, but haven't done much of the supposed actions.
alexfru wrote:
And, what's more, how many of them have actually studied security and have done things like security design/code reviews, penetration testing and so on or are planning to do that if they haven't yet.
First there are some concepts, that make an OS more secure. If you learn the concepts, then you can decide on OS's security level. And any testing or other huge efforts targeted at the implementation of the concepts are just matter of time. Would there be an OS with really good security concepts employed then it is valid to think of it as about potentially secure OS. But if you expect already polished tool with all time consuming things done, then it is better to look at Linux, Windows or may be some rarely used, but heavily invested in OS.
alexfru wrote:
And then, even if it was designed and written with security in mind, at the very least thoroughly pen-test it. But it's not just that.
So, your clam in fact is about lack of time spent on the security part of hobby OS. But do you think there is really enough motivation to allow every osdever to spend required time? Actually you just miss the picture of hobby osdeving.
alexfru wrote:
So, what really makes some think they can make their OS secure?
It is about security concepts, but not about huge investment in hobby OS.
alexfru wrote:
Do you have some novel design ideas that aren't already found in Linux, Windows, etc? If so, have you run them through security guys, what do they think? Or what?
As is already said - if you expect some polished product then you should look some other place to help you, but not hobby osdevers.
But you can help the osdev community by participating in a process of testing or running "through security guys".