This is true. However, I'll settle for Microsoft following OpenBSD's lead and implementing ASLR and DEP in the world's most widely used desktop operating system.
I was nodding at this article until I got to the part that said that OpenBSD should have used "Exim or Postfix and MaraDNS or NSD" to replace Sendmail and BIND, and then decided that the author didn't in fact know what he was talking about.
It is however a real critique of OpenBSD's security model that they haven't pursued enhanced access control (Niels had to bolt it on with Systrace because Theo doesn't agree with the concept).
That's only a tiny part of what OpenBSD does for security. Most of their work seem to be on auditing code and creating new secure tools when there's nothing fixable or with a good open source license (like OpenSSH, OpenCVS, OpenBGPD, and OpenNTPD.)
Don't get me wrong, I'm not arguing against OpenBSD's superiority here in the slightest. In fact, except for my FreeBSD VPS, my general rule is that none of my Internet-facing machines run anything but OpenBSD.
I'm just saying that if Microsoft can duplicate even a little of those good practices and bring them to the masses, more power to them.
