You do not have to "trust" the OS at some level. Use Linux or BSD, demand open hardware. You only feel like you "have to trust" shitty closed-source OSes because the orgs behind those OSes have been able to abuse market-dominant positions to stifle competition.
Security by obscurity is laughable nonsense. We should all be demanding transparency in hardware and software from our vendors. I'd pay handsomely for it.
I think that in this context the meaning of the term trust is different.
Any code executing in privileged mode can bypass security, and is therefore inherently part of a system's trusted computing base (TCB). (Linux is a monolithic kernel running in ring 0)
Most companies are not Linux contributors, they are trusting the kernel developers to write bug free, secure code.
Minimizing the TCB and opting for an auditable open source TCB are really useful concepts in security.
But the cause of these breaches is much more trivial than what you are worrying about: these companies are basically installing whichever piece of software can decrease their costs without thinking about what they’re doing.
>Any code executing in privileged mode can bypass security, and is therefore inherently part of a system's trusted computing base (TCB). (Linux is a monolithic kernel running in ring 0)
It's way nicer to be able to look at the code running in Ring 0 =)
Security by obscurity is laughable nonsense. We should all be demanding transparency in hardware and software from our vendors. I'd pay handsomely for it.