I have just finished reading through tons of security bug reports in the FreeBSD bug report archive, and also normal bugs, and I am "scared" about the lack of attention these issues get.
It's like no one "cares", or the few that does is simply overburden.
This proposal from 2018, with the problems it lists, still seems very valid: https://web.archive.org/web/20210401214138/https://lists.freebsd.org/pipermail/freebsd-arch/2018-March/018892.html
Are any of you - who runs FreeBSD in serious production (please home labs, desktop/laptop use, don't reply) - not worried about the current state of affairs?