Nibb31 That depends on your definition of OS. If you are just talking about the kernel itself, L1 and its progeny have been formally verified mathematically and are therefore secure from a code standpoint. But to make any OS useful you need processes to run 😛 That means relying on software that has not undergone such rigorous testing.
And again, I will reiterate: even if all of your software were perfect, users will ultimately become the security risk. Any security that gets in the way of normal use will be disabled if possible. and even if they don't do something stupid like that, many people will fall prey to social engineering attacks which allow hackers to gain access to the system through other paths. If for some reason none of that is possible, high-value targets will be targeted for physical access.
Repeat after me:
- Users are their own enemies.
- Physical access is root access.
- No useful system is impenetrable.