Aspects for being proactive with OS security:

• disclosure and publication of security fixes;
• rigorous in-house testing;
• outside beta testers;
• staying up-to-date, but not on the edge (with less tested code);
• (attempting to) audit contributed/outside software;
• assigned security officer/personnel/contacts;
• bug/feature tracking system;
• reviewing other OS security issues;
• develop/update security-related features;
• reviewing and auditing code.