Whonix build scripts use defaults here. Not using anything specially chosen.
We have one virtual network card which had a security vulnerability which were (at least partially) audited, found a vulnerability, which was fixed and another (or others) virtual network cards without such history.
We don’t have people who could audit these different virtual network card source codes and then draw conclusions. We don’t have the resources to pay someone to do that either. We’re a distribution, not working on that level. For background on that, see:
From theoretic arguments and logic alone no reasonable changes can be concluded. These could go either way.
- vulnerability found -> bad track record -> use others; OR
- no vulnerability found -> never audited -> use audited one