Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Their reputation is very much exaggerated. It came from the early 2000s where they were 'secure by default' simply for not having services enabled.

They have done a lot of good, but they primarily equate security with code quality which is very short-sighted.



I think high quality code equates to better security, even though such code is not by itself a panacea for security.

Here's a neat resource for OpenBSD's mitigations, some of which were/are novel, though it may not have been updated recently (2019):

https://isopenbsdsecu.re/mitigations/


Here is another list: https://www.openbsd.org/innovations.html


High quality code reduces instances of vulnerabilities, which is great. But code vulnerabilities are only one of the many factors in assessing security.

To be considered a secure operating system, you need to have more mechanisms in place to protect against various threats, and the OBSD developers actively resist that. I'm familiar with their innovations and solutions, and I think they fall far short.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: