"OpenBSD is probably one of the most secure operating systems
out there," says Chris Brenton, author of Mastering Network
Security. "The crew does a fantastic job of locking down and
being responsive when vulnerabilities are found." Such a good job
that the U.S. Department of Justice uses 260 copies of OpenBSD to
store and transmit its most sensitive data...."
"Over an 18-month period, a team of 10 volunteers vetted
OpenBSD's entire source code - all 350 megabytes - weeding out
thousands of bugs. Though not necessarily related to security
features, those glitches could have been targeted by attackers
using "buffer overflows" (which overwhelm a machine with data
packets), denial-of-service tools or other elementary hacking
techniques. For two years, de Raadt worked 14-hour days, seven days
a week to debug his system. Despite his notoriously prickly
personality, de Raadt also has managed to attract a legion of
collaborators to help him build OpenBSD...."
"OpenBSD's proactive approach is unique among open-source
systems, which normally rely on user reports and public forums to
find vulnerabilities. The Linux security philosophy, for example,
can be summed up as "more eyes means better security" - that is,
since the source code is open to peer review, bugs will be quickly
spotted and patched."
"De Raadt scoffs at that credo. Most reviewers of open-source
code, he says, are amateurs. "These open-source eyes that people
are talking about, who are they?" he asks. "Most of them, if you
asked them to send you some code they had written, the most they
could do is 300 lines long. They're not programmers."