OpenBSD

workaccount · 02-05-2007 04:06PM #1

Ive just been reading there on slashdot that the new 4.1 has been released.
It says in the editorial "We remain proud of OpenBSD's record of ten years with only two remote holes in the default install."

http://slashdot.org/

So how do they pull it off then. I thought holes were unavoidable to a certain extent.

nuada · 02-05-2007 04:13PM

From slashdot: "openBSD doesn't use the linux/windows "security" paradigm of "write software quickly, find security bugs, fix them ASAP". Their strategy is instead to be secure out of the box, at the price of a slower pace of development and less features."

Cake Fiend · 02-05-2007 05:58PM

workaccount wrote:

I thought holes were unavoidable to a certain extent.

They are - OpenBSD has had two.

aidan_walsh · 02-05-2007 06:02PM

Their list of advisories is still lengthy enough.

Blowfish · 02-05-2007 06:23PM

workaccount wrote:

Ive just been reading there on slashdot that the new 4.1 has been released.
It says in the editorial "We remain proud of OpenBSD's record of ten years with only two remote holes in the default install."

http://slashdot.org/

So how do they pull it off then. I thought holes were unavoidable to a certain extent.

You have to remember that thats for the default install, which is very restrictive anyway. Once you start opening up ports and running more services that number increases.

Martyr · 02-05-2007 06:26PM

"We remain proud of OpenBSD's record of ten years with only two remote holes in the default install."

how many services actually ran in the default install ? :PPPPP

nuada · 03-05-2007 11:21AM

As far as I remember only ssh and a local smtp server are running by default.

OpenBSD

Comments