“The Insecurity of OpenBSD”

“OpenBSD is widely touted as being ‘secure by default’, something often mentioned by OpenBSD advocates as an example of the security focused approach the OpenBSD project takes. Secure by default refers to the fact that the base system has been audited and considered to be free of vulnerabilities, and that only the minimal services are running by default. This approach has worked well; indeed, leading to ‘Only two remote holes in the default install, in a heck of a long time!’. This is a common sense approach, and a secure default configuration should be expected of all operating systems upon an initial install. An argument often made by proponents of OpenBSD is the extensive code auditing performed on the base system to make sure no vulnerabilities are present. The goal is to produce quality code as most vulnerabilities are caused by errors in the source code. This a noble approach, and it has worked well for the OpenBSD project, with the base system having considerably less vulnerabilities than many other operating systems. Used as an indicator to gauge the security of OpenBSD however, it is worthless.”

43 Comments

  1. Mark Williamson 2010-01-21 8:46 pm EST
    • Lennie 2010-01-23 9:59 am EST
  2. sergio 2010-01-21 9:38 pm EST
    • tony 2010-01-21 10:28 pm EST
      • Oliver 2010-01-21 11:58 pm EST
      • bert64 2010-01-23 11:39 am EST
      • bert64 2010-01-23 11:45 am EST
        • hamster 2010-01-23 7:21 pm EST
  3. alcibiades 2010-01-22 12:27 am EST
  4. allthatiswrong 2010-01-22 1:13 am EST
    • Gryzor 2010-01-22 2:01 am EST
      • allthatiswrong 2010-01-22 2:17 am EST
    • strcpy 2010-01-22 6:48 am EST
      • allthatiswrong 2010-01-22 7:25 am EST
        • strcpy 2010-01-22 7:27 am EST
          • allthatiswrong 2010-01-22 7:33 am EST
          • strcpy 2010-01-22 7:36 am EST
          • f0dder 2010-01-22 5:49 pm EST
          • Mark Williamson 2010-01-22 6:23 pm EST
          • allthatiswrong 2010-01-22 7:17 pm EST
          • f0dder 2010-01-22 7:20 pm EST
    • Mark Williamson 2010-01-22 4:18 pm EST
      • f0dder 2010-01-22 5:52 pm EST
        • Mark Williamson 2010-01-22 6:08 pm EST
          • f0dder 2010-01-22 6:58 pm EST
      • allthatiswrong 2010-01-22 7:50 pm EST
        • Mark Williamson 2010-01-22 8:40 pm EST
          • allthatiswrong 2010-01-23 10:42 pm EST
          • f0dder 2010-01-25 3:21 am EST
  5. license_2_blather 2010-01-22 2:17 am EST
  6. Soulbender 2010-01-22 6:31 am EST
    • allthatiswrong 2010-01-22 7:31 am EST
      • strcpy 2010-01-22 7:34 am EST
        • allthatiswrong 2010-01-22 7:39 am EST
  7. strcpy 2010-01-22 7:18 am EST
    • allthatiswrong 2010-01-22 7:34 am EST
      • strcpy 2010-01-22 7:38 am EST
  8. ddc_ 2010-01-22 7:54 am EST
    • renox 2010-01-22 2:09 pm EST
  9. garyd 2010-01-22 9:31 pm EST
    • allthatiswrong 2010-01-22 11:03 pm EST
  10. bert64 2010-01-23 11:34 am EST
  11. abraxas 2010-01-24 2:07 pm EST