At risk of responding without having read through the entire website, it seems to mostly be about OpenBSD's exploit mitigations, and nothing else. But OpenBSD does a lot of other things well, like doing lots of code reviews, having a culture of writing code with an eye toward security in the first place, providing API's that are more difficult for developers to misuse (strlcat, pledge), and generally good design like building things with privilege separation in lots of places.
OpenBSD also has lots of mitigations, but then so do other OS'es. Mitigations have always been and will probably always be a controversial and fraught topic. That's because mitigations are just that - they're *mitigations*. For the most part they're not supposed to provide more-or-less impenetrable security barriers like with privilege separation, memory safe languages, etc. They're just there to make an attacker's life harder and their chances of success lower than otherwise. For this reason, they're subject to an endless arms race, with developers always introducing new and interesting mitigations, and exploit writers always researching fun and bizarre ways to work around them. The best an OS can do is to stay as close to the state of the art as possible. So, there's probably some valid criticisms in there (I haven't read through them all), but "some of OpenBSD's exploit mitigations have some issues" is not grounds to say that OpenBSD is bad or insecure, as a blanket statement. OpenBSD has a lot of great things going for it. My 2 cents, BW ---- On Thu, 07 May 2020 07:00:15 -0700 <i...@aulix.com> wrote ---- Dear OpenBSD fans, Can you please comment negative appraisal from the following website: https://isopenbsdsecu.re/quotes/ I did not want to hurt anyone, just looking for a secure OS and OpenBSD looked very nice to me before I have found this website. Kind Regards
