Let's review some OpenBSD mitigations, Brian Callahan 2026-06-03 @ 18:45 local (22:45 UTC) - Backroom of Brass Monkey 55 Little West 12th St Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[Q]'.
How do we know that security mitigations actually work? How often should we review code to ensure they are continuing to provide? Following two recent publications, let’s explore some of OpenBSD’s anti-ROP mitigations. We will explore what they do, how to test they work, how to port them to other operating systems, and how to understand larger questions about security mitigations. You’ll leave having a deeper appreciation for OpenBSD’s sustained security track record. Brian is a long-time face in the *BSD world. While he claims semi-retirement from OpenBSD development, in reality he probably spends even more time on it getting students excited about the BSDs. He is the Director of the Monmouth University Cybersecurity Research Center, where here leads quantum cybers ecurity and other security research. Nearest NYC Subway is the 14th Street/Eighth Avenue station L, A, C, E. To get to the backroom, you must enter the front door, follow the long bar on your left, and walk all the way to the back. At the rear of the BrassMonkey, you will see an alcove for the 3 bathrooms our room is off to your right.
