Goals

OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than Sun, SGI, IBM, HP, or other vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems.

Full Disclosure

Like many readers of the BUGTRAQ mailing list, we believe in full disclosure of security problems. In the operating system arena, we were probably the first to embrace the concept. Many vendors, even of free software, still try to hide issues from their users.

Security information moves very fast in cracker circles. On the other hand, our experience is that coding and releasing of proper security fixes typically requires about an hour of work -- very fast fix turnaround is possible. Thus we think that full disclosure helps the people who really care about security.

Reporting problems

• If you find a new security problem, you can mail it to [email protected].
• If you wish to PGP encode it (but please only do so if privacy is very urgent, since it is inconvenient) use this pgp key.