Wouldn't a good systematic evaluation need (or at least benefit from) a few actual working exploits/PoCs? I keep asking this as a long-time OpenBSD user who is genuinely interested in seeing it done, but so far everyone who has said "it's flawed" also reserved themselves the convenience of not having to prove their point in a practical sense.
pjmlp|1 year ago
36C3 - A systematic evaluation of OpenBSD's mitigations
https://www.youtube.com/watch?v=3E9ga-CylWQ
daneel_w|1 year ago
zshrc|1 year ago
Code standards are very strict in OpenBSD and security is always a primary thought...