First page Back Continue Last page Summary Graphics
Code Audited for Errors
Proactive approach
- Coding errors lead to vulnerabilities
- Fix the bugs, secure the OS
- On-going audit
Auditors look for errors, not vulnerabilities
- Not worth deciding if a bug is exploitable or not
- More useful to fix error and move on
Outcome: Most advisories don't affect OpenBSD
- Bug usually fixed months/years before found
- Thousands (yes, thousands!) of errors found