The OpenBSD project maintains portable versions of many subsystems aspackages for other operating systems. Because of the project's preferred BSD license, which allows binary redistributions without the source code, many components are reused in proprietary and corporate-sponsored software projects. Thefirewall code inApple'smacOS is based on OpenBSD'sPF firewall code,[6]Android'sBionicC standard library is based on OpenBSD code,[7]LLVM uses OpenBSD'sregular expression library,[8] andWindows 10 usesOpenSSH (OpenBSD Secure Shell) withLibreSSL.[9]
The word "open" in the name OpenBSD refers to the availability of the operating systemsource code on theInternet, although the word "open" in the name OpenSSH means "OpenBSD". It also refers to the wide range ofhardware platforms the system supports.[10] OpenBSD supports a variety of system architectures includingx86-64,IA-32,ARM,PowerPC, and 64-bitRISC-V. Its default GUI is the X11 interface.
In December 1994,Theo de Raadt, a founding member of theNetBSD project, was asked to resign from the NetBSD core team over disagreements and conflicts with the other members of the NetBSD team.[11][4] In October 1995, De Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial release, OpenBSD 1.2, was made in July 1996, followed by OpenBSD 2.0 in October of the same year.[12] Since then, the project has issued a release every six months, each of which is supported for one year.
On 25 July 2007, OpenBSD developer Bob Beck announced the formation of theOpenBSD Foundation, a Canadian non-profit organization formed to "act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."[13]
In 2024, the project had separated far enough that all files which were a part of the original fork from NetBSD had been either modified or removed, with the replacement of a data file for the "quiz" program.[14]
Bar chart showing the proportion of users of eachBSD variant from a 2005 BSD usage survey of 4330 users.[15][note 1]
It is hard to determine how widely OpenBSD is used, because the developers do not publish or collect usage statistics.
In September 2005, the BSD Certification Group surveyed 4330 individual BSD users, showing that 32.8% used OpenBSD,[15] behindFreeBSD with 77%, ahead of NetBSD with 16.3% andDragonFly BSD with 2.6%[note 1]. However, the authors of this survey clarified that it is neither "exhaustive" nor "completely accurate", since the survey was spread mainly through mailing lists, forums and word of mouth. This combined with other factors, like the lack of a control group, a pre-screening process or significant outreach outside of the BSD community, makes the survey unreliable for judging BSD usage globally.
Severalproprietary systems are based on OpenBSD, including devices fromArmorlogic (Profense web application firewall), Calyptix Security,[19] GeNUA,[20] RTMX,[21] and .vantronix.[22]
Some versions ofMicrosoft'sServices for UNIX, an extension to theWindows operating system to provide Unix-like functionality, use much of the OpenBSD code base that is included in theInterix interoperability suite,[23][24] developed by Softway Systems Inc., which Microsoft acquired in 1999.[25][26] Core Force, a security product for Windows, is based on OpenBSD'spf firewall.[27] Thepf firewall is also found in other operating systems: includingFreeBSD,[28] andmacOS.[29]
Shortly after OpenBSD was created, De Raadt was contacted by a local security software company named Secure Networks (later acquired byMcAfee).[38][39] The company was developing anetwork security auditing tool called Ballista,[note 2] which was intended to find andexploit software security flaws. This coincided with De Raadt's interest in security, so the two cooperated leading up to the release of OpenBSD 2.3.[40] This collaboration helped to define security as the focus of the OpenBSD project.[41]
OpenBSD includes numerous features designed to improve security, such as:
To reduce the risk of a vulnerability or misconfiguration allowingprivilege escalation, many programs have been written or adapted to make use ofprivilege separation,privilege revocation andchrooting. Privilege separation is a technique, pioneered on OpenBSD and inspired by theprinciple of least privilege, where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege.[46] Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them. Chrooting involves restricting an application to one section of thefile system, prohibiting it from accessing areas that contain private or system files. Developers have applied these enhancements to OpenBSD versions of many common applications, such astcpdump,file,tmux,smtpd, andsyslogd.[47]
OpenBSD developers were instrumental in the creation and development ofOpenSSH (aka OpenBSD Secure Shell), which is developed in the OpenBSD CVS repositories. OpenBSD Secure Shell is based on the originalSSH.[48] It first appeared in OpenBSD 2.6 and is now by far the most popular SSH client and server, available on many operating systems.[49]
The project has a policy of continually auditing source code for problems, work that developer Marc Espie has described as "never finished ... more a question of process than of a specific bug being hunted." He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended", and investigating whether "it's possible to augment thecompiler to warn against this specific problem."[50]
The OpenBSD website features a prominent reference to the system's security record. Until June 2002, it read:
Five years without a remote hole in the default install!
In June 2002, Mark Dowd ofInternet Security Systems disclosed a bug in the OpenSSH code implementingchallenge–response authentication.[51] Thisvulnerability in the OpenBSD default installation allowed an attacker remote access to theroot account, which was extremely serious not only to OpenBSD, but also to the large number of other operating systems that were using OpenSSH by that time.[52] This problem necessitated the adjustment of the slogan on the OpenBSD website to:
One remote hole in the default install, in nearly 6 years!
The quote remained unchanged as time passed, until on 13 March 2007, when Alfredo Ortega of Core Security Technologies disclosed a network-related remote vulnerability.[53] The quote was subsequently changed to:
Only two remote holes in the default install, in a heck of a long time!
This statement has been criticized because the default install contains few running services, and many use cases require additional services.[54] Also, because the ports tree contains unauditedthird-party software, it is easy for users to compromise security by installing or improperly configuring packages. However, the project maintains that the slogan isintended to refer to a default install and that it is correct by that measure.
One of the fundamental ideas behind OpenBSD is a drive for systems to be simple, clean, and secure by default. The default install is quite minimal, which the project states is to ensure novice users "do not need to become security experts overnight",[55] which fits with open-source andcode auditing practices considered important elements of a security system.[56] Additional services are to be enabled manually to make users think of the security implications first.
On 11 December 2010, Gregory Perry, a former technical consultant for theFederal Bureau of Investigation (FBI), emailed De Raadt alleging that the FBI had paid some OpenBSD ex-developers 10 years prior to insert backdoors into theOpenBSD Cryptographic Framework. De Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of theIPsec codebase.[57][58] De Raadt's response was skeptical of the report and he invited all developers to independently review the relevant code. In the weeks that followed, bugs were fixed but no evidence of backdoors was found.[59] De Raadt stated "I believe that NetSec was probably contracted to write backdoors as alleged. If those were written, I don't believe they made it into our tree. They might have been deployed as their own product."[60]
In December 2017, Ilja van Sprundel, director atIOActive, gave a talk at theCCC[61] as well asDEF CON,[62] entitled "Are all BSDs created equally? — A survey of BSD kernel vulnerabilities", in which he stated that although OpenBSD was the clear winner of the BSDs in terms of security, "Bugs are still easy to find in those kernels, even in OpenBSD".
Two years later, in 2019, an anonymous critic called "Stein" gave a talk named "A systematic evaluation of OpenBSD's mitigations"[63] at the CCC. While admitting OpenBSD has some effective mitigations, he alleged a significant number were "useless at best and based on pure luck and superstition".[64]
Some subsystems have been integrated into other BSD operating systems,[73][74][75] and many are available as packages for use in other Unix-like systems.[76][77][78]
Linux administrator Carlos Fenollosa commented on moving from Linux to OpenBSD that the system is faithful to theUnix philosophy of small, simple tools that work together well: "Some base components are not as feature-rich, on purpose. Since 99% of the servers don't need the flexibility of Apache, OpenBSD's httpd will work fine, be more secure, and probably faster".[79] He characterized the developer community's attitude to components as: "When the community decides that some module sucks, they develop a new one from scratch. OpenBSD has its own NTPd, SMTPd and, more recently, HTTPd. They work great".[79] As a result, OpenBSD is relatively prolific in creating components that become widely reused by other systems.
OpenBSD runs nearly all of its standarddaemons withinchroot andprivsep security structures by default, as part of hardening the base system.[79]
OpenBSD developers at c2k1hackathon atMIT, June 2001OpenBSD hackathon s2k17
Development is continuous, and team management is open and tiered. Anyone with appropriate skills may contribute, with commit rights being awarded on merit and De Raadt acting as coordinator.[32]: xxxv Two official releases are made per year, with the version number incremented by 0.1,[84] and these are each supported for twelve months (two release cycles).[85] Snapshot releases are also available at frequent intervals.
Maintenance patches for supported releases may be applied usingsyspatch, manually or by updating the system against the patch branch of theCVS source repository for that release.[86] Alternatively, a system administrator may opt to upgrade to the next snapshot release usingsysupgrade, or by using the-current branch of the CVS repository, in order to gain pre-release access to recently added features. The sysupgrade tool can also upgrade to the latest stable release version.
The generic OpenBSD kernel provided by default is strongly recommended for end users, in contrast to operating systems that recommend user kernel customization.[87]
Packages outside the base system are maintained by CVS through aports tree and are the responsibility of the individual maintainers, known as porters. As well as keeping the current branch up to date, porters are expected to apply appropriate bug-fixes and maintenance fixes to branches of their package for OpenBSD's supported releases. Ports are generally not subject to the same continuous auditing as the base system due to lack of manpower.
Binary packages are built centrally from the ports tree for each architecture. This process is applied for the current version, for each supported release, and for each snapshot. Administrators are recommended to use the package mechanism rather than build the package from the ports tree, unless they need to perform their own source changes.
OpenBSD's developers regularly meet at special events calledhackathons,[88] where they "sit down and code", emphasizing productivity.[89]
OpenBSD is known for its high-quality documentation.[91][92]
When OpenBSD was created, De Raadt decided that thesource code should be available for anyone to read. At the time, a small team of developers generally had access to a project's source code.[93] Chuck Cranor[94] and De Raadt concluded this practice was "counter to the open source philosophy" and inconvenient to potential contributors. Together, Cranor and De Raadt set up the first public, anonymousrevision control system server. De Raadt's decision allowed users to "take a more active role", and established the project's commitment to open access.[93] OpenBSD is notable for its continued use ofCVS (more precisely an unreleased, OpenBSD-managed fork named OpenCVS), when most other projects that used it have migrated to other systems.[95]
OpenBSD does not includeclosed source binary drivers in the source tree, nor does it include code requiring the signing ofnon-disclosure agreements.[96] According to theGNU Project, OpenBSD includes small "blobs" of proprietary object code as device firmware.[97]
Since OpenBSD is based in Canada, no United States export restrictions on cryptography apply, allowing the distribution to make full use of modern algorithms for encryption. For example, the swap space is divided into small sections and each section is encrypted with its own key, ensuring that sensitive data does not leak into an insecure part of the system.[18]
OpenBSD randomizes various behaviors of applications, making them less predictable and thus more difficult to attack. For example, PIDs are created and associated randomly to processes; thebindsystem call uses randomport numbers; files are created with randominode numbers; and IP datagrams have random identifiers.[98] This approach also helps expose bugs in the kernel and in user space programs.
The OpenBSD policy on openness extends to hardware documentation: in the slides for a December 2006 presentation, De Raadt explained that without it "developers often make mistakes writing drivers", and pointed out that "the [oh my god, I got it to work] rush is harder to achieve, and some developers just give up."[99] He went on to say that vendor-supplied binary drivers are unacceptable for inclusion in OpenBSD, that they have "no trust of vendor binaries running in our kernel" and that there is "no way to fix [them] ... when they break."[99]
OpenBSD maintains a strictlicense policy,[3] preferring theISC license and other variants of theBSD license. The project attempts to "maintain the spirit of the original Berkeley Unixcopyrights," which permitted a "relatively un-encumbered Unix source distribution."[3] The widely usedApache License andGNU General Public License are considered overly restrictive.[100]
In June 2001, triggered by concerns over Darren Reed's modification of IPFilter's license wording, a systematic license audit of the OpenBSD ports and source trees was undertaken.[101] Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the license. To ensure that all licenses were properly adhered to, an attempt was made to contact all the relevant copyright holders: some pieces of code were removed, many were replaced, and others, such as themulticastrouting toolsmrinfo andmap-mbone, wererelicensed so that OpenBSD could continue to use them.[102][103] Also removed during this audit was all software produced byDaniel J. Bernstein. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time or effort.[104][105][106]
Because of licensing concerns, the OpenBSD team has reimplemented software from scratch or adopted suitable existing software. For example, OpenBSD developers created thePFpacket filter after unacceptable restrictions were imposed onIPFilter. PF first appeared in OpenBSD 3.0[107] and is now available in many other operating systems.[108] OpenBSD developers have also replaced GPL-licensed tools (such asCVS andpkg-config) withpermissively licensed equivalents.[109][110]
Although the operating system and its portable components are used in commercial products, De Raadt says that little of the funding for the project comes from the industry: "traditionally all our funding has come from user donations and users buying our CDs (our other products don't really make us much money). Obviously, that has not been a lot of money."[84]
For a two-year period in the early 2000s, the project received funding fromDARPA, which "paid the salaries of 5 people to work completely full-time, bought about $30k in hardware, and paid for 3 hackathons", from thePOSSE project.[84]
In 2006, the OpenBSD project experienced financial difficulties.[111] TheMozilla Foundation[112] andGoDaddy[113] are among the organizations that helped OpenBSD to survive. However, De Raadt expressed concern about the asymmetry of funding: "I think that contributions should have come first from the vendors, secondly from the corporate users, and thirdly from individual users. But the response has been almost entirely the opposite, with almost a 15-to-1 dollar ratio in favor of the little people. Thanks a lot, little people!"[84]
On 14 January 2014, Bob Beck issued a request for funding to cover electrical costs. If sustainable funding was not found, Beck suggested the OpenBSD project would shut down.[114] The project soon received a US$20,000 donation from Mircea Popescu, the Romanian creator of the MPEx bitcoin stock exchange, paid inbitcoins.[115] The project raised US$150,000[116] in response to the appeal, enabling it to pay its bills and securing its short-term future.[115]
The OpenBSD Foundation is a Canadian federalnon-profit organization founded by the OpenBSD project as a "single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."[117] It was announced to the public by OpenBSD developer Bob Beck on 25 July 2007. It also serves as a legal safeguard over other projects which are affiliated with OpenBSD, includingOpenSSH,OpenBGPD,OpenNTPD,OpenCVS,OpenSMTPD andLibreSSL.[118]
Since 2014, several large contributions to the OpenBSD Foundation have come from corporations such as Microsoft,[119] Facebook, and Google as well as theCore Infrastructure Initiative.[120]
In 2015,Microsoft became the foundation's first gold level contributor[121] donating between $25,000-50,000 to support development of OpenSSH, which had been integrated intoPowerShell in July, and later into Windows Server in 2018.[122] Other contributors include Google, Facebook andDuckDuckGo.[123]
During the 2016 and 2017 fundraising campaigns,Smartisan, a Chinese company, was the leading financial contributor to the OpenBSD Foundation.[124][125]
OpenBSD is freely available in various ways: the source can be retrieved by anonymousCVS,[126] and binary releases and development snapshots can be downloaded by FTP, HTTP, and rsync.[127] Prepackaged CD-ROM sets through version 6.0 can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, have been one of the project's few sources of income, funding hardware, Internet service, and other expenses.[128] Beginning with version 6.1, CD-ROM sets are no longer released.
OpenBSD provides apackage management system for easy installation and management of programs which are not part of the base operating system.[129] Packages are binary files which are extracted, managed and removed using the package tools. On OpenBSD, the source of packages is the ports system, a collection ofMakefiles and other infrastructure required to create packages. In OpenBSD, the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 4.6 are not suitable for use with 4.5 and vice versa.[129]
Initially, OpenBSD used a haloed version of theBSD daemon mascot drawn by Erick Green, who was asked by De Raadt to create the logo for the 2.3 and 2.4 versions of OpenBSD. Green planned to create a full daemon, including head and body, but only the head was completed in time for OpenBSD 2.3. The body as well as pitchfork and tail was completed for OpenBSD 2.4.[130]
Subsequent releases used variations such as a police daemon by Ty Semaka,[131] but eventually settled on apufferfish named Puffy.[132] Since then, Puffy has appeared on OpenBSD promotional material and featured in release songs and artwork.
The promotional material of early OpenBSD releases did not have a cohesive theme or design, but later the CD-ROMs, release songs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of thePlaid Tongued Devils.[90] These have become a part of OpenBSD advocacy, with each release expounding a moral or political point important to the project, often through parody.[133]
Themes have includedPuff the Barbarian in OpenBSD 3.3, which included an 80srock song and parody ofConan the Barbarian alluding to open documentation,[90]The Wizard of OS in OpenBSD 3.7, related to the project's work on wireless drivers, andHackers of the Lost RAID, a parody ofIndiana Jones referencing the new RAID tools in OpenBSD 3.8.
While the version number used at this stage was 1.1,[note 4] OpenBSD 1.1 was not an official OpenBSD release in the sense which this term subsequently came to be used.
Old version, not maintained: 1.2
1 July 1996
Creation of theintro(9) man page, for documenting kernel internals.
Integration of theupdate(8) command into the kernel.
As before, while this version number was used in the early development of the OS, OpenBSD 1.2 was not an official release in the subsequently applicable sense.
Old version, not maintained: 2.0
1 October 1996
The first official release of OpenBSD,[135][136] and also the point at whichXFree86 first recognized OpenBSD as separate fromNetBSD.
Introduced thehaloed daemon, oraureola beastie, in head-only form created by Erick Green.[139]
Old version, not maintained: 2.4
1 December 1998
Featured the completehaloed daemon, withtrident and a finished body.[140]
Old version, not maintained: 2.5
19 May 1999
Introduced the Cop daemon image done by Ty Semaka.[141]
Old version, not maintained: 2.6
1 December 1999
Based on the originalSSH suite and developed further by the OpenBSD team, 2.6 saw the first release ofOpenSSH, which is now available standard on most Unix-like operating systems and is the most widely used SSH suite.[142]
First official remote security hole - OpenSSH integer overflow[148]
Old version, not maintained: 3.2
1 November 2002
Goldflipper,[149] a tale in whichJames Pond, agent 077, super spy and suave lady's man, deals with the dangers of a hostile internet. Styled after the orchestral introductory ballads ofJames Bond films.
Old version, not maintained: 3.3
1 May 2003
Puff the Barbarian,[150] born in a tiny bowl; Puff was a slave, now he hacks through the C, searching for theHammer. It is an 80s rock-style song and parody ofConan the Barbarian dealing with open documentation.
In 2003, code fromALTQ, which had a license disallowing the sale of derivatives, wasrelicensed, integrated into pf and made available in OpenBSD 3.3.
First release adding theW^X feature, a fine-grained memory permissions layout, ensuring that memory which can be written to by application programs can not be executable at the same time and vice versa.
Old version, not maintained: 3.4
1 November 2003
The Legend of Puffy Hood whereSir Puffy of Ramsay,[151] a freedom fighter who, with Little Bob of Beckley, took from the rich and gave to all. Tells of thePOSSE project's cancellation. An unusual blend of bothhip-hop and medieval-style music, a parody of the tale ofRobin Hood intended to express OpenBSD's attitude to free speech.
CARP License andRedundancy must be free,[155] where a fish seeking to license his free redundancy protocol, CARP, finds trouble with the red tape. A parody of theFish Licence skit andEric the Half-a-Bee Song byMonty Python, with an anti-software patents message.
CARP, an open alternative to theHSRP andVRRP redundancy systems available from commercial vendors.[156][157]
GPL licensed parts of the GNU tool-set,bc,[158]dc,[159]nm[160] and size,[161] were all replaced with BSD licensed equivalents.
AMD64 platform becomes stable enough for release and is included for the first time as part of a release.
Old version, not maintained: 3.6
1 November 2004
Pond-erosa Puff (live) was the tale ofPond-erosa Puff,[162] a no-guff freedom fighter from the wild west, set to hang a lickin' on no-good bureaucratic nerds who encumber software with needless words and restrictions. The song was styled after the works ofJohnny Cash, a parody of theSpaghetti Western andClint Eastwood and inspired by liberal license enforcement.
OpenNTPD, a compatible alternative to the reference NTP daemon, was developed within the OpenBSD project. The goal of OpenNTPD was not solely a compatible license. It also aims to be a simple, secure NTP implementation providing acceptable accuracy for most cases, without requiring detailed configuration.[163][164]
Because of its questionable security record and doubts of developers for better future development, OpenBSD removedEthereal from its ports tree prior to its 3.6 release.
Hackers of the Lost RAID,[167] which detailed the exploits ofPuffiana Jones, famed hackologist and adventurer, seeking out the Lost RAID, Styled after the radioserials of the 1930s and 40s, this was aparody ofIndiana Jones and was linked to the new RAID tools featured as part of this release. This is the first version released without thetelnet daemon which was completely removed from the source tree by Theo de Raadt in May 2005.[168]
Attack of the Binary BLOB,[170] which chronicles the developer's fight againstbinary blobs andvendor lock-in,[171] a parody of the 1958 filmThe Blob and the pop-rock music of the era.
Improvedhardware sensors support, including a newIPMI subsystem and a newI2C scan subsystem; number of drivers using the sensors framework increased to a total of 33 drivers (compared to 9 in the prior 3.8 release 6 months ago).[154][171]
Second official remote security hole - buffer overflow by malformedICMPv6 packets[174]
Old version, not maintained: 4.1
1 May 2007
1 May 2008
Puffy Baba and the 40 Vendors,[175] a parody of theArabicfableAli Baba and the Forty Thieves, part of the book ofOne Thousand and One Nights, in whichLinux developers are mocked over their allowance ofnon-disclosure agreements when developing software while at the same time implying hardware vendors arecriminals for not releasing documentation required to make reliable device drivers.[176]
Redesigned sysctlhw.sensors into a two-level sensor API;[177][178] a total of 46 device drivers exporting sensors through the framework with this release.[154]
Old version, not maintained: 4.2
1 November 2007
1 November 2008
100001 1010101,[179] the Linux kernel developers gets a knock for violating the ISC-style license of OpenBSD's open hardware abstraction layer for Atheros wireless cards.
Usability of sensorsd improved, allowing zero-configuration monitoring of smart sensors from thehw.sensors framework (e.g.,IPMI orbio(4)-based), and easier configuration for monitoring of non-smart sensors.[180]
Planet of the Users.[189] In the style ofPlanet of the Apes, Puffy travels in time to find a dumbed-downdystopia, where "one very rich man runs the earth withone multinational". Open-source software has since been replaced by one-button computers, one-channel televisions, and closed-source software which, after you purchase it, becomes obsolete before you have a chance to use it. People subsist onsoylent green. The theme song is performed in thereggae rock style ofThe Police.
Another Smash of the Stack,Black Hat,Money,Comfortably Dumb (the misc song),Mother,Goodbye andWish you were Secure, Release songs parodies of Pink Floyd'sThe Wall,Comfortably Numb andWish You Were Here.[205]
^abcdefghOpenBSD is released roughly every 6 months targeting May and November and only the latest two releases receive security and reliability fixes for the base system.[214]
^abBSD Usage Survey(PDF) (Report). The BSD Certification Group. 31 October 2005. p. 9.Archived(PDF) from the original on 22 October 2013. Retrieved16 September 2012.
^"RTMX O/S IEEE Real Time POSIX Operating Systems".RTMX.Archived from the original on 26 January 2021. Retrieved13 December 2011.RTMX O/S is a product extension to OpenBSD Unix-like operating system with emphasis on embedded, dedicated applications.
^".vantronix secure system".Compumatica secure networks. Archived fromthe original on 1 January 2012. Retrieved13 December 2011.The Next Generation Firewall is not a standalone device, it is a Router for operation in security critical environments with high requirements for availability, comprehensive support as well as reliable and trusted systems powered by OpenBSD.
^"Core Force",Core Labs, archived fromthe original on 28 November 2011, retrieved13 December 2011,CORE FORCE provides inbound and outbound stateful packet filtering for TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular file system and registry access control and programs' integrity validation.
^ab"OpenBSD 6.0".OpenBSD.Archived from the original on 1 November 2018. Retrieved1 November 2016.
^"The X Windows System".OpenBSD Frequently Asked Questions.Archived from the original on 9 May 2016. Retrieved22 May 2016.OpenBSD ships with the cwm(1), fvwm(1) and twm(1) window managers, [...]
^"OpenBSD 6.8".www.openbsd.org.Archived from the original on 2 July 2021. Retrieved3 December 2021.
^De Raadt, Theo (19 December 2005)."2.3 release announcement".openbsd-misc (Mailing list).Without [SNI's] support at the right time, this release probably would not have happened.
^"Innovations".OpenBSD.Archived from the original on 9 September 2016. Retrieved18 May 2016.Privilege separation: [...] The concept is now used in many OpenBSD programs, for example [...] etc.
^"dragonfly.git/blob – crypto/openssh/README".gitweb.dragonflybsd.org.Archived from the original on 21 September 2016. Retrieved19 May 2016.This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices.
^Cranor, Chuck D."Chuck Cranor's Home Page".Archived from the original on 25 July 2011. Retrieved13 December 2011.I also hosted and helped create the first Anonymous CVS server on the Internet (the original anoncvs.openbsd.org [...]
^"Project Goals".OpenBSD.Archived from the original on 28 July 2013. Retrieved18 May 2016.Integrate good code from any source with acceptable licenses. [...], NDAs are never acceptable.
^"src/usr.sbin/mrinfo/mrinfo.c – view – 1.7".cvsweb.openbsd.org. 31 July 2001.Archived from the original on 4 May 2020. Retrieved24 May 2016.New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
^"src/usr.sbin/map-mbone/mapper.c – view – 1.5".cvsweb.openbsd.org. 31 July 2001.Archived from the original on 1 September 2018. Retrieved24 May 2016.New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
^"OpenBSD 2.7".OpenBSD.Archived from the original on 9 August 2020. Retrieved22 May 2016.
^Matzan, Jem (1 December 2006)."OpenBSD 4.0 review".Software in Review. Archived fromthe original on 11 January 2012. Retrieved13 December 2011.Each OpenBSD release has a graphical theme and a song that goes with it. The theme reflects a major concern that the OpenBSD programmers are addressing or bringing to light.
^"Undeadly".Archived from the original on 5 September 2018. Retrieved9 October 2018.
^abcConstantine A. Murenin;Raouf Boutaba (17 March 2009). "6. Evolution of the framework".OpenBSD Hardware Sensors Framework(PDF). AsiaBSDCon 2009 Proceedings, 12–15 March 2009. Tokyo University of Science, Tokyo, Japan (published 14 March 2009).Archived(PDF) from the original on 20 June 2010. Retrieved4 March 2019.Alt URL
