"Free, Functional, and Secure"
OpenBSD 5.9 desktop
|Developer||The OpenBSD Project|
|Written in||Primarily C, assembly, Perl, Makefile, and KornShell|
|OS family||Unix-like (BSD)|
|Source model||Open source|
|Initial release||1 October 1996|
|Latest release||6.3 (15 April 2018[±])|
|Package manager||OpenBSD package tools|
|Platforms||Alpha, x86-64, ARMv7, PA-RISC, IA-32, LANDISK, Omron LUNA-88K, MIPS64, PowerPC, and SPARC 64|
|Default user interface||Modified pdksh, FVWM X11|
|License||BSD, ISC, ATU, and other custom licenses|
OpenBSD is a free and open-source Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Research Unix derivative developed at the University of California, Berkeley. In late 1995, Theo de Raadt forked it from NetBSD. Besides the operating system as a whole, the project maintains portable versions of many subsystems, most notably OpenSSH, which are available as packages in other operating systems.
The project is known for its developers' insistence on open-source code, good documentation, code correctness, ongoing code audits, and security. As of February 2018, only two remote vulnerabilities have ever been found in the default install, in a period of almost 22 years - a fact prominently displayed on the OpenBSD website. It has strict policies on licensing, preferring the ISC license and other variants of the Simplified BSD License. Many of its security features are optional or absent in other operating systems. Its developers frequently audit the source tree for software bugs and security holes. According to OpenBSD expert Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms.":xxix
- 1 History and popularity
- 2 Uses
- 3 Component projects
- 4 Third-party components in the base system
- 5 Development and release process
- 6 Open-source and open documentation
- 7 Licensing
- 8 Funding
- 9 Security and code auditing
- 10 Distribution and marketing
- 11 See also
- 12 Notes
- 13 References
- 14 External links
History and popularity
In December 1994, NetBSD co-founder Theo de Raadt was asked to resign from his position as a senior developer and member of the NetBSD core team. The reason for this is not wholly clear, although there are claims that it was due to personality clashes within the NetBSD project and on its mailing lists.
In October 1995, de Raadt founded OpenBSD, a new project forked from NetBSD 1.0. The initial release, OpenBSD 1.2, was made in July 1996, followed by OpenBSD 2.0 in October of the same year. Since then, the project has followed a schedule of a release every six months, each of which is supported for one year.
On 25 July 2007, OpenBSD developer Bob Beck announced the formation of the OpenBSD Foundation, a Canadian non-profit organization formed to "act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD."
Just how widely OpenBSD is used is hard to determine as its developers do not publish or collect usage statistics. In September 2005, the BSD Certification Group performed a usage survey which revealed that 32.8% of BSD users (1420 of 4330 respondents) were using OpenBSD, placing it second out of the four major BSD variants, behind FreeBSD with 77% and ahead of NetBSD with 16.3%.[n 1]
Proprietary systems from several manufacturers are based on OpenBSD, including devices from Armorlogic (Profense web application firewall), Calyptix Security, GeNUA, RTMX, and .vantronix. Later versions of Microsoft's Services for UNIX, an extension to the Windows operating system providing Unix-like functionality, use large amounts of OpenBSD code.
OpenBSD ships with the X Window System and is suitable for use on the desktop.:xl As of February 2018[update], OpenBSD includes approximately 7800 packages, including desktop environments such as GNOME, Plasma 4 and Xfce, and web browsers such as Firefox and Chromium. The project also includes three window managers in the main distribution: cwm, FVWM (part of the default configuration for Xenocara), and twm.
Linux administrator Carlos Fenollosa commented on moving from Linux to OpenBSD, that the system is faithful to the Unix ideal of many small simple tools that work well: "Because of that, some base components are not as feature-rich, on purpose. Since 99% of the servers don't need the flexibility of Apache, OpenBSD's httpd will work fine, be more secure, and probably faster. For those who need the big boys, just install Apache from the packages". He characterized the developer community's attitude to components as being: "When the community decides that some module sucks, they develop a new one from scratch. OpenBSD has its own NTPd, SMTPd and, more recently, HTTPd. They work great". As a result, OpenBSD is comparatively prolific in creating components which eventually become widely reused by other systems.
Despite the small team size and relatively low usage of OpenBSD, the project maintains portable versions of many parts of the base system, including:
- LibreSSL, a free implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, forked from the OpenSSL 1.0.1g branch
- OpenBGPD, a free implementation of the Border Gateway Protocol 4 (BGP-4)
- OpenOSPFD, a free implementation of the Open Shortest Path First (OSPF) routing protocol
- OpenNTPD, a simple alternative to ntp.org's Network Time Protocol (NTP) daemon
- OpenSMTPD, a free Simple Mail Transfer Protocol (SMTP) daemon with IPv4/IPv6, PAM, Maildir and virtual domains support
- httpd, an HTTP server first included in the 5.6 release
- OpenSSH, a free implementation of the Secure Shell (SSH) protocol
- OpenIKED, a free implementation of the Internet Key Exchange (IKEv2) protocol
- Common Address Redundancy Protocol (CARP), a free alternative to Cisco's patented HSRP/VRRP server redundancy protocols
- PF, an IPv4/IPv6 stateful firewall with NAT, PAT, QoS and traffic normalization support
- pfsync, a firewall states synchronization protocol for PF firewall with High Availability support using CARP
- spamd, a spam filter with greylisting support designed to inter-operate with the PF firewall
- sndio, a compact audio and MIDI framework
- Xenocara, a customized X.Org build infrastructure
- cwm, a stacking window manager
- tmux, a terminal multiplexer
Third-party components in the base system
OpenBSD includes a number of third-party software components, many with OpenBSD-specific patches; examples include the X.Org Server, Clang (which acts as the default compiler), the GNU Compiler Collection,[n 2] Perl, NSD, Unbound, Ncurses, GNU Binutils, GNU Debugger and Awk.
OpenBSD used to include a fork of Apache 1.3, which was later replaced by Nginx. In the 5.6 release, Nginx was replaced with httpd, an HTTP server with FastCGI and Transport Layer Security support. As of May 2018[update], Apache and Nginx are still available as ports.
Development and release process
Development is continuous, and team management is open and tiered. Anyone with appropriate skills may contribute, with commit rights being awarded on merit and de Raadt acting as coordinator.:xxxv Two official releases are made per year, with the version number incremented by 0.1, and these are each supported for twelve months (two release cycles). Snapshot releases are also available at frequent intervals.
Maintenance patches for supported releases may be applied manually or by updating the system against the patch branch of the CVS repository for that release. Alternatively, a system administrator may opt to upgrade using a snapshot release and then regularly update the system against the -current branch of the CVS repository, in order to gain pre-release access to recently added features.
The standard OpenBSD kernel, as maintained by the project, is strongly recommended for end users; this is as opposed to kernels customized by the user.
Packages outside the base system are maintained by CVS through a ports tree and are the responsibility of the individual maintainers, known as porters. As well as keeping the current branch up to date, porters are expected to apply appropriate bug-fixes and maintenance fixes to branches of their package for OpenBSD's supported releases. Ports are generally not subject to the same continuous auditing as the base system due to lack of manpower.
Binary packages are built centrally from the ports tree for each architecture. This process is applied for the current version, for each supported release, and for each snapshot. Administrators are recommended to use the package mechanism rather than build the package from the ports tree, unless they need to perform their own source changes.
Every new release includes a song.
Open-source and open documentation
The OpenBSD Project is noted for its high-quality user documentation, considered top among the BSD family operating systems, all of which have excellent documentation. When OpenBSD was created, de Raadt decided that the source should be easily available for anyone to read at any time, so, with the assistance of Chuck Cranor, he set up the first public, anonymous CVS server. At the time, the tradition was for only a small team of developers to have access to a project's source repository. Cranor and de Raadt concluded that this practice "runs counter to the open source philosophy" and is inconvenient to contributors. De Raadt's decision allowed "users to take a more active role", and signaled the project's belief in open and public access to source code.
Since OpenBSD is based in Canada, no United States export restrictions on cryptography apply, allowing the distribution to make full use of modern algorithms for encryption. For example, the swap space is divided into small sections and each section is encrypted with its own key, ensuring that sensitive data does not leak into an insecure part of the system.
OpenBSD randomizes various behaviors of applications, making them less predictable and thus more difficult to attack. For example, PIDs are created and associated randomly to processes; the
bind system call uses random port numbers; files are created with random inode numbers; and IP datagrams have random identifiers. This approach also helps expose bugs in the kernel and in user space programs.
The OpenBSD policy on openness extends to hardware documentation: in the slides for a December 2006 presentation, de Raadt explained that without it "developers often make mistakes writing drivers", and pointed out that "the [oh my god, I got it to work] rush is harder to achieve, and some developers just give up." He went on to say that vendor-supplied binary drivers are unacceptable for inclusion in OpenBSD, that they have "no trust of vendor binaries running in our kernel" and that there is "no way to fix [them] ... when they break."
A goal of the OpenBSD Project is to "maintain the spirit of the original Berkeley Unix copyrights," which permitted a "relatively un-encumbered Unix source distribution." To this end, the Internet Systems Consortium (ISC) license is preferred for new code, but the MIT and BSD licenses are also accepted. The widely used GNU General Public License is considered overly restrictive compared to these.
In June 2001, triggered by concerns over Darren Reed's modification of IPFilter's license wording, a systematic license audit of the OpenBSD ports and source trees was undertaken. Code in more than a hundred files throughout the system was found to be unlicensed, ambiguously licensed or in use against the terms of the license. To ensure that all licenses were properly adhered to, an attempt was made to contact all the relevant copyright holders: some pieces of code were removed, many were replaced, and others, such as the multicast routing tools mrinfo and map-mbone, were relicensed so that OpenBSD could continue to use them. Also removed during this audit was all software produced by Daniel J. Bernstein. At the time, Bernstein requested that all modified versions of his code be approved by him prior to redistribution, a requirement to which OpenBSD developers were unwilling to devote time or effort.
Because of licensing concerns, the OpenBSD team has re-implemented software from scratch or adopted suitable existing software. Of particular note is the development, after license restrictions were imposed on IPFilter, of the pf packet filter, which first appeared in OpenBSD 3.0 and is now available in other major BSDs. OpenBSD developers have also replaced GPL licensed tools (such as diff, grep and pkg-config) with BSD licensed equivalents.
Although the operating system and its portable components are used in commercial products, de Raadt says that little of the funding for the project comes from the industry: "traditionally all our funding has come from user donations and users buying our CDs (our other products don't really make us much money). Obviously, that has not been a lot of money."
For a two-year period in the early 2000s, the project received DARPA funding, which "paid the salaries of 5 people to work completely full-time, bought about $30k in hardware, and paid for 3 hackathons", from the POSSE project.
In 2006, de Raadt expressed concern about the asymmetry of funding: "I think that contributions should have come first from the vendors, secondly from the corporate users, and thirdly from individual users. But the response has been almost entirely the opposite, with almost a 15 to 1 dollar ratio in favor of the little people. Thanks a lot, little people!" However, since 2014 several large contributions to the OpenBSD Foundation have come from corporations such as Microsoft, Facebook, and Google as well as the Core Infrastructure Initiative.
In 2006, the OpenBSD Project experienced financial danger. The Mozilla Foundation and GoDaddy are among the organizations that helped the OpenBSD Project to overcome its financial troubles.
On 14 January 2014, Bob Beck issued a request for funding to cover electrical costs. If sustainable funding was not found, Beck suggested the OpenBSD Project would shut down. The project soon received a US$20,000 donation from Mircea Popescu, the Romanian creator of the MPEx bitcoin stock exchange, paid in bitcoins. The project raised US$150,000 in response to the appeal, enabling it to pay its bills and securing its short-term future.
Security and code auditing
Shortly after OpenBSD's creation, de Raadt was contacted by a local security software company named Secure Networks (SNI). They were developing a "network security auditing tool" called Ballista,[n 3] which was intended to find and attempt to exploit possible software security flaws. This coincided with de Raadt's own interest in security, so for a time the two cooperated, a relationship that was of particular usefulness leading up to the release of OpenBSD 2.3 and helped to define security as the focal point of the project.
OpenBSD includes features designed to improve security, such as:
- secure alternatives to POSIX functions in the C standard library, such as
- toolchain alterations, including a static bounds checker
- memory protection techniques to guard against invalid accesses, such as ProPolice and the W^X page protection feature
- strong cryptography and randomization
To reduce the risk of a vulnerability or misconfiguration allowing privilege escalation, many programs have been written or adapted to make use of privilege separation, privilege revocation and chrooting. Privilege separation is a technique, pioneered on OpenBSD and inspired by the principle of least privilege, where a program is split into two or more parts, one of which performs privileged operations and the other—almost always the bulk of the code—runs without privilege. Privilege revocation is similar and involves a program performing any necessary operations with the privileges it starts with then dropping them. Chrooting involves restricting an application to one section of the file system, prohibiting it from accessing areas that contain private or system files. Developers have applied these features to OpenBSD versions of many common applications, such as tcpdump, file, tmux, smtpd, and syslogd.
OpenBSD developers were instrumental in the creation and development of OpenSSH, which is developed in the OpenBSD CVS repositories. OpenSSH is based on the original SSH. It first appeared in OpenBSD 2.6 and is now by far the most popular SSH client and server, available on many operating systems.
The project has a policy of continually auditing source code for problems, work that developer Marc Espie has described as "never finished ... more a question of process than of a specific bug being hunted." He went on to list several typical steps once a bug is found, including examining the entire source tree for the same and similar issues, "try[ing] to find out whether the documentation ought to be amended", and investigating whether "it's possible to augment the compiler to warn against this specific problem."
The default install is quite minimal, which the project states is to ensure novice users "do not need to become security experts overnight", which fits with open-source and code auditing practices argued to be important elements of a security system.
Alleged FBI backdoor investigated
On 11 December 2010, Gregory Perry, a former technical consultant for the Federal Bureau of Investigation (FBI), emailed de Raadt alleging that the FBI had paid some OpenBSD ex-developers 10 years previously to insert backdoors into the OpenBSD Cryptographic Framework. De Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of the IPsec codebase. De Raadt's response was skeptical of the report and he invited all developers to independently review the relevant code. In the weeks that followed, bugs were fixed but no evidence of backdoors were found. De Raadt stated "I believe that NetSec was probably contracted to write backdoors as alleged. If those were written, I don't believe they made it into our tree. They might have been deployed as their own product."
The OpenBSD website features a prominent reference to the security record of the default installation. Until June 2002, the wording read "Five years without a remote hole in the default install!" An OpenSSH bug was then discovered that made it possible for a remote attacker to gain root privileges in OpenBSD and in any of the other systems running OpenSSH at the time. It was quickly fixed, as is normal with known security holes. The slogan was changed to "One remote hole in the default install, in nearly 6 years!" In 2007, a network-related remote vulnerability was found, which was also quickly fixed. The quote was subsequently altered to "Only two remote holes in the default install, in a heck of a long time!" As of February 2018[update], the wording remains.
Distribution and marketing
The name OpenBSD refers to the fact that OpenBSD's source code is freely available on the Internet. It also refers to the wide range of hardware platforms the operating system supports.
OpenBSD is freely available in various ways: the source can be retrieved by anonymous CVS, and binary releases and development snapshots can be downloaded by FTP, HTTP, and rsync. Prepackaged CD-ROM sets through version 6.0 can be ordered online for a small fee, complete with an assortment of stickers and a copy of the release's theme song. These, with their artwork and other bonuses, have been one of the project's few sources of income, funding hardware, Internet service, and other expenses. Beginning with version 6.1, CD-ROM sets are no longer released.
In common with other operating systems, OpenBSD provides a package management system for easy installation and management of programs which are not part of the base operating system. Packages are binary files which are extracted, managed and removed using the package tools. On OpenBSD, the source of packages is the ports system, a collection of Makefiles and other infrastructure required to create packages. In OpenBSD, the ports and base operating system are developed and released together for each version: this means that the ports or packages released with, for example, 4.6 are not suitable for use with 4.5 and vice versa.
OpenBSD at first used the BSD daemon mascot. A specialized version of the daemon, the haloed daemon was drawn by Erick Green. Green was asked by de Raadt to create the logo for the 2.3 and 2.4 versions of OpenBSD. At first, it was planned to create a full daemon, including head and body, but Green was only able to complete the head part for OpenBSD 2.3. The body as well as pitchfork and tail was completed for OpenBSD 2.4. Subsequent releases saw variations, such as Cop daemon by Ty Semaka, but eventually settling on Puffy, described as a pufferfish.[n 4] Since then Puffy has appeared on OpenBSD promotional material and featured in release songs and artwork. The promotional material of early OpenBSD releases did not have a cohesive theme or design, but later the CD-ROMs, release songs, posters and tee-shirts for each release have been produced with a single style and theme, sometimes contributed to by Ty Semaka of the Plaid Tongued Devils. These have become a part of OpenBSD advocacy, with each release expounding a moral or political point important to the project, often through parody. Past themes have included: in OpenBSD 3.8, the Hackers of the Lost RAID, a parody of Indiana Jones linked to the new RAID tools featured as part of the release; The Wizard of OS, making its debut in OpenBSD 3.7, based on the work of Pink Floyd and a parody of The Wizard of Oz related to the project's recent work on wireless card drivers; and OpenBSD 3.3's Puff the Barbarian, including an 80s rock-style song and parody of Conan the Barbarian, alluding to open documentation.
- Category:Computing mascots
- Comparison of BSD operating systems
- Comparison of open-source operating systems
- KAME project – responsible for OpenBSD's IPv6 support
- List of computing mascots
- OpenBSD Journal – online newspaper dedicated to OpenBSD news
- OpenBSD version history
- Security-focused operating system
- Multiple selections were permitted as a user may use multiple BSD variants side by side.
- As of OpenBSD 6.3[update], either Clang 5.0.1, GCC 4.2.1 or GCC 3.3.6 is shipped, depending on the platform.
- Later renamed to Cybercop Scanner after SNI was purchased by Network Associates.
- Pufferfish do not, in fact, possess spikes; images of Puffy are closer to a similar species, the porcupinefish.
- "Package Management". OpenBSD Frequently Asked Questions. Retrieved 1 June 2016.
- "Platforms". OpenBSD. Retrieved 3 September 2016.
- "src/sys/dev/microcode/atmel/atu-license – view – 1.3". cvsweb.openbsd.org. Retrieved 20 May 2016.
Redistribution [...] is permitted provided that the following conditions are met: [...] Firmware is redistributed in object code only.
- "src/sys/dev/microcode/tigon/tigon-license – view – 1.5". cvsweb.openbsd.org. Retrieved 20 May 2016.
- Lucas, Michael W. (2013). Absolute OpenBSD: Unix for the practical paranoid (2nd ed.). San Francisco: No Starch Press. ISBN 978-1-59327-476-4.
- BSD Usage Survey (PDF) (Report). The BSD Certification Group. 31 October 2005. p. 9. Retrieved 16 September 2012.
- Glass, Adam (23 December 1994). "Theo De Raadt". netbsd-users (Mailing list).
- de Raadt, Theo (18 October 1996). "The OpenBSD 2.0 release". openbsd-announce (Mailing list).
- "Announcing – The OpenBSD Foundation". OpenBSD Journal. 26 July 2007.
- McIntire, Tim (8 August 2006). "Take a closer look at OpenBSD". Developerworks. IBM. Retrieved 13 December 2011.
- "AccessEnforcer Model AE800". Calyptix Security. Retrieved 28 May 2016.
- "High Resistance Firewall genugate". GeNUA. Retrieved 29 May 2016.
- "RTMX O/S IEEE Real Time POSIX Operating Systems". RTMX. Retrieved 13 December 2011.
RTMX O/S is a product extension to OpenBSD Unix-like operating system with emphasis on embedded, dedicated applications.
- ".vantronix secure system". Compumatica secure networks. Archived from the original on 1 January 2012. Retrieved 13 December 2011.
The Next Generation Firewall is not a standalone device, it is a Router for operation in security critical environments with high requirements for availability, comprehensive support as well as reliable and trusted systems powered by OpenBSD.
- Dohnert, Roberto J. (21 January 2004). "Review of Windows Services for UNIX 3.5". OSNews. David Adams.
- "About Xenocara". Xenocara. Retrieved 13 December 2011.
- Tzanidakis, Manolis (21 April 2006). "Using OpenBSD on the desktop". Linux.com. Retrieved 9 March 2012.
- Lucas, Michael W. (April 2013). Absolute OpenBSD: Unix for the Practical Paranoid (2nd ed.). San Francisco, California: No Starch Press. ISBN 978-1-59327-476-4.
- "OpenPorts.se Statistics". OpenPorts.se. Retrieved 8 February 2018.
- "OpenBSD 6.0". OpenBSD. Retrieved 1 November 2016.
- "The X Windows System". OpenBSD Frequently Asked Questions. Retrieved 22 May 2016.
OpenBSD ships with the cwm(1), fvwm(1) and twm(1) window managers, [...]
- "Contents of /stable/10/crypto/openssh/README". svnweb.freebsd.org. Retrieved 19 May 2016.
This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices.
- "src/crypto/external/bsd/openssh/dist/README – view – 1.4". NetBSD CVS Repositories. Retrieved 19 May 2016.
- "dragonfly.git/blob – crypto/openssh/README". gitweb.dragonflybsd.org. Retrieved 19 May 2016.
This is the port of OpenBSD's excellent OpenSSH to Linux and other Unices.
- "Arch Linux – openssh 7.2p2-1 (x86_64)". Arch Linux. Retrieved 17 May 2016.
- "openssh". OpenSUSE. Retrieved 17 May 2016.
- "Debian – Details of package openssh-client in jessie". Debian. Retrieved 17 May 2016.
- "clang-local – OpenBSD-specific behavior of LLVM/clang". OpenBSD manual pages. Retrieved 2 February 2018.
- "gcc-local – local modifications to gcc". OpenBSD manual pages. Retrieved 1 November 2016.
- "httpd – HTTP daemon". OpenBSD manual pages. Retrieved 1 November 2016.
- "OpenBSD ports ∴ www/apache-httpd,-main". ports.su. Retrieved 13 May 2018.
- "OpenBSD ports ∴ www/nginx". ports.su. Retrieved 13 May 2018.
- Andrews, Jeremy (2 May 2006). "Interview: Theo de Raadt". KernelTrap. Archived from the original on 24 April 2013.
- "OpenBSD's flavors". OpenBSD Frequently Asked Questions. Retrieved 22 May 2016.
- "Applying patches in OpenBSD". OpenBSD Frequently Asked Questions. Retrieved 15 May 2016.
- "Migrating to OpenBSD". OpenBSD Frequently Asked Questions. Retrieved 4 January 2017.
- "Hackathons". OpenBSD. Retrieved 18 May 2016.
- "Interview: Theo de Raadt of OpenBSD". NewsForge. 28 March 2006. Retrieved 31 March 2016.
- "Release Songs". OpenBSD. Retrieved 22 May 2016.
- Beck, Bob (25 February 2014). "Google Summer of Code 2014". openbsd-misc (Mailing list). Retrieved 4 March 2014.
- "GSOC 2014 with the OpenBSD Foundation". Google Summer of Code 2014. Retrieved 4 March 2014.
- Chisnall, David (20 January 2006). "BSD: The Other Free UNIX Family". InformIT. Archived from the original on 14 March 2014.
- Smith, Jesse (18 November 2013). "OpenBSD 5.4: Puffy on the Desktop". Archived from the original on 30 April 2014.
- Cranor, Chuck D. "Chuck Cranor's Home Page". Retrieved 13 December 2011.
I also hosted and helped create the first Anonymous CVS server on the Internet (the original anoncvs
.openbsd .org [...]
- Cranor, Chuck D.; de Raadt, Theo (6 June 1999). Opening the Source Repository with Anonymous CVS. USENIX Annual Technical Conference. Monterey, California. Retrieved 13 December 2011.
- "Project Goals". OpenBSD. Retrieved 18 May 2016.
Integrate good code from any source with acceptable licenses. [...], NDAs are never acceptable.
- de Raadt, Theo; Hallqvist, Niklas; Grabowski, Artur; Keromytis, Angelos D.; Provos, Niels (6 June 1999). "Randomness Used Inside the Kernel". Cryptography in OpenBSD: An Overview. USENIX Annual Technical Conference. Monterey, California. Retrieved 1 February 2014.
- de Raadt, Theo (5 December 2006). "Presentation at OpenCON". OpenBSD. Retrieved 13 December 2011.
- "Copyright Policy". OpenBSD. Retrieved 13 December 2011.
- Matzan, Jem (15 June 2005). "BSD cognoscenti on Linux". NewsForge. Linux.com. Retrieved 28 May 2016.
- Gasperson, Tina (6 June 2001). "OpenBSD and ipfilter still fighting over license disagreement". Linux.com. Archived from the original on 26 June 2008.
- "src/usr.sbin/mrinfo/mrinfo.c – view – 1.7". cvsweb.openbsd.org. 31 July 2001. Retrieved 24 May 2016.
New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
- "src/usr.sbin/map-mbone/mapper.c – view – 1.5". cvsweb.openbsd.org. 31 July 2001. Retrieved 24 May 2016.
New license from Xerox! This code is now FREE! Took a while and a lot of mails, but it is worth it.
- de Raadt, Theo (24 August 2001). "Re: Why were all DJB's ports removed? No more qmail?". openbsd-misc (Mailing list). Archived from the original on 19 April 2016.
- Bernstein, Daniel J. (27 August 2001). "Re: Why were all DJB's ports removed? No more qmail?". openbsd-misc (Mailing list). Archived from the original on 4 February 2012.
- Espie, Marc (28 August 2001). "Re: Why were all DJB's ports removed? No more qmail?". openbsd-misc (Mailing list). Archived from the original on 19 April 2016.
- Hartmeier, Daniel (10 June 2002). Design and Performance of the OpenBSD Stateful Packet Filter (pf). USENIX Annual Technical Conference. Monterey, California. Retrieved 13 December 2011.
- The OpenBSD PF Packet Filter Book: PF for NetBSD, FreeBSD, DragonFly and OpenBSD. Reed Media Services. ISBN 0-9790342-0-5. Retrieved 19 May 2016.
- McAllister, Neil (8 July 2015). "Microsoft rains cash on OpenBSD Foundation, becomes top 2015 donor". The Register. Retrieved 27 May 2016.
- "Contributors". OpenBSD Foundation. Retrieved 27 May 2016.
- "OpenBSD Project in Financial Danger". Slashdot. 21 March 2006. Retrieved 12 December 2014.
- "Mozilla Foundation Donates $10K to OpenSSH". Slashdot. 4 April 2006. Retrieved 12 December 2014.
- "GoDaddy.com Donates $10K to Open Source Development Project". The Hosting News. 19 April 2006. Archived from the original on 11 November 2006.
- Beck, Bob (14 January 2014). "Request for Funding our Electricity". openbsd-misc (Mailing list). Retrieved 17 May 2016.
- Bright, Peter (20 January 2014). "OpenBSD rescued from unpowered oblivion by $20K bitcoin donation". Ars Technica. Retrieved 20 January 2014.
- "The OpenBSD Foundation 2014 Fundraising Campaign". OpenBSD Foundation. Retrieved 24 May 2014.
- "OpenBSD Donators".
- "Smartisan Makes Another Iridium Donation to the OpenBSD Foundation". Undeadly.
- Varghese, Sam (8 October 2004). "Staying on the cutting edge". The Age. Retrieved 13 December 2011.
- Laird, Cameron; Staplin, George Peter (17 July 2003). "The Essence of OpenBSD". ONLamp. Retrieved 13 December 2011.
- de Raadt, Theo (19 December 2005). "2.3 release announcement". openbsd-misc (Mailing list).
Without [SNI's] support at the right time, this release probably would not have happened.
- Wayner, Peter (13 July 2000). "18.3 Flames, Fights, and the Birth of OpenBSD". Free For All: How Linux and the Free Software Movement Undercut the High Tech Titans (1st ed.). HarperBusiness. ISBN 978-0-06-662050-3. Archived from the original on 14 January 2012. Retrieved 13 December 2011.
- Miller, Todd C.; de Raadt, Theo (6 June 1999). strlcpy and strlcat - Consistent, Safe, String Copy and Concatenation. USENIX Annual Technical Conference. Monterey, California. Retrieved 13 December 2011.
- de Raadt, Theo; Hallqvist, Niklas; Grabowski, Artur; Keromytis, Angelos D.; Provos, Niels (6 June 1999). Cryptography in OpenBSD: An Overview. USENIX Annual Technical Conference. Monterey, California. Retrieved 27 May 2016.
- Provos, Niels (9 August 2003). "Privilege Separated OpenSSH". Retrieved 13 December 2011.
- "Innovations". OpenBSD. Retrieved 18 May 2016.
Privilege separation: [...] The concept is now used in many OpenBSD programs, for example [...] etc.
- "Project History and Credits". OpenSSH. Retrieved 13 December 2011.
- "SSH usage profiling". OpenSSH. Retrieved 13 December 2011.
- Biancuzzi, Federico (18 March 2004). "An Interview with OpenBSD's Marc Espie". ONLamp. Retrieved 13 December 2011.
- "Security". OpenBSD. Retrieved 13 December 2011.
Secure by Default.
- Wheeler, David A. (3 March 2003). "2.4. Is Open Source Good for Security?". Secure Programming for Linux and Unix HOWTO. Retrieved 13 December 2011.
- de Raadt, Theo (14 December 2010). "Allegations regarding OpenBSD IPSEC". openbsd-tech (Mailing list). Retrieved 28 May 2016.
- Holwerda, Thom (14 December 2010). "FBI Added Secret Backdoors to OpenBSD IPSEC". OSNews. Retrieved 13 December 2011.
- Ryan, Paul (23 December 2010). "OpenBSD code audit uncovers bugs, but no evidence of backdoor". Ars Technica. Retrieved 9 January 2011.
- Mathew J. Schwartz (22 December 2010). "OpenBSD Founder Believes FBI Built IPsec Backdoor". InformationWeek: DARKreading. Archived from the original on 11 July 2017.
- "OpenBSD". OpenBSD. Archived from the original on 28 May 2002.
- "OpenSSH Remote Challenge Vulnerability". Internet Security Systems. 26 June 2002. Archived from the original on 8 September 2012. Retrieved 13 December 2011.
- "OpenSSH 'Challenge-Response' authentication buffer overflow". Internet Security Systems. Archived from the original on 6 January 2012. Retrieved 13 December 2011.
- "OpenBSD's IPv6 mbufs remote kernel buffer overflow". Core Security Technologies. 13 March 2007. Retrieved 13 December 2011.
- Grimes, Roger A. (29 December 2006). "New year's resolution No. 1: Get OpenBSD". InfoWorld.
- "Anonymous CVS". OpenBSD. Retrieved 13 December 2011.
- "Mirrors". OpenBSD. Retrieved 22 May 2016.
- "Orders". OpenBSD. Retrieved 20 May 2016.
- "Packages and Ports". OpenBSD Frequently Asked Questions. Retrieved 22 May 2016.
- "OpenBSD". mckusick.com. Retrieved 12 December 2014.
- de Raadt, Theo (19 May 1999). "OpenBSD 2.5 Release Announcement". openbsd-announce (Mailing list). Archived from the original on 14 March 2014.
OpenBSD 2.5 introduces the new Cop daemon image done by cartoonist Ty Semeka.
- "OpenBSD 2.7". OpenBSD. Retrieved 22 May 2016.
- Matzan, Jem (1 December 2006). "OpenBSD 4.0 review". Software in Review. Retrieved 13 December 2011.
Each OpenBSD release has a graphical theme and a song that goes with it. The theme reflects a major concern that the OpenBSD programmers are addressing or bringing to light.
|Wikimedia Commons has media related to OpenBSD.|
|The Wikibook Guide to Unix has a page on the topic of: OpenBSD|