If this is off-topic, I apologize. Just tell me and I'll go away ;) I'm having discussions with a coworkers about moving to OpenBSD for Apache/PHP web hosting. Right now, we use various Linux distros. I have no problem with that. Linux is cool... but it's takes more time to secure and manage. I like the Suhosin (Hardened PHP patch in OpenBSD's PHP package) and the fact that Apache is chrooted by default. We even uploaded some php exploit code onto a test OpenBSD box (r57shell) to see how well it contained the exploit. It worked well. All of these demos and discussions are informal. So here's the question: Are there any formal/corporate comparisons that demonstrate the enhanced security of OpenBSD when compared to other solutions in this space that we can provide to upper management?
I know this seems odd, but our managers ask for these types of things... even when the solution speaks for itself and has a strong history of security. IMO, OpenBSD doesn't need to be 'sold' as as security solution as it sells itself, but others feel differently. Many thanks to any who can offer advice, Brad -- View this message in context: http://www.nabble.com/Security-Comparisons-tf4779123.html#a13671831 Sent from the openbsd user - misc mailing list archive at Nabble.com.
