Darren Spruell wrote: > > > Sadly, justifying the obvious through these means is often a requirement. > > Here's an approach you might consider. Take a best practice / > standards guide such as from NIST: > > http://www.itl.nist.gov/lab/bulletns/bltndec02.htm > http://csrc.nist.gov/publications/drafts/800-44-Version2/Draft-SP800-44v2.pdf > > And for the points your organization feels are important (like what > you've listed above), map how OpenBSD's implementation and OS approach > addresses those points. >
Thanks... that's a good suggestion. I found the Secunia OS advisories very telling as well. Comparing OpenBSD 3.x (85 Advisories) to Debian 3.x (577). http://secunia.com/product/ -- View this message in context: http://www.nabble.com/Security-Comparisons-tf4779123.html#a13676309 Sent from the openbsd user - misc mailing list archive at Nabble.com.
