@feld @Moon oh i've heard about cheri but never looked into it

most reasons i don't trust freebsd is because of the kind of kernel exploits popping out of it fairly frequently since PS4 release (of course, since it runs FreeBSD) and even a bit before that; as well as the overall attack surface and the kernel design (but then again; what else to expect on monolithic kernels)

i should try looking into it, not that i think OpenBSD design is the best for security anyway (it's still a *nix and a monolithic kernel, after all) but they do tend to have safer practices when it comes to their code; though they indeed do not research or protect on the hardware side of attacks

it is also likely that openbsd is just less looked at, anyway