openbsd style security

protocol security
use a lot of random numbers in the protocol fields
normally sequence number (= easy to guess)
harder to guess, harder to hijack
add secure protocol like IPsec, ssh on top

operating system security
use random numbers for memory allocation
malloc(), mmap() will get randomized
shared library location will be randomized
stack overrun will be detected and process will be killed
it is impossible to run shellcode on the stack

only 2 remote hole in more than 10 years!
compare it against Windows: 10 remote holes every 1 month

talk to me about the details