This is why I like OpenBSD - demonstrations of bugs in the system are fixed really quickly.
This also led me to the Project Triforce blog article that was submitted here to lobste.rs.
But in an ideal world, the OpenBSD team would be on top of it all and had already made extensive code scans and fuzzing a regular (automated?) occurrence along with manual audits and everything else. In that world, there would be no need for a third party to come demonstrate bugs to get them fixed quickly; they’d be fixed already before ever being committed (or just long ago, in the case of inherited code) ;-)
That said, I’m happy the bugs were reported and are fixed now. I’m also surprised there were so few of them.
Third parties have the huge advantage of not being on top if it all. Constantly working on a system and doing changes slowly leads to “it works” being the general assumption about it. You don’t go back an recheck working things. That becomes even worse when the system really works and is not a mess that you assume to be broken at all points anyways.
jsg@ did some userland fuzzing with AFL in the past: http://marc.info/?l=openbsd-cvs&w=2&r=1&s=jsg+afl&q=b
Undeadly has a nice tutorial for anyone willing to try AFL in userland.
Hehe, try syscall-fuzzing the Linux kernel…
The OpenBSD kernel is built like a space-ship in comparison to the Linux kernel, which has more features but generally looks like a contraption made out of planks and lots of duct tape.