My history


I found my first security holes in 1987

Been auditing with a team OpenBSD for 20 years

Auditing has serious limits, too much complexity to keep in mind

Started a team to integrate a variety of mitigations