Roadmap

HardenedBSD's 2021 goals:

  • Shawn webb:
    • Make more progress with Cross-DSO CFI
    • Enhance and grow the infrastructure
    • Bring bits of llvm's sanitization framework into the RTLD

HardenedBSD's 2018 goals:

  • Shawn Webb:
    • SafeStack/arm64 port
    • Cross-DSO CFI on amd64
    • Documentation enhancements
    • Infrastructure growth and maintenance
    • Become a not-for-profit organization
  • Oliver Pinter:
    • Complete hbsdcontrol
    • Release engineering of stable releases
    • HardenedBSD MFC maintenance
    • Research of kernel code
    • Code refactoring
    • sysctl hardening
    • PaX UDEREF research

This is what HardenedBSD is planning for 2016:

  • All of base compiled as PIE. (DONE - 15 Apr 2016)
  • All of base compiled with RELRO + BIND_NOW (DONE - 17 Apr 2016)
  • Binary updates for base and kernel (DONE - hbsd-update).
  • syscall and sysctl hardening. (IN PROGRESS - 25 Jan 2016)
  • hbsdcontrol finished. (IN PROGRESS - Jan 2016)
  • Focus on documentation. (IN PROGRESS - 06 Feb 2016)
  • SEGVGUARD cleanup. (IN PROGRESS - 01 Feb 2016)
  • First official release: 11.0-RELEASE.
  • PaX NOEXEC finished.
  • UDEREF started.
  • ugidfw integrated into secadm.
  • (Maybe) secadm in base.
  • Network-installable installation media.
  • Mirrors for both packages and installation media.