OpenBSD is a fork of NetBSD maintained by a very paranoid Canadian man and his cronies. The fork began when Theo was stripped of his NetBSD title for flaming the crap out of people. After losing access to the tree, he tried to submit patches, but they were sadly rejected, and despite talk by the NetBSD people of allowing Theo to merge them himself, Theo was not given CVS. After a few months of pleading with NetBSD's higher ranks, a fed up Theo decided to create his own tree in 1995. Since then it has become known for security. The basic security philosophy is:

  • Enable very few daemons by default, and have lean config files. "Secure by default".
  • Frequently audit code for exploitable bits

OpenBSD also has out-of-the-box crypto. It was one of the earlier UNIXish platforms to abolish telnet entirely in favor of ssh, with their free rewrite, OpenSSH.

It's certainly the best for an Internet gateway, firewall, et cetera. For a workstation, I'm not so sure it's all that necessary, because you'd just end up defeating the purpose by enabling a bunch of [potentially exploitable] daemons, changing config files and the like. In such a case it might make a little more sense to use NetBSD or FreeBSD (or of course, GNU/Linux..), leaving your OpenBSD boxen on the front lines of security.