The email@example.com mailing list, where all OpenBSD CVS commit log entries are mailed to, has seen a lot of "... strdup/sprintf/strcpy whacking." lately, to quote a particular commit message by Theo de Raadt where he eradicated 2451 lines with insecure function calls in them.
Theo explains in a firstname.lastname@example.org message that they're trying to rid the source tree of these insecure function calls. This is unique, and it is what makes OpenBSD have it's huge advantage in security.
Secure features, not security features.