Kristaps Dzonsons on pledge(2)

Kristaps Dzonsons, of mandoc and acme-client (and more) fame, has written a detailed article entitled "why pledge(2) "or, how I learned to love web application sandboxing".

The tl;dr section starts:

For practical web applications, pledge(2) presents the best compromise of development simplicity and security coverage. This alone gives BCHS applications even more of a boost beyond the many other advantages of programming on OpenBSD.

The article discusses the advantages of pledge(2) over other sandboxing systems.