Thanks. So, it's only 10K to 25K $. It doesn't cost that much to be up there with the big ones (Facebook and Google), but still makes me proud to see Yandex there: it's one of a few national companies I can be proud of, as a Russian.
Honest question, how do these companies use OpenBSD? I can totally understand the security benefits of OpenBSD, but it's also my understanding that it's very "unstable", in the sense that they constantly introduce breaking changes. So I don't understand which company would put their "extra-secure" data in such system.
This is not the case. Breaking (in OpenBSD terms) doesn't mean release is unusable. It is/would be if you were to use apps from previous base/ports. But you don't and you shouldn't - what you get with each release is complete, working and sound. If you have custom code, then yes, you may need to adapt. But there's enough time to do that with each release. There's a stabilization period that's "long enough" and you always know when new release is coming out.
I follow the upgrade instruction every 6 months. Its really not that hard. If they throw a part of the base system out that I was using, then I install the port or convert to the "new way". So far, all has been good.
Frankly, my FreeBSD box has been a bigger pain for upgrades with the "solver cannot solve" for pkg on upgrades, and now with the 10.2 upgrade "pw useradd" is taking over 1 minute per run. Since I'm doing student enrollment right now, its getting to be a little much. Such is the price to use ZFS for home and group directories.
There's a lot of software that the OpenBSD Foundation develops, like OpenSSH, that gets used by near everyone. So even if a company doesn't use OpenBSD, they almost certainly use some software that was developed for it.
In my experience, when some backward compatibility is broken for security reasons, then you should stop using broken feature (or using feature in a way that is broken) even if you don't upgrade to the newer version of the product.
DeRaadt for Prime Minister 2015.