A study that was just released by te good folks over at NGSS has an interesting result. Microsoft, everyone’s favourite whipping boy, has received some positive results. The report has found that Microsoft SQL Server has been suffering from a bad rap.
Between December 2000 and November 2006, external researchers discovered 233 vulnerabilities in Oracle’s products compared to 59 in Microsoft’s SQL Server technology, according to NGSS. The study looked at vulnerabilities that were reported and fixed in SQL Server 7, 2000 and 2005 and Oracle’s database versions 8, 9, and 10g.
The results show that the reputation that MS SQL server had back in 2002 for relatively poor security is no longer deserved, said David Litchfield founder of NGSS. And neither is the beating that Microsoft has gotten for security issues, he said.
Litchfield believes that security researchers should be a little more lenient towards MS on this aspect. The thought being that there are bigger fish to fry, like Oracle.
The NGSS report comes at a time when security researchers, irked by what they consider to be Oracle’s glacial pace of fixing bugs, are increasingly turning their attention to its products. In October, the company announced fixes for over 100 flaws as part of its scheduled quarterly security updates. Many of the flaws were reported to the company by outside researchers.
NGSS Report (.pdf)
[tags]Oracle, Microsoft, Database Security, NGSS Report[/tags]
