http://www.networkworld.com/news/2008/031308-database-expert-oracle-behind-microsoft.html?fsrc=rss-security
Interesting to see someone have a shot a putting numbers on how far Oracle are behind Microsoft in the database security arena (well secure features as opposed to security features anyway). The number that they come up with is 5 years...
Assuming that nothing turns up soon it actually looks like SQL Server 2005 will go through it's whole product lifecycle without a published vulnerability. Secunia are currently showing it affected by 0 vulnerabilities.
Hey Rory,
I have to admit I'm quite surprised to see that Secunia has 0 advisories for SQL Server 2005.
Whilst I'm not really into MS bashing (or defending), I thought Miko's initial comments on the state of MS' security were a bit dated. As far as software security goes, I'm unsure of many other companies of that size (and product base) which is making such a holistic effort towards better application security. Primarily, I believe, due to the top to bottom approach, starting with CEO, that a lot of the processes that they are implementing are pretty damn good.
yeah I'd definitely agree Microsoft seem to have put together a really solid security program which is paying dividends now.
It'll be interesting to see how long other companies take to catch up!