Microsoft SQL Server Runs the Security Table

In my opinion, SQL Server 2000 SP3, SQL Server 2005 and IIS6 have been the poster-children for SDL. Enterprise Strategy Group just released a research paper comparing the security of SQL Server with Oracle and MySQL.

And no, this was not commissioned by Microsoft!

Comments

• Anonymous
  November 16, 2006
  The comment has been removed

• Anonymous
  November 16, 2006
  Whilst I agree with the overall point, SQL server (especially 2005) is waay better than Oracle/MySQL on the security front, the numbers this study uses seem odd.. They've not specified product version and that's just going to  make the numbers very odd, they've also not (that I can see) specified their exact methodology the comment above implies that their methodology may not be the best! Here's a better (IMO) analysis, using secunia which actually breaks things down well by product Number of advisories per product from 2003-2006 Microsoft SQL Server 2000 - 10 Microsoft SQL Server 2005 - 0 MySQL 3                   - 11 MySQL 4                   - 19 MySQL 5                   - 5 Oracle 8i                 - 17 Oracle 9i Enterprise      - 23 Oracle 10g                - 13 Now I know it's possible to argue the point around severity etc and product age, but I'd say still a pretty clear win for Microsoft...

• Anonymous
  November 20, 2006
  I was quite surprised when a number of folks criticized the data used in the report titled " Microsoft