I recently read a research report from the ITIC which which studied the number of security flaws reported against different databases since 2002. The ITIC is the Information Technology Intelligence Consulting. It is located in Boston and its bio says it is an independent research and consulting firm that covers high technology.

The research states that, since 2002, Microsoft SQL Server has had the fewest reported number of vulnerabilities of any major database platform - only 49. These statistics were reported from the NIST ( National Institute of Standards and Technology) which is a government monitoring agency.

Oracle has reported a whopping 321 flaws, more than 6 time that of SQL Server. So when someone talks about how great Oracle is compared with SQL Server, or complains about security patches from Microsoft - this research may come in handy. I guess this the result of the Trustworthy Computing initiative which begain in 2002.  You may recall the SQL Slammer worm which really messed us all up in about May of 2002. Afterwards, the SQL Server group stopped all new development and spent months going through existing code with the purpose of making it safer and more secure.  Perhaps this is the payoff - good job SQL TEAM!


Security Vulnerabilities since 2002
SQL Server 49
MySQL 98
IBM DB2 121
Oracle 321


The entire report can be seen  at http://itic-corp.com/blog/2010/09/sql-server-most-secure-database-oracle-least-secure-database-since-2002/

Posted in: Blog

Post Comment

Only registered users may post comments.

picture of Wayne Snyder

Wayne Snyder

Advertisement Minimize

Copyright 2004-2013 MSBICentral.com Terms Of Use Privacy Statement