posted on September 28, 2010 08:07
I recently read a research report from the ITIC which which studied the number of security flaws reported against different databases since 2002. The ITIC is the Information Technology Intelligence Consulting. It is located in Boston and its bio says it is an independent research and consulting firm that covers high technology.
The research states that, since 2002, Microsoft SQL Server has had the fewest reported number of vulnerabilities of any major database platform - only 49. These statistics were reported from the NIST ( National Institute of Standards and Technology) which is a government monitoring agency.
Oracle has reported a whopping 321 flaws, more than 6 time that of SQL Server. So when someone talks about how great Oracle is compared with SQL Server, or complains about security patches from Microsoft - this research may come in handy. I guess this the result of the Trustworthy Computing initiative which begain in 2002. You may recall the SQL Slammer worm which really messed us all up in about May of 2002. Afterwards, the SQL Server group stopped all new development and spent months going through existing code with the purpose of making it safer and more secure. Perhaps this is the payoff - good job SQL TEAM!
Security Vulnerabilities since 2002
The entire report can be seen at http://itic-corp.com/blog/2010/09/sql-server-most-secure-database-oracle-least-secure-database-since-2002/