Far be it from me to poke the sleeping bear, but when I hear good news about the product I work on I just have to share it. I think common folk call what I'm feeling "pride". I'm happy to go with that. So what's this good news I speak of? SQL Server didn't make the SANS Top 20 Internet Security Vulnerabilities list; a list you don't want to be on. Sad to say that Microsoft is not short of representation on the list but I'm happy to report that Microsoft's representation is sans SQL Server.
Oracle, MySQL, PostgreSQL and DB2 all have the distinct dishonor of being named to the list. To read all about SANS and to see who made the list check out: The SANS Top 20: http://www.sans.org/top20