Microsoft SQL Server has a stronger security posture than the Oracle RDBMS!!

This was a nice white paper David Litchfield on November 2006 and he published it in the NGSSoftware Insight Security Research (NISR) Publication.

a copy of the white paper is on the follwing site: www.databasesecurity.com/dbsec/comparison.pdf

The article had a nice and non-biased points on each product...

 

Summary:

"paper will examine the differences between the security posture of Microsoft’s SQL Server and Oracle’s RDBMS based upon flaws reported by external security researchers and since fixed by the vendor in question. Only flaws affecting the database server software itself have been considered in compiling this data so issues that affect, for example, Oracle Application Server have not been included"

 

"if security robustness and a high degree of assurance are concerns when looking to purchase database server software – given these results one should not be

looking at Oracle as a serious contender."

 

This is a nice document, go throug it and maybe tell me about it...

thanks to my friend "Umit Tiric" who provided me with the white paper..