Microsoft Proves To Be More Secure Than Oracle

Microsoft beats Oracle in the security of its database, says a recent report. Database security specialist David Litchfield of 'NGS Software' arrives at a conclusion that Microsoft's SQL server has significantly fewer security flaws than Oracle databases.

Microsoft has been found to patch 59 security holes in its SQL Server 7, 2000 and 2005 databases while Oracle released 233 patches for vulnerabilities in its Oracle 8, 9 and 10g databases. The report also says that there was not a single security bulletin issued by Microsoft for its databases since the middle of 2003 whereas Oracle has issued a number of patches in recent years.

The research, however, reported Oracle to have extra 49 unpublished vulnerabilities, which are not added in the statistics. Litchfield remarks that 'SQL Server 2005' is presently the safest server, without a single vulnerability till date. The open source database 'PostgreSQL' is also found to be very safe. In an interview, David Litchfield said that it would take him just 5 minutes to hunt a new bug in the Oracle 10g database, which is not possible with 'SQL Server 2005'. Oracle seems to have lost its credibility for being "unbreakable".

The reason why 'SQL Server 2005' is better in quality is because of the presence of Microsoft's 'Software Development Lifecycle' (SDL). The measures included in it are development of a 'threat model' during designing, and a 'statistical code analysis' to hold back bugs during implementation. Apart from this, Microsoft has enforced 'code audits' and 'security tests'. According to Microsoft, the SDL based software has a far lesser number of security vulnerabilities detected by 'external security specialists' than for software developed without SDL.

There is another blow to Oracle as per the report. Analysts from the 'Enterprise Strategy Group' in October 2006 also had the same results as Litchfield - Microsoft's 'SQL Server' is a leader in software security. Their investigations too describe SDL as safe by design and secure by default and deployment.

Several researchers are working on so-called 'zero-day' vulnerabilities. Security firm 'Argeniss' is thinking to have a 'Week of Oracle Database Bugs' in December this year to display the vendor's poor record of security.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 11/28/2006