Which database is more secure? Oracle vs. Microsoft
David Litchfield from NGSSoftware
has posted an extremely interesting whitepaper
comparing the numbers of security flaws identified by external security researchers and subsequently fixed by Oracle and Microsoft in regard to their database products. The paper makes very positive reading for Microsoft and seems to validate the SDL (Security Development Lifecycle) approach taken after Slammer. There have been no security flaws reported by external researchers for SQL 2005!