Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2005 Forums
 SQL Server Administration (2005)
 SQL Server vs. Oracle security

Author  Topic 

denis_the_thief
Aged Yak Warrior

596 Posts

Posted - 2009-11-24 : 11:15:34
Oracle:
[url]http://en.securitylab.ru/nvd/page1_47.php?arrFilter_ff%5BSECTION_ID%5D=&arrFilter_ff%5BSEARCHABLE_CONTENT%5D=%22Oracle%22&set_filter=Y[/url]

SQL Server:
[url]http://en.securitylab.ru/nvd/page1_47.php?arrFilter_ff%5BSECTION_ID%5D=&arrFilter_ff%5BSEARCHABLE_CONTENT%5D=%22sql%20server%22&set_filter=Y[/url]

There are way less CVEs (Common Vulnerbilities and Exposures) for 2009 in SQL Server as compared to Oracle. From this, can I conclude that SQL Server has become the more secure Database?

robvolk
Most Valuable Yak

15732 Posts

Posted - 2009-11-24 : 15:43:22
Perhaps, but many of the items listed in those links are not specific to Oracle DBMS or SQL Server products.
Go to Top of Page

behrman
Yak Posting Veteran

76 Posts

Posted - 2009-11-28 : 22:49:01
Oracle database consistently has more security vulnerabilities than Microsoft SQL Server. In fact, Microsoft SQL Server has very low vulnerability from 2003 – 2009 as a direct result of our implementation of Trustworthy Computing Initiative (http://www.microsoft.com/mscorp/twc/default.mspx), which was started in 2002 by Microsoft Chairman, Bill Gates (http://www.microsoft.com/mscorp/execmail/2002/07-18twc.mspx). It is advised that real-world customers include security patching as part of the true cost of operating Oracle 11g and Microsoft SQL Server 2008."

Note that the source of this data is not Microsoft, but NIST, the National Institute of Standards, which plays a leading role in evaluating technology security issues for the U.S. Federal Government.

RAQ Report: Web-based Excel-like Java reporting tool
Go to Top of Page
   

- Advertisement -