Sunday, November 26, 2006

Oracle > Ms SQL, in flows by and independent study by one of Microsoft's best clients.

Today I was at computerworld site when I noticed the article, "Study: Oracle database software has more flaws than SQL Server" by Jaikumar Vijayan.
I went through the "STUDY" as I knew about the flaws in Oracle and the slow response by Oracle. I took it for granted that it is an independent study as I knew some of the issues with Oracle. As I earn some of my living with Oracle and MS Sql, I am interested in any Oracle or MS SQL problems or issues.
From the article;
"Between December 2000 and November 2006, external researchers discovered 233 vulnerabilities in Oracle's products compared to 59 in Microsoft's SQL Server technology, according to NGSS. The study looked at vulnerabilities that were reported and fixed in SQL Server 7, 2000 and 2005 and Oracle's database versions 8, 9, and 10g."

Looks like it is now a numbers game. 233 versus 59. Anyway I am yet to find the list so I do not know the details. So I wonder if those includes, on both sides, problems like SQL Slammer worm, which brought down Internet a while ago. I hope not.
Anyway just because of the interest in the article, I checked out who Next Generation Security Software (NGSS) is. Yes they turn out to be what they say they are, state–of–the–art security consultancy and a little bit more. Their one of the most prominent clients are Microsoft. That said, they do list Microsoft security issues on the site as well as other programs. Oh, I did read the study. Well the report seems to be in the right direction. How about graph of publicly known damages done due to those vulnerabilities? Guess who will come on the top!
Jaikumar, I would not rate this as a "STUDY" and certainly not a independent Study, when the report is written by a consultant to one of the parties in question. May be a report by Microsoft's security guardians, which they (NGSS) seem to be doing right.

Note; I am not a Microsoft Fan nor Oracle, they are applications I work with. But I prefer Oracle on Linux ;).
Update:
I really like what these guys do!
Argeniss
Links;
Jaikumar's article on Computer world
NGSS clients

No comments: