Microsoft may say it is the "hottest" software maker in security. But not all reviews of the company are considered bad.
Next Generation Security Software (NGSS), a UK software company, conducted a study of Microsoft's SQL Server database software and Oracle's relational database management (RDBM) program. The results show that SQL has more security advantages than Oracle.
From December 2000 to November 2006, extensive research on these two packages showed that there were 233 vulnerabilities in Oracle products, while SQL Server had only 59 vulnerabilities. These vulnerabilities are in turn recorded and corrected in SQL Server 7, SQL Server 2000 and SQL Server 2005; corresponding to Oracle Database v.8, v.9 and v.10g.
Oracle Database has more errors than SQL Server Picture 1Source: integralaccounting From these results show that the poor security of well-known security in MS SQL Server 2000 has decreased significantly. The founder of NGSS, David Litchfield also said that Microsoft has really made a breakthrough in database security.
In this battle Microsoft won. The views of Microsoft manufacturers, businesses, consumers and researchers in the database field have been significantly improved. The software giant is still developing products that have a program that limits the period of operation. The company also has "many other battles that need to be won and Oracle is just one of them," Litchfield said.
Oralce gave some reactions. In an e-mailed comment, the company's spokesman said the number of vulnerabilities of an independent product could not confirm the security level of the entire software.
According to the spokesperson, " products are very richly defined in terms of composition, capabilities as well as the number of versions and platforms they support. Defining security is a very integrated process. Consumers must see Based on many factors, including usage circumstances, default configuration as well as repair capabilities, public policies and actual capabilities ".
Participating in the debate, Pete Lindstrom, an analyst at Burton Group's Midvale, the Utah-based company, said it basically evaluates the security of a product based solely on the number of holes released. Existing and repaired is quite a facade. " Oracle looks on the surface, it seems to be a losing proposition, but in fact it has to consider many other standards in addition to vulnerabilities " when evaluating security levels.
And Lindstrom is skeptical that maybe until now " the judges are still confused about which software is safer ."
The NGSS report came at a time when security researchers were uncomfortable with the pace of Oracle's slow fixes and increased their interest in its products. In October, the company announced it had repaired more than 100 vulnerabilities under its quarterly security upgrade program. Many holes were discovered by researchers outside the firm.
This week, security firm Argeniss Information Security (AIS) in Buenos Aires announced that the company is planning to announce a daily zero-day error for each week in December.
In a statement on the company's website, Argeniss Information Security's Cesar Cerrudo said that the reason why they had the idea was because of Oracle's current software security situation. "We want to let everyone know that Oracle has not achieved anything better in the security of its products." Oracle will take a very long time to resolve its situation. "Maybe we will have 'years of Oracle Database vulnerabilities' even though we only need one week to know all the vulnerabilities in Oracle software," according to the AIS website.