Oracle Has More Flaws Than SQL Server

jcatcw writes, "Next Generation Security Software Ltd. of Surrey, England, compared bugs in Oracle and SQL Server that were reported and fixed between December 2000 and November 2006. The tally: Oracle had 233; MS SQL had 59. The products compared were Oracle 8, 9, and 10g; SQL Server 7, 2000 and 2005. From the article: '[The head of the survey said,] "The results show that the reputation that Microsoft SQL Server had back in 2002 for relatively poor security is no longer deserved."' Oracle's response: 'Measuring security is a very complex process, and customers must take a number of factors into consideration — including use-case scenarios, default configurations, as well as vulnerability remediation and disclosure policies and practices.'"

translation

[User 956]

Oracle's response: 'Measuring security is a very complex process, and customers must take a number of factors into consideration -- including use-case scenarios, default configurations, as well as vulnerability remediation and disclosure policies and practices.'

Oracle's response in english: Clearly you have no idea what you're doing, because your results showed us in a poor light. Perhaps you'd like to try again. We have a bag of money for you.

Stop counting flaws!

[91degrees]

The number of flaws doesn't matter. a slice of cheese has one flaw as a database. It isn't a database. This doesn't make it a better product.

Check the data and the criteria before deciding

[Graabein]

and customers must take a number of factors into consideration

Not least the criteria for selecting and enumerating flaws, and any differences between those criteria for the two products. Not saying that there is a problem, just that any prospective customer needs to take this into consideration and check his facts.

This whole study reminds me of a couple of years ago, when someone decided to make a comparative list of security flaws between Windows and Linux. For the former, they only included official Microsoft security fixes. For the latter, they included just about every bug in every open source project known to man. Big surprise, Windows was found to have less flaws.

When it comes to security, trust no one. Especially not research firms, security "specialists" and people mouthing off about security on Slashdot.

Hey, waitaminute....

Re:Summary title is vague

[stuktongue]

Butters, goddammit!

59 bugs reported and fixed...

[Ant P.]

x bugs reported and ignored, y bugs not reported at all and not fixed.

Re:Summary title is vague

[M. Baranczak]

Microsoft just so happens to be so uncreative that they gave their DB server application a name that is merely a description.

Could have been worse... [apple.com]

Re:Stop counting flaws!

[gludington]

The number of flaws doesn't matter. a slice of cheese has one flaw as a database. It isn't a database. This doesn't make it a better product.

You are vastly oversimplifying, and clearly have not funded a study of the market. Cottage cheese passes an ACID test, and I hear that Swiss Cheese is full of holes.

This just in

[mattwarden]

My left arm has more dead skin cells than my right index finger.

Re:translation

[Bo'Bob'O]

My database program is far smaller, faster, cheaper, has ZERO bugs, and will never corrupt your data.. so long as your data is "Hello" and "World".