Oracle Has More Flaws Than SQL Server

← Back to Stories (view on slashdot.org)

Oracle Has More Flaws Than SQL Server

Posted by kdawson on Monday November 27, 2006 @06:54AM from the nyah-nyah dept.

jcatcw writes, "Next Generation Security Software Ltd. of Surrey, England, compared bugs in Oracle and SQL Server that were reported and fixed between December 2000 and November 2006. The tally: Oracle had 233; MS SQL had 59. The products compared were Oracle 8, 9, and 10g; SQL Server 7, 2000 and 2005. From the article: '[The head of the survey said,] "The results show that the reputation that Microsoft SQL Server had back in 2002 for relatively poor security is no longer deserved."' Oracle's response: 'Measuring security is a very complex process, and customers must take a number of factors into consideration — including use-case scenarios, default configurations, as well as vulnerability remediation and disclosure policies and practices.'"

9 of 229 comments (clear)

translation by User+956 · 2006-11-27 07:36 · Score: 4, Funny

Oracle's response: 'Measuring security is a very complex process, and customers must take a number of factors into consideration -- including use-case scenarios, default configurations, as well as vulnerability remediation and disclosure policies and practices.'

Oracle's response in english: Clearly you have no idea what you're doing, because your results showed us in a poor light. Perhaps you'd like to try again. We have a bag of money for you.

--
The theory of relativity doesn't work right in Arkansas.
1. Re:translation by Bo'Bob'O · 2006-11-27 14:24 · Score: 2, Funny
  
  My database program is far smaller, faster, cheaper, has ZERO bugs, and will never corrupt your data.. so long as your data is "Hello" and "World".
Stop counting flaws! by 91degrees · 2006-11-27 07:41 · Score: 5, Funny

The number of flaws doesn't matter. a slice of cheese has one flaw as a database. It isn't a database. This doesn't make it a better product.
1. Re:Stop counting flaws! by gludington · 2006-11-27 09:35 · Score: 2, Funny
  
  The number of flaws doesn't matter. a slice of cheese has one flaw as a database. It isn't a database. This doesn't make it a better product.
  
  You are vastly oversimplifying, and clearly have not funded a study of the market. Cottage cheese passes an ACID test, and I hear that Swiss Cheese is full of holes.
Check the data and the criteria before deciding by Graabein · 2006-11-27 07:42 · Score: 3, Funny

and customers must take a number of factors into consideration
Not least the criteria for selecting and enumerating flaws, and any differences between those criteria for the two products. Not saying that there is a problem, just that any prospective customer needs to take this into consideration and check his facts.

This whole study reminds me of a couple of years ago, when someone decided to make a comparative list of security flaws between Windows and Linux. For the former, they only included official Microsoft security fixes. For the latter, they included just about every bug in every open source project known to man. Big surprise, Windows was found to have less flaws.

When it comes to security, trust no one. Especially not research firms, security "specialists" and people mouthing off about security on Slashdot.

Hey, waitaminute....

--
And remember kids: Never trust a computer you can actually lift.
Re:Summary title is vague by stuktongue · 2006-11-27 07:52 · Score: 2, Funny

Butters, goddammit!
59 bugs reported and fixed... by Ant+P. · 2006-11-27 08:01 · Score: 3, Funny

x bugs reported and ignored, y bugs not reported at all and not fixed.
Re:Summary title is vague by M.+Baranczak · 2006-11-27 08:11 · Score: 2, Funny

Microsoft just so happens to be so uncreative that they gave their DB server application a name that is merely a description.Could have been worse...
This just in by mattwarden · 2006-11-27 10:38 · Score: 3, Funny

My left arm has more dead skin cells than my right index finger.