SQL Server 2000 Beats Oracle 10g on Security Vulnerability Issues
In this commissioned report, Security Innovation presents a role-based comparison of the relative security of three different solutions satisfying the database server role:
1. Microsoft Windows Server 2003 running Microsoft SQL Server 2000 Service Pack 3 database server
2. Red Hat Enterprise Linux 3.0 running MySQL database server
3. Red Hat Enterprise Linux 3.0 running Oracle 10g database server
Looking at the database applications by themselves, the study found that SQL Server 2000 had zero vulnerabilities in the one-year time period, MySQL had 7 vulnerabilities, and Oracle 10g had 30 vulnerabilities.
The results of this study are intended to provide guidance to the IT manager who must make platform acquisition and deployment decisions to both maximize value and minimize security risk.
Fine print under Acknowledgements: “This study and our analysis were funded under a research contract from Microsoft.”