The Least Vulnerable Database?

Responsible for a big-time database? Worried about security? If so, you might want to take a look at a report complied by Eric Ogren, a security analyst for Enterprise Strategy Group, that examines security vulnerabilities in MySQL, Oracle, SQL Server, Sybase, and DB2.

What Ogren found was that, assuming proper execution, Microsoft's SQL Server exhibited fewer vulnerabilities than all others. More specifically, based on Common Vulnerabilites and Exposures (CVE) data documented in the National Vulnerability Database:

• Oracle has 70 vulnerabilities
• MySQL has 59
• Sybase has seven
• DB2 has four
• SQL Server has two

According to Ogren, some of the security-related features built into Microsoft's SQL Server has helped keep its number of reported bugs to a minimum.

As reported by Kelly Jackson Higgins of Darkreading.com, Ogren notes that Microsoft's latest development strategy of baking security into the code from the get-go has made SQL Server safer, as well as the fact that it disables by default the riskier options like Windows command shells and SQL browser service, which could be used by attackers. It also uses authenticated identity, where a user only gets to see what he is authorized to see in his database searches, Ogren says.

Posted by Jon Erickson at 01:38 PM  Permalink