|UPDATE: Download the full report PDF|
With a year’s track-record, SQL Server 2005’s positive security performance is being noticed beyond just my own observations (SQL Server 2005 – 1 Year And Not Yet Counting…). Enterprise Strategy Group (ESG), a technology industry analyst group released a study today comparing the security vulnerability records of SQL Server, Oracle and MySQL.
And before you ask, no, this was not a “sponsored” study.
My favorite quotation from the brief is:
The CVE numbers don’t lie. The noteworthy results of Microsoft’s investments to produce more secure software in SQL Server 2005 are a matter of public record. ESG has talked with customers that have standardized their mission critical applications on Microsoft SQL Server based on security and reliability results. The nature of the security and reliability improvements, namely fundamental changes in the way software is designed, built and tested creates an advantage that Microsoft should be able to sustain with proper execution. ESG considers Microsoft to be years ahead of Oracle and MySQL in producing secure and reliable database products.
Go read the whole report (subscription required) and see what ESG has to say about the SQL Server 2005 vulnerability rate, the Security Development Lifecycle (SDL), Oracle, MySQL and what lessons should be considered by the software industry.