Enterprise Strategy Group on SQL 2005: “Microsoft Years Ahead…”

UPDATE: Download the full report PDF

With a year’s track-record, SQL Server 2005’s positive security performance is being noticed beyond just my own observations (SQL Server 2005 – 1 Year And Not Yet Counting…).  Enterprise Strategy Group (ESG), a technology industry analyst group released a study today comparing the security vulnerability records of SQL Server, Oracle and MySQL.

And before you ask, no, this was not a “sponsored” study. ;-)

My favorite quotation from the brief is:

The CVE numbers don’t lie. The noteworthy results of Microsoft’s investments to produce more secure software in SQL Server 2005 are a matter of public record. ESG has talked with customers that have standardized their mission critical applications on Microsoft SQL Server based on security and reliability results. The nature of the security and reliability improvements, namely fundamental changes in the way software is designed, built and tested creates an advantage that Microsoft should be able to sustain with proper execution. ESG considers Microsoft to be years ahead of Oracle and MySQL in producing secure and reliable database products.

Go read the whole report (subscription required) and see what ESG has to say about the SQL Server 2005 vulnerability rate, the Security Development Lifecycle (SDL), Oracle, MySQL and what lessons should be considered by the software industry.

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »