From what most will consider a more authoritative source than me, David Litchfield, a new paper addresses the question Which database is more secure? Oracle vs. Microsoft . I recently analyzed the first year of SQL Server 2005 in SQL Server 2005 - 1 Year And Not Yet Counting... and the Enterprise Security Group recently asserted their opinion that "...ESG considers Microsoft to be years ahead of Oracle..." David Litchield (of NGSSoftware and www.databasesecurity.com ) published a paper last week...

As part of my follow up research into Sophos Anti-Virus’s built in Behavior Blocking / Host Intrusion Prevention System (HIPS) software (as discussed in my blog entry No 64-bit Windows Vista Security from <YourVendor> ?, Give Sophos a Try ), I found out that an old friend and colleague from the UK, Mark Harris, was now running SophosLabs ( read about it .) Mark and I re-connected, and I thought this might be a valuable opportunity to dig deeper into the Sophos technology. Mark agreed to...

UPDATE: Download the full report PDF With a year's track-record, SQL Server 2005's positive security performance is being noticed beyond just my own observations ( SQL Server 2005 - 1 Year And Not Yet Counting... ). Enterprise Strategy Group (ESG), a technology industry analyst group released a study today comparing the security vulnerability records of SQL Server, Oracle and MySQL. And before you ask, no, this was not a "sponsored" study. ;-) My favorite quotation from the brief is: ...

I went by and picked up DVDs of Windows Vista x86 and x64 for my machines yesterday and am excited to install the final bits. Note that the team also published an online security guide yesterday, which I highly recommend if you are managing machines in an network. Along those lines, I also want to tip you to this site, http://www.microsoft.com/security/windowsvista/default.mspx , which consolidates a lot of security information related to Windows Vista.

Vulnerabilities, that is. It has been about a year now since SQL Server 2005, so I thought this would be a good time to review how it has done security-wise. The latest SQL Server product from Microsoft has had zero vulnerabilities disclosed or fixed in its first year of availability. First, I want to applaud the SQL team as one that really embraced the Security Development Lifecycle (SDL), and, as a result, SQL 2005 went through two passes of the SDL. SQL 2000 SP3 went through a "mini SDL" process...

I've gotten quite a few questions about what this partnership means, but I think the best response is to point people to Bill Hilf on Port25 . Bill is the GM for platform strategy and the original guy who got the Linux/OSS interoperability lab started at Microsoft and the person who I would expect to be the most informed concerning key aspects of the Novell agreement. At the end of the day, this type of agreement isn't going to make me a fan of Novell SUSE security any more than...