http://blogs.technet.com/b/security/archive/2006/11/07/sql-server-2005-1-year-and-not-yet-counting.aspxVulnerabilities, that is. It has been about a year now since SQL Server 2005, so I thought this would be a good time to review how it has done security-wise. The latest SQL Server product from Microsoft has had zero vulnerabilities disclosed or fixeden-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/security/archive/2006/11/07/sql-server-2005-1-year-and-not-yet-counting.aspx#1949615Thu, 13 Sep 2007 16:45:37 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1949615SQL Server Security, Performance & Tuning (SSQA.net)<p>Since the inception of SQL Server 2005 data encryption and cryptography functionality has elevated to</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=1949615" width="1" height="1">http://blogs.technet.com/b/security/archive/2006/11/07/sql-server-2005-1-year-and-not-yet-counting.aspx#708226Mon, 26 Mar 2007 14:14:19 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:708226SQL Server, BizTalk Server, le 64 bits et au-delà !...<p><a rel="nofollow" target="_new" href="http://blogs.technet.com/security/">http://blogs.technet.com/security/</a> et notamment celle des bases de donn&#233;es ! Les derniers chiffres sont</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=708226" width="1" height="1">http://blogs.technet.com/b/security/archive/2006/11/07/sql-server-2005-1-year-and-not-yet-counting.aspx#532506Mon, 27 Nov 2006 21:17:13 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:532506Jeff Jones Security Blog<p>From what most will consider a more authoritative source than me, David Litchfield, a new paper addresses</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=532506" width="1" height="1">http://blogs.technet.com/b/security/archive/2006/11/07/sql-server-2005-1-year-and-not-yet-counting.aspx#528424Fri, 24 Nov 2006 08:27:46 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:528424PERCY REYES'S BLOG™ : Evolucionando<p>David Litchfield , reputado investigador de seguridad (especializado en bases de datos) demuestra, aportando</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=528424" width="1" height="1">http://blogs.technet.com/b/security/archive/2006/11/07/sql-server-2005-1-year-and-not-yet-counting.aspx#528423Fri, 24 Nov 2006 08:27:36 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:528423Percy Reyes's Blog™ -> Evolucionando<p>David Litchfield, reputado investigador de seguridad (especializado en bases de datos) demuestra, aportando...</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=528423" width="1" height="1">http://blogs.technet.com/b/security/archive/2006/11/07/sql-server-2005-1-year-and-not-yet-counting.aspx#515284Tue, 14 Nov 2006 02:39:17 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:515284Jeff Jones Security Blog<p>With a year's track-record, SQL Server 2005's positive security performance is being noticed beyond just</p> <img src="http://blogs.technet.com/aggbug.aspx?PostID=515284" width="1" height="1">http://blogs.technet.com/b/security/archive/2006/11/07/sql-server-2005-1-year-and-not-yet-counting.aspx#510275Thu, 09 Nov 2006 10:25:47 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:510275noocyte<p>We're using both SQL Server 2000/2005 and Oracle 9i/10g, and I must say SQL Server 2005 is a HUGE improvement over 2000. We've yet to run into a single bug. Not one. Ever. Incredible!</p> <p>With Oracle we run into bugs every 2-3 months... </p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=510275" width="1" height="1">http://blogs.technet.com/b/security/archive/2006/11/07/sql-server-2005-1-year-and-not-yet-counting.aspx#506884Tue, 07 Nov 2006 22:45:49 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:506884TJEdward<p>Also check out Eric Lippert's blog. &nbsp;He had an article recently about mitigating SQL injection in your apps. &nbsp;The article is here: <a rel="nofollow" target="_new" href="http://blogs.msdn.com/ericlippert/archive/2006/11/01/how-do-i-mitigate-a-sql-injection-vuln.aspx">http://blogs.msdn.com/ericlippert/archive/2006/11/01/how-do-i-mitigate-a-sql-injection-vuln.aspx</a></p> <p>As solid as your base is, an application's security is only as good as its weakest link. &nbsp;Make sure that weak point isn't your developers.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=506884" width="1" height="1">