SQL Server - Fact Checking Recent Vulnerability History

re: SQL Server - Fact Checking Recent Vulnerability History

Geld Lenen — Thu, 06 Mar 2008 17:48:14 GMT

There probably will be vulnerabilities in every application that is ever written. When it's not the code, it could be a engineer who makes it vulnerable.

And like you say, I think the SQL server really has improved.

The impact of the SDL on Microsoft SQL Server

Noticias externas — Fri, 07 Mar 2008 06:35:24 GMT

Following on from my recent post about Windows Vista security and the SDL, a number of people have indicated

Ytterligare ett taffligt försök till statistik?

Johan Lindfors — Fri, 07 Mar 2008 10:32:07 GMT

Tidigare i veckan utmanandes några av mina eller mina kollegors "taffliga försök"

re: SQL Server - Fact Checking Recent Vulnerability History

Shoaib Yousuf — Tue, 11 Mar 2008 01:50:45 GMT

Hi Jeff,

Good work. Did you find out from where the author of the article got his stats from?

Maybe he/she has access to a different database which we all are unaware of :D

Cheers

Shoaib

Sempre a proposito di sicurezza...

Normal people bore me! — Wed, 02 Apr 2008 09:44:47 GMT

Sempre a proposito di sicurezza...

Unbreakable?

The Data Platform Insider — Mon, 14 Apr 2008 19:35:38 GMT

Oracle recently released their latest Critical Patch Update which fixes vulnerabilities “in hundreds

Gedanken und News im Bereich Sicherheit

Schweizer IT Professional und TechNet Blog — Thu, 17 Apr 2008 12:30:13 GMT

Die Microsoft Trustworthy Computing initiative soll neu für Bereiche Sicherheit und Privacy im Internet

Jeff Jones さんによる SQL Server 脆弱性状況の確認

河端善博ブログ / SQL Server / PASSJ — Thu, 01 May 2008 07:24:07 GMT

Jeff Jones さんによる SQL Server 脆弱性状況の確認

re: SQL Server - Fact Checking Recent Vulnerability History

Geld Lenen — Sun, 15 Jun 2008 13:13:02 GMT

The number of vulnerabilities is related to the number of installed instances. That's why DB2 is never mentioned by anyone ;-)

re: SQL Server - Fact Checking Recent Vulnerability History

lening — Mon, 30 Jun 2008 09:56:20 GMT

I used to work with sybase. Last year i switched to microsoft SQL for security reasons. It's easy to use and powerfull. I am not claiming SQL Server is utterly vulnerability free, and I most certainly would never claim SQL Server is unbreakable, but the SQL Server team has made huge progress securing their customers.

re: SQL Server - Fact Checking Recent Vulnerability History

mooie campings — Wed, 23 Jul 2008 21:54:05 GMT

A key benefit of employing SDL is for me that knowledge learnt after finding and fixing screw ups. Very good improvements!

re: SQL Server - Fact Checking Recent Vulnerability History

Walter Horowitz — Wed, 30 Jul 2008 23:04:25 GMT

Does Microsoft actually use their "Best Practices for Security" for SQL Server 2005? We "try" to run our SQL Server with a service account that is not a member of the Admnistrators group.

With the latest fix, our server wouldn't run. Why? Because suddenly that account didn't have the permissions to access programs and data it needed.

We had use auditing to find files in C:\Program Files\Microsoft SQL Server and in

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA

that it needed to read to keep running.

Reading the web, we see that most users give up and just make the service account a member of the Administrators group. Is this the right way to make our systems more secure?

re: SQL Server - Fact Checking Recent Vulnerability History

Extra geld lenen nl — Mon, 08 Sep 2008 20:08:21 GMT

I think the SQL server really has improved. Here we have less problems with it, still a great product!

re: SQL Server - Fact Checking Recent Vulnerability History

Doorlopend krediet — Wed, 15 Apr 2009 21:25:35 GMT

I've worked with SQL for years but just lately I've decided to try out SyBase. Yet I don't find the security stable enough, SQL isn't the best either but SyBase has a lot of lacking features when it comes to security. Anyone think this is going to change anytime soon?