| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 24 Nov 2006 17:46:14 -0000 From: stopmakingnoise@...il.com To: bugtraq@...urityfocus.com Subject: Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a fair comparison?) Yes the comparison is fair but language is not. Disclaimer. I do not work for Oracle, nor do I represent them nor am I associated with them in any way. Neither have I any interest in defending Oracle etc. etc. Additionally, I strongly agree they're pretty *BAD* at security, aren't responding in an acceptable time, seem to simply ignore the problem of software vulnerabilities, ... End of disclaimer. Having said this, do we really need a paper telling us: - "SQL Server code is just more secure than Oracle code." - "Does Oracle have an equivalent of SDL? Looking at the results, I don’t think so." - "[...] given these results one should not be looking at Oracle as a serious contender." I don't think so. This is plain FUD. Want to write a paper comparing flaws found in these two DBMS? That's fine. Please write down numbers and graphs, but - please! - refrain from any comments which are not factual but are your own's. To get to the point: I may agree and sympathize with your personal point of view (in fact, I do) but these sentences have NOTHING to do in a supposedly research-oriented paper. As a matter of fact, if we start talking about things such as "looking at Oracle as a serious contender", you wouldn't arrive at the point of evaluating SQL Server because there would be no point at all in considering Microsoft's Operating Systems, given their extremely negative security records, as "serious contenders" themselves. Cheers SL
Powered by blists - more mailing lists