[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061124174614.27232.qmail@securityfocus.com>
Date: 24 Nov 2006 17:46:14 -0000
From: stopmakingnoise@...il.com
To: bugtraq@...urityfocus.com
Subject: Re: Re: "Which is more secure? Oracle vs. Microsoft" (is it a
fair comparison?)
Yes the comparison is fair but language is not.
Disclaimer.
I do not work for Oracle, nor do I represent them nor am I associated with them in any way.
Neither have I any interest in defending Oracle etc. etc.
Additionally, I strongly agree they're pretty *BAD* at security, aren't responding in
an acceptable time, seem to simply ignore the problem of software vulnerabilities, ...
End of disclaimer.
Having said this, do we really need a paper telling us:
- "SQL Server code is just more secure than Oracle code."
- "Does Oracle have an equivalent of SDL?
Looking at the results, I don’t think so."
- "[...] given these results one should not be looking at Oracle as a serious contender."
I don't think so. This is plain FUD.
Want to write a paper comparing flaws found in these two DBMS? That's fine.
Please write down numbers and graphs, but - please! - refrain from any comments which are not
factual but are your own's.
To get to the point: I may agree and sympathize with your personal point of view (in fact, I do)
but these sentences have NOTHING to do in a supposedly research-oriented paper.
As a matter of fact, if we start talking about things such as "looking at Oracle as a serious contender", you wouldn't arrive at the point of evaluating SQL Server because there would be no point at all in considering Microsoft's Operating Systems, given their extremely negative security records, as "serious contenders" themselves.
Cheers
SL
Powered by blists - more mailing lists