Michael Howard referenced a very interesting read from ESG: a white paper detailing the security benefits of Microsoft’s adherance to their Software Development Lifecycle for SQL Server 2005.
This year MySql and Oracle had 60 and 70 vulnerabilities reported against them, respectively, in the National Vulnerability Database. Microsoft, with their whimsical, uncaring approach to security, had four.
Re-read that. The behemoth Borg from Redmond had a fraction of the vulnerabilities of MySql and Oracle.
Microsoft’s far from perfect, and they’ve taken some well-earned bashing for their past attention to security — but you’re going to have to work long and hard and have a lot of non-tinfoil hat evidence to convince me that they’re not deadly serious about security these days.
No comments:
Post a Comment