Which database is more secure? Oracle or Microsoft SQL Server?

I still come across Oracle enthusiasts who mistakenly believe that Oracle’s database suite is more secure than Microsoft’s SQL database suite – this is nonesense as I shall explain.

The point to this post is not to gloat – it’s simply to set the record straight. Microsoft SQL Server’s suite of products ARE more secure than Oracle’s database suite.

A single vulnerability in any mission critical product can cause serious problems for whomever relies upon it and ALL software is subject to both code and configuration vulnerabilites. If anyone tells you their software is 100% secure or impervious to vulnerability then they are delusional.

Secunia is a well respected security vulnerability tracking site. Take a look at Secunia’s statistics for the number of Oracle software security advisories compared to Microsoft SQL Server’s security advisories – the results are 94 compared to 23.

Of the 23 SQL Secunia advisories only one has been reported in the last four years and it was of low severity.

Digging a little further we can see that the 94 Oracle Security Advisories comprised of 200 actual vulnerabilities whereas Microsoft SQL’s vulnerability count was just 4 – both sets of vulnerability figures are for the last four years.

Note: searching Secunia for just “SQL” will bring back security advisories for a vast range of non-Microsoft SQL implementations including mySQL.