OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-disclosure] Which is more secure? Oracle vs. Microsoft

From: David Kierznowski (david.kierznowskigmail.com)
Date: Tue Nov 21 2006 - 04:39:53 CST


David,

Interesting paper. I do have a couple of points though:
a. Your graphs show the number of risks found, however, it would be
interesting to note the comparison in the severity of risks found. So
I did a quick count on issues =~ (overflow) (format string):
Microsoft SQL Count 39
Oracle Count 19

b. You also mention SDL being the reason as to why Microsoft have had
so few issues. It seems to good to be true that SDL would really solve
all these problems, then again maybe it has. Looking at my comments
above (see a.), could I not suggest that some of these issues are not
re-occuring due to stack protection being implemented in XP2 and
Windows 2003?

Kind regards,
David Kierznowski

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/