Which database is more secure? Oracle vs. Microsoft?

- "Ну конечно Oracle" скажет каждый первый geek и ... станет рассказывать что верить заказным и проплаченным исследованиям Микрософта никто в здравом уме не станет.

А теперь о грустном.
Cоотношение выявленных и исправленных (!) уязвимостей в Oracle 8,9,10 против SQL 7, 2000, 2005 в период с 2001 по 2006 годы выглядит так:

Eсли кому-то нужны цифры, почему SQL безопаснее чем Oracle, отчет опубликован здесь .

Interpretation of results - some Q and A

Do Oracle’s results look so bad because it runs on multiple platforms?
No – pretty much most of the issues are cross-platform. In the 10gR2 graph every flaw affects every platform.

Do the SQL Server 2005 results have no flaws because no-one is looking at it?
No – I know of a number of good researchers are looking at it – SQL Server code is just more secure than Oracle code.

Do you have any predictions on the Oracle January 2007 Critical Patch Update?
Maybe – NGSSoftware are currently waiting for Oracle to fix 49 security flaws – these will be fixed sometime in 2007 and 2008.

Do these results contain unfixed flaws?
No – only those that have been publicly reported and fixed are in the data.