Thursday, November 09, 2006

Security and Software Development

I just caught wind of Jeff Jones' post about SQL Server 2005 [via OS News].  Apparently, in the year since it was released, there has not been a single security vulnerability!  This is an amazing accomplishment.  SQLServer 2000 was the source of the vulnerability exploited by the famous Slammer virus.

The last 6 years or so that I was at Microsoft, my team reported into the SQL Server org.  (If you want to hear someone get riled up, ask most any XML-team member why their team is part of SQL Server after a drink or two.)  I was involved with the security reviews and improved development process that went into ensuring that  SQL Server would be rock solid and as secure as they could make it.  The SQL Server org isn't the only place this is happening either.  Similar practices are being used in Office and Windows.  I'm looking forward to seeing how Vista and the new Office fare, security wise.

If I were at Oracle in management, I'd be looking at the graphs Jeff shows and at the customer erosion to SQL Server and MySql and pondering some serious rethinking of your strategy.

2 Comments:

Blogger Jim C said...

This is interesting.

I cross linked.

I am not sure how much it applies to SCADA security but all of the Db's mentioned are used in one DCS historian or another.

http://dcssec.blogspot.com

7:05 AM  
Blogger Jim C said...

Rich at Securosis also picked it up. Nice post. If it is viral good job to the marketeers.

10:14 AM  

Post a Comment

<< Home