Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Black Hat Confab to Spotlight Database Security"] [Next entry: "Some response to Mary Ann's article"]

Demystifying MS SQL Server & Oracle database server security

I downloaded the Oracle related presentations from the Black Hat conference. First I want to highlight Cesar Cerrudo's presentation titled "Demystifying MS SQL Server & Oracle Database Server Security". This is an interesting paper that discusses the question of which of the two databases is perceived as being secured and which not. Cesar then takes us through some history of bugs and other relevant information from 2000 to present day. Then a summary of the bugs found and what’s now outstanding. Cesar then talks about Pro's and con's for MS and Oracle and then provides some facts. This is quite scathing against Oracles response to security issues and is probably not something Oracle wants to hear and it is also quite complimentary towards Microsoft’s efforts in the same timescale towards security fixes. Maybe Oracle should be looking at how Microsoft has dealt with their security issues and how they have dealt with researchers. Maybe Oracle can learn from Microsoft?