Home > Privacy, Security > One Year Without Security Issues in MS SQL Server 2005

One Year Without Security Issues in MS SQL Server 2005

  Submitted by diegocg Privacy, Security 9 Comments

The security guys at Microsoft are posting about how MS SQL 2005 didn’t had any security vulnerabilities at all (you can check Secunia to confirm it). The secret? Apparently, like in other products (no, IE is not part of those products, its core is 5 years old after all), the real difference has been in that they’ve applied the “Security Development Lifecycle“.

About The Author

Thom Holwerda

Follow me on Mastodon @[email protected]

9 Comments

  1. 2006-11-09 5:56 pm
    Kroc Silver Supporter

    Remember that there are many product teams at Microsoft. It’s a shame that their most well known product team, Windows Vista, has let the company down so much. Office, Win2K3, VS2K5, MSSQL and the 360 are all solid, excellent products.

  2. 2006-11-09 6:07 pm
    Shkaba

    in their revenues. I believe MS SQL was their biggest moneymaker. I concure with the previous post that MS does indeed have some good dev teams, it is a shame though that their monopilistic tendencies affect some of their products (office).

    • 2006-11-09 10:29 pm
      jayson.knight

      For their server products SQL Server very well may be their biggest money maker. Overall, it’s pretty well known that Office is their cash cow though, accounting for over half of ALL their revenues.

      IMO, SQL2k and 2k5 are the best products to ever come out of Redmond (next to Visual Studio at least).

  3. 2006-11-09 6:09 pm
    marrakis

    Go check by youself…

    http://www.securityfocus.com/bid/20339

    • 2006-11-09 6:50 pm
      Marcellus

      FTA: Note that these numbers were through September

      • 2006-11-09 9:28 pm
        linux-it

        but in that case, the information is old, and useless.

        It’s like stating that a product that’s released 10 seconds ago has no problems so far and we’re reporting it 10 years later.

      • 2006-11-10 7:40 am
        Marcellus

        but in that case, the information is old, and useless.

        It’s like stating that a product that’s released 10 seconds ago has no problems so far and we’re reporting it 10 years later.

        I fail to see how you can make that comparison. One month was not included, and you compare it like that? Sheesh.

  4. 2006-11-09 6:31 pm
    Nex6

    i think a year with out any security bugs is pretty good and deserves a “good job”

    -Nex6

  5. 2006-11-11 6:18 am
    linux-it

    >I fail to see how you can make that comparison. One >month was not included, and you compare it like that? >Sheesh.

    it’s because of the fact that some time specified doesn’t count. Another example. Maybe you understand that better.

    Yuo have been driving safely for 30 years and today you killed yourself because you didn’t see that train.

    For the last 30 years, you were driving safely, still you’re dead.

    the problem is that the “one year without security issues” is the same. It’s not interesting at all as it’s old news. If it was announced just after the year passed by, then it would be “interesting”. Now that the spanned time is longer _and_ there have been issues according to the link:

    http://www.securityfocus.com/bid/20339

    I only can say that this information is not of any use.

    the reason SQL is better than other products have been pointed out before — most things that are working pretty well, are not initially developed by MS after all. SQL was someone else’s product.