I downloaded the Oracle related presentations from the Black Hat conference. First I want to highlight Cesar Cerrudo's presentation titled "Demystifying MS SQL Server & Oracle Database Server Security
". This is an interesting paper that discusses the question of which of the two databases is perceived as being secured and which not. Cesar then takes us through some history of bugs and other relevant information from 2000 to present day. Then a summary of the bugs found and what’s now outstanding. Cesar then talks about Pro's and con's for MS and Oracle and then provides some facts
. This is quite scathing against Oracles response to security issues and is probably not something Oracle wants to hear and it is also quite complimentary towards Microsoft’s efforts in the same timescale towards security fixes. Maybe Oracle should be looking at how Microsoft has dealt with their security issues and how they have dealt with researchers. Maybe Oracle can learn from Microsoft?