David Litchfield, a security researcher with NGS Software, published a whitepaper entitled Which database is more secure? Oracle vs. Microsoft (PDF download) on 21 November comparing the number of software vulnerabilities patched by both vendors in their respective products in the past six years.
Microsoft patched 59 vulnerabilities in its SQL Server 7, 2000 and 2005 databases during the period, while Oracle issued 233 patches for software flaws in its Oracle 8, 9 and 10g databases.
The research also pointed out that Microsoft has not issued a single security bulletin for its databases since mid-2003, whereas Oracle has seen a spike in patches in recent years.
Continue for more info....