Stated Eric Ogren, security analyst for Enterprise Strategy Group adding that "It's where data lives in a single place." In this context, the Enterprise Strategy Group has made a report compiling Common Vulnerabilities and Exposures (CVE) data from Oracle, Microsoft's SQL Server, and the open source MySQL database. The conclusion of this study is that there are major discrepancies between the protection level delivered by each database.

While Oracle features no less than 70 vulnerabilities and MySQL 59, Sybase and DB2 from IBM have seven and four, Microsoft SQL server has only two. Ogren has identified the security-related features integrated into MSQL Server as the ones responsible for the low volume of vulnerabilities. "Microsoft finds the problems before it gets to the point of using a scanning tool," stated Ogren explaining that, with Oracle, issues are identified via scanning only after deployment is finalized.

"I see plenty of companies that have confidential data in SQL Server, Oracle, DB2 and Sybase. It is certainly not as if it all sits on Oracle. What's the most obvious target in the world? The database. It's where data lives in a single place," added Ogren.