Check out this article by Steve Jones over at SQL Server Central. Equally interesting are the responses. I still fail to understand why anyone would put confidential data in Oracle. Also, some questioned why Microsoft doesn't shout from the roof tops that SQL Server is more secure than Oracle. I'm sure that's a very complicated question that we have people smarter than me debating about every day. I don't think I'd want to make that decision; mostly because of the way security flaws exist in code and the way they're discovered. You honestly never know what may be lurking and just because one hasn't been found doesn't mean one doesn't exist. Oracle may think they're "unbreakable", but they're certainly not "uncrackable". I'm sure I have personal data sitting in an Oracle database somewhere in the world. And that fact really scares me. Maybe we need the SEC to require that companies disclose the software they use to store and manage confidential customer/patient data. If this were the case I wonder if Oracle would still be so slow to respond to security vulnerabilities. I also wonder how many of their customers would switch to SQL Server.