Could it be true? A research shows that there were no security flaw fixes in SQL 2005 since its release (it does not show non-fixed flaws) compared to Oracle.
Is Microsoft's Secure Development Lifecycle initiative paying off?
From the article [PDF]:
"When you look at the graphs, Oracle was pretty secure in the past, but since 2005 the number of security flaws has increased immensely. When we look at the previous SQL Server versions, less security flaws were reported over the years. When we look at SQL Server 2005, it hasn't had a single security flaw reported since launch."
Seems hard to believe, actually.