That big spike in Web application vulnerabilities is bad news for your database. And apparently, some databases are more of a target than others. Eric Ogren, security analyst for Enterprise Strategy Group, has compiled Common Vulnerabilities and Exposures (CVE) data from Oracle, Microsoft’s SQL Server, and the open source MySQL database, and found some major differences. “Microsoft finds the problems before it gets to the point of using a scanning tool,” he says, whereas Oracle relies on scanning for problems after development is complete, he says. Over 70 percent of the vulnerabilities Symantec saw this year were Web application bugs, which are often the entry point to the database, says Oliver Friedrichs, director of Symantec Security Response.