AppSec, Security, and White Papers

I was discussing security issues recently with Karen Watterson.  Karen is the editor of Pinnacle’s SQL Server Professional newsletter and author of what has become my most favorite blog (http://www.pinpub.com/sqlblog) for its volume and the sheer value of the information she posts. 

Karen was telling me that she’d just been briefed by the folks at AppSec Inc on their new (and free) SOX and FISMA policies.  AppSec also posted a very good white paper by Forrester's Noel Yuhanna on their site.  (Find the paper entitled "Comprehensive Database Security Requires Native DBMS Features" at http://www.appsecinc.com/news/pr/Comprehensive_Database_Security_Requires_Native_DBMS_Features_And_Third-Party_Tools.pdf).

In the white paper, Noel points out that security is rapidly growing in importance to database vendors such as Microsoft.  He gives an interesting deposition about the state of the industry with regards to databases and their security capabilities.  Later on, he concludes (much to my surprise) that third-party tools can be a big help, especially when applied to specific security issues.

SQL Server 2000 has, admittedly, weaker security than SQL Server 2005.  However, I was wondering what you think of the shift in the SQL Server security model?  How much do you think it will help?

Let me know what you think.

Thanks,

-Kevin