Microsoft offers Oracle defectors up to 50 percent off SQL Server

SQL Server 2008 isn’t set to be released to manufacturing until the second quarter of next year. But Microsoft already is taking aim at Oracle with its forthcoming release.

Microsoft officials announced on September 19 that they have no plans to increase the price of SQL Server 2008 beyond what the company already charges for SQL Server 2005. Microsoft execs also announced that, starting today, customers who migrate from Oracle to SQL Server will get a 50 percent discount on the price of SQL Server Enterprise Edition or 25 percent off the price of Standard Edition. However, both discounts are available only when users sign up for Software Assurance, Microsoft’s annuity volume-licensing plan.

Microsoft made its SQL Server announcements at the Professional Association for SQL Server (PASS) Community Summit in Denver. More specifics on the Oracle pricing promotion will be provided on Microsoft’s SQL Server Migration page.

This past spring, Microsoft held a contest to entice developers to build Oracle-Office mash-ups. Microsoft also created earlier this year a new user consortium designed to work with joint Oracle-Microsoft customers.

In other database-related news, Microsoft also announced on September 19 that its Office PerformancePoint Server 2007 product will be released to manufacturing this week. PerformancePoint is Microsoft’s latest business-scorecarding application and a key component of its business-intelligence line-up. PerformancePoint provides users with monitoring, analysis and forecasting/budgeting functionality. PerformancePoint builds on top of SQL Server and uses Office as its user interface. PerformancePoint integrates with SQL Server Reporting Services, SharePoint Services and SharePoint Server, officials said. It costs $20,000 per server, plus $195 per Client Access License (CAL), and $30,000 per Internet connector.

Microsoft officials said more than 10,000 customers kicked PerformancePoint 2007’s tires as part of the Community Technology Preview (CTP) test process.

Officials declined to discuss how Microsoft plans to add a services component to PerformancePoint in the future. But earlier this year, Microsoft officials said that Microsoft is developing a managed business-intelligence bundle that will include Microsoft-hosted versions of SQL Server and PerformancePoint. Still no date so far on when Microsoft plans to make that hosted BI offering available, however.

Author: Mary Jo Foley

Read more ...

Oracle links business process analysis, SOA

Oracle is announcing Wednesday an enhanced version of its business process analysis software that enhances collaboration between process modelers and implementers.

Oracle Business Process Analysis Suite 10.1.3.3 features "closed loop support" for business analyst and IT collaboration, sharing a common process model format with the Oracle SOA Suite, Oracle said.

The new business process analysis suite features round-trip engineering, said Amlan Debnath, vice president of server technologies at Oracle. "What it lets you do is share the [business process] model with IT," Debnath said.

A developer, for example could make a change to a business process that would be shared with the business persons.

Modeling of processes is done in the business process analysis package and then executed in the SOA Suite, which features an SOA execution engine that leverages BPEL (Business Process Execution Language). Business users can build and change business models in the business process suite while IT persons can view and modify these processes in the SOA package.

Integration between Oracle Business Process Analysis Suite and Oracle SOA Suite includes linking of business process analysis, execution, and monitoring tools.

Oracle's business process suite is the company's version of the IDS Scheer Aris product, said analyst Bruce Silver, principal at BPMS Watch. Oracle addresses the round-tripping problem in which business persons model a process and hand it off to IT, which then implements its own idea of what it believes the process should be, Silver said.

Oracle has created an intermediate format based on shared metadata between the modeling tool and the implementation tool, which is the SOA suite, Silver said.

"You solve this round-tripping problem now because the model is not just initial requirements for the implementation, but it's a continuous business view of the business process throughout the business process [implementation] lifecycle," said Silver.

Oracle Business Process Suite is a component of the Oracle Fusion Middleware Platform. The suite starts in price at $5,000 for five users.

Author: Paul Krill

Read more ...

MS, Apple, Oracle Are Top Vulnerable Vendors

New IBM research shows that five vendors are responsible for 12.6 percent of all disclosed vulnerabilities.

Not surprising: In the first half of 2007, Microsoft was the top vendor when it came to publicly disclosed vulnerabilities. Likely surprising to some: Apple got second place.

IBM Internet Security Systems' X-Force R&D team released its 2007 report on cyber attacks on Sept. 17, revealing that the top five vulnerable vendors accounted for 12.6 of all disclosed vulnerabilities in the first half of the year—or 411 of 3,272 vulnerabilities disclosed.

Here's the order in which the top 10 vendors stacked up, by percentage of vulnerabilities publicly disclosed in the first half of the year:

Microsoft, 4.2 percent
Apple, 3 percent
Oracle, 2 percent
Cisco Systems, 1.9 percent
Sun Microsystems, 1.5 percent
IBM, 1.3 percent
Mozilla, 1.3 percent
XOOPS, 1.2 percent
BEA, 1.1 percent
Linux kernel, 0.9 percent

The report also says that 21 percent of vulnerabilities disclosed by the top 5 vendors remain unpatched—up from a year ago, when only 14 percent of the top vendors' vulnerabilities stayed open in the same timeframe.

While that might seem alarming, it's notable that 60 percent of vulnerabilities from all other vendors found in the first half of the year remained unaddressed.


The vast majority—90 percent—of the 3,273 vulnerabilities reported in the first half of the year can be exploited remotely. And more than half—51.6 percent—of the vulnerabilities found would give an attacker access to the host after exploitation.

In other findings, one surprise was that for the first time ever, there's been an actual decrease in the number of vulnerabilities reported. The total of 3,273 vulnerabilities found represents a 3.3 percent decrease over the first half of 2006.

X-Force Director Kris Lamb told eWEEK that there are a few things at play that likely have contributed to the decrease. One factor is that nowadays researchers have at their disposal much more polished bug-finding techniques. One such technique is fuzzing: the use of automatic tools to find vulnerabilities.

As such tools become more mainstream, Lamb said, we are likely hitting the saturation point as far as finding the low-hanging fruit goes.

"[The functionality of] tools are still being expanded, but they were used in early years to find easier-to-find, medium- and high-[risk] vulnerabilities," he said. "It doesn't mean there aren't more bugs to be found, but the bugs out there are harder to find, and they take a more specialized skill set to find."

The decrease in reported vulnerabilities could also be a reflection of the trend to monetize exploits in the underground marketplace—and in the above-ground marketplace as well. The disclosure of bugs could be taking longer since they're being sold or traded, he suggested, on sites such as Wabisabilabi, an eBay-like bug market launched in July.

"There's the potential for vulnerabilities to not see the light of day either as quickly as they used to or [at all], as a result," Lamb said.

Where spam and phishing is concerned, X-Force found that the top spam spewers worldwide are the United States, Poland and Russia. Analysis of IBM ISS' content filtering services and the millions of e-mail addresses it actively monitors shows that the United States accounts for originating one-eighth of all worldwide spam. Here's how the rest of the world breaks down, spam sender-wise:

United States, 13.2 percent
Poland, 7.1 percent
Russia, 5.9 percent
Germany, 5.9 percent
South Korea, 5.7 percent
China, 5.4 percent
Brazil, 4.5 percent
Italy, 4.0 percent
France, 3.8 percent
Turkey, 3.0 percent

But the map of where spam URLs are hosted looks very different. The United States is still tops in this category—it's home to 34.7 percent of the points from which spam URLs are hosted—but the rest of the world breaks down differently, with China moving to its usual position at or near the top of such maps:

United States, 34.7 percent
China, 12.7 percent
South Korea, 5.9 percent
France, 5.3 percent
Hong Kong, 3.6 percent
Canada, 2.9 percent
United Kingdom, 2.6 percent
Russia, 2.6 percent
Hungary, 2.2 percent
Netherlands, 2 percent

The X-Force is also seeing a first-time dip in byte size for spam. This is a trend that reflects the decrease in image-based spam, as senders hop around in an effort to avoid content filters by instead sending spam messages embedded in PDFs, Excel or other file formats, Lamb said.

"That's very effective, initially, at bypassing a lot of traditional filtering technology," Lamb said.

Author: Lisa Vaas @ eweek.com

Read more ...