
The DB2 Universal Database is one of IBM's database offerings and, when compared to, say, Oracle or SQL Server, it seems light as far as out-of-the-box functionality is concerned. This could be considered a good thing because the more functionality a bit of software has, the greater the attack surface; a smaller attack surface means that the software is easier to secure or defend. That said, DB2 cannot necessarily be considered more secure than Oracle or SQL Server; even with the reduced attack surface, it can still be quite easy to compromise a DB2 server — as is the case with pretty much any RDBMS. One thing is for sure: when IBM is alerted to a bug in DB2, it turns around high-quality fixes in a short space of time and it should be commended for this.

There are currently two supported versions of DB2, namely versions 7 and 8, with “Stinger,” the beta for the next version soon to come out. As new bugs are discovered fixes are distributed in maintenance upgrades known as Fixpaks. As this chapter is being written, the most recent Fixpak for DB2 version 8 is Fixpak 7a and for DB2 7, Fixpak 12. DB2 runs on a variety of operating systems such as Linux, AIX, Windows, Solaris, and HP-UX.

