A couple of months ago I presented at an event called the "Microsoft Technology Summit" to some very smart folks who focus primarily on non-Microsoft technologies. I outlined the security process stuff we're doing here (Security Development Lifecycle etc) and some of the benefits we've seen from adopting and constantly fine-tuning the process.

During the presentation I threw out a few 'teasers' one was looking at the progress we've made in IIS6.

It's interesting to see attendees comment/blog about the event; one that got my attention was this:

Is Microsoft IIS 6.0 more secure than Apache HTTP Server 2.0?