AS you may or may not have heard IIS got hacked. As is turns out they deliberately left a production server un-patched. A server used to download blackice from.

ISS didn't get hacked by a public exploit; it turns out they willfully and purposefully put trusting end-users at risk by allowing them to download binaries that could have been compromised, in order to conduct research and improve a product they sold to people they were really concerned about.
What are there people thinging?