I've been doing some research recently on usage of various tools on the internet and came across a survey of web servers and app servers on the web sites of fortune 1000 companies. In their explanation of why they approach is superior to the familiar Netcraft survey, they claim they are much more selective, and therefore more relevant.
My issue with this analysis is that it suggests that large fortune 1000 companies have only one web server, have made only one technology choice, and it is up for display at the front door. This is a fundamental flaw in their theory that their results are more significant than the Netcraft results. All they are showing is what these companies use at the front door. These sites don't typically do much aside from showing flashy pictures to visitors. Large companies have 10's if not 100's of other internal and external web sites for dealing with a variety of constituents. What are those other sites running?
Of course, it's very difficult or impossible to find out, but I'll bet there is a mix of technology across all large companies such that you can't make the blanket statement that Company X has chosen Apache or IIS. Life just isn't that simple.
I think it is even more telling that one of the companies products is an application which hides the IIS headers so that crackers and script kiddies can't spot them as easily.
After all, if it is such a superior web server, then why does it need to be hidden to avoid exploitation. Security through obscurity, *sigh*.
- Stevan