One point that is not made in all the hub bub about 2000 / 2003 security is one of use and work. To say that our incidents are down over simillar time period from release of product a vs product b is all well and good but was products a's usage patterns
the same as product b? Were as many instances of A being used as B. Knowing that a count of events is smaller in one set vs another is only valid if the sets are the same size and consist of other simillar metrics.
That said I feel the 2003 is trending correctly vs prior releases regardless of what the number say or do not say.
I'd like to see an interview with someone involved in the security around microsoft.com. That could be interesting. It has to be one of the most high profile targets people out there want to "get".
I'd also love to see an overview of how many machines are running in that server-room. It has to be just awsome!