Take a look over at eWeek's "openhack" challenge. In its fourth incarnation, eWeek (which is heavily sponsored by Microsoft) tries once again to prove Microsoft and Oracle security.
The challenge includes an Oracle and Microsoft server, which must be owned or defaced in order to be considered "compromised".
A closer look at the infrastructure, however, reveals the truth:
Aside from the servers in question and some infrastructure (which itself is partially shielded and guarded), most servers are ... tada ... OpenBSD. Both, ns and mail are served by OpenBSD 3.2, firewalls are OBSDs pf, and the switch and routing fabric is Extreme Networks', which runs ... well, they won't tell, but everybody who ever looked at a Summit or Diamond knows...
In short, this is pathetic. The topology used is highly unlikely to be deployed in a working environment, critical infrastructure is based on Unix, not Windows (PDF file containing the topology, 127kb), and the rules exclude some of the more powerful attacks.
What will this challenge prove? For the successful attacker, it proves a modicum of knowledge, and for Microsoft or Oracle it proves nothing (other than the fact that there are things even eWeek won't run on Windows).