"secure commercial product"
I assume you implying that closed source is more secure.
Doe you really believe that? Why?
- Do you think security by obscurity is real security?
- Do you believe that closed source has more code audits?
- Do you believe that there is less change of NSA or other back doors in closed source software.
"IIS was never vulnerable..."
Really? Try a search for "IIS SSL vulnerability".