Really? I have to admit, I just don't understand the corporate "security" logic, then.
You don't update a crappy 10-year old browser full of security problems, and yet you let another piece of software (with potentially even more security problems) update itself quietly behind the scenes, totally out of your control?
... and then you actually make your enterprisey software applications depend on that piece of software, which you have little control over?
Security usually isn't the reason. Typically they have old versions of large software suites (like SAP) which had a ton of custom development done by external consultants, worth millions of dollars. If they want to upgrade to a new browser, they need to upgrade to a new version of the platform, which in turn means upgrading all those custom developed solutions. The cost outweighed the benefit for a long time.
It's no longer that much of an issue though. IE6 is starting to die off in the enterprise space. Once apps get on IE7 they're easier to upgrade thanks to microsoft's backwards compat support in newer IE's. I'm hopeful that IE9 will get adopted more quickly than IE7 and IE8 did.
You don't update a crappy 10-year old browser full of security problems, and yet you let another piece of software (with potentially even more security problems) update itself quietly behind the scenes, totally out of your control?
... and then you actually make your enterprisey software applications depend on that piece of software, which you have little control over?
I just don't get it.