The issue of security is crucial and will continue to grow as an important concern for users.
An article in the 27 August 2001 issue of Interactive Week by Rob Fixmer recalls a 1998 interview with then Symantec CEO Gordon Eubanks:
Everybody can see what's under the hood, so we're on equal footing with hackers. With proprietary systems intruders often have illegal means of learning things about the underlying code that are superior to the legal information at our disposal--even though we get excellent cooperation and support from Microsoft.
Gartner recommends that enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors, such as iPlanet and Apache. Although these Web servers have required some security patches, they have much better security records than IIS and are not under active attack by the vast number of virus and worm writers. Gartner remains concerned that viruses and worms will continue to attack IIS until Microsoft has released a completely rewritten, thoroughly and publicly tested, new release of IIS. Sufficient operational testing should follow to ensure that the initial wave of security vulnerabilities every software product experiences has been uncovered and fixed. This move should include any Microsoft .NET Web services, which requires the use of IIS. Gartner believes that this rewriting will not occur before year-end 2002 (0.8 probability)
Any one can scan the GNU/Linux code for vulnerabilities (and for inefficiencies and bugs) and as they are discovered the solutions quickly become available for all to access. Of course, the unscrupulous can also scan the code for opportunities to attack a system, unlike proprietary code where only a few have access to the source code. But would you prefer security by obscurity or security by peer review? It is a choice!