Microsoft has adopted and appropriate free software code. It's failed to adopt free software practices. The risk here is rather similar to the one pointed out (with a certain charming amount of repetition) by our very own LAME, ASD some years ago: the secretary's got the source code.

I was watching an NT 4.0 WS system here boot the other day, and something caught my eye. "Build 1381". That's the same build of the NT 4.0 kernel that I had on my desktop in 1997. Proprietary code has a strong tendency to rev very slowly, and a given build of a program may be extant in large numbers for years. Part of the security of free software comes in the quick cycle time -- people outrun the bugs. The other side of the security coin comes from the rich multitude of software versions out there. While it's (sometimes) a nightmare for compatibility, it also makes the cracker's job more difficult -- scripted attacks are likely to work against only a small number of vulnerable systems, just by virtue of the changing target syndrome.

I'll wager that a significant portion of Debian systems are already revved past this week's zlib flaw. I'll also wager that in three years, a significant portion of proprietary software systems based on zlib code will continue to exhibit the exploit, while the GNU/Linux and other free software systems have moved far beyond it.

Food for thought: you can't half adopt FS.