Linux kernel source code

You've got the whole source code to the kernel, so you can:

Modify it to support new hardware

Modify it to support new security paradigms
Prevent users from running setuid programs unless they're in group 'staff'
If uid == 502, allow user to only read files ending in 'e'

Modify it to remove any security checks
Better speed for embedded systems

Use advanced security patches, such as LIDS, GRSecurity, SELinux, RSBAC, OpenBSD's systrace, and more
Probably better than rolling your own security patch.