And that is absolutely no different than with FOSS, where you are subject to the whims of a myriad of corporate dev teams and corporate interests so sit down and STFU. You cannot even be sure there is no malware or backdoors baked in because not once has a modern Linux desktop had a top to bottom security audit (which just FYI would be frankly impossible because before you were even halfway through with the audit the packages you had already audited would be 2 to 3 versions behind and no longer relevant) and it has been shown more than 85% of the source code for the guts of your average Linux desktop have never been checked out by anybody but the ones maintaining it.
I would argue the entire Linux "you have the source code" philosophy is nothing but a giant is ought fallacy in that it assumes because there IS source code available it OUGHT to have been audited by someone who 1.- Has the years of experience in programming to understand what they are looking at and 2.- Has enough deep level knowledge of the Linux internals to understand by looking at that source how it is gonna interact with other packages (so as to tell if it has a hidden payload for another package) and whether those interactions will be safe or insecure....and there is absolutely zero evidence to back this up, in fact recent announcements like 20 year old Bash bugs being exploited give us ample evidence that the opposite is true.
So I'm sorry but it doesn't matter whether your corporate master is MSFT or Red Hat you ARE at the mercy of the whims of a large corporation who doesn't give a flying flipping fuck what you want and unless you have the skills to write your own OS from scratch? Your choice is no different than with Windows, take it or move to a product from another vendor and be subject to their whims instead..