The first paragraph of this Network Computing Feature should be a wake up call for anyone on the internet who does not take security of their servers seriously.
Following on from the first alarming paragraph is a lengthy 9 page feature on various vulnerability scanners. The article clearly demonstrates that while vulnerability assessment is not a miracle cure, it is an important part of the solution as are security awareness, vigilance and adhered to security procedures.
For the short version - Nessus is the clear cut winner, beating out many of the established commercial offerings.
Consider the facts: Hundreds of new vulnerabilities are being discovered annually, dozens of new patches are being released monthly, and thousands of systems are already behind the security eight ball. Compounding matters, when opening your perimeter for consumers and business partners, system-level security becomes even more critical as it forces an increase in exposure points. Make no mistake, the odds are not in your favour--you have to patch every hole, but an attacker need find only one to get into your environment.