regarding enterprise distribution security

At some points, I was wondering, if it really is that good to use only te free and community-built Debian distribution on my servers, because I've become sceptic with at least two issues: one was when Debian security updates were delayed because of lacking manpower, and the other was when it has been uncovered that there was a patch introduced in the changes of the Debian OpenSSL maintainer, that actually made the software produce insecure ssh keys.

So, at so me point I thought that "enterprise" distributions (doe it actually mean distributions made *for* and enterprise or *by* an enterprise?) might give better a better warranty to let such things not happen.

But, here's a proof and an actual case that things like that happen in those enterpeise distributions, too: Redhat hat an intruder in their network, who seemingly even managed to introduce malicious or changed code and signatures into the openssh package!
Doesn't really sound too promising, I guess. As well as the fcact, that the enterprise sponsored Ubuntu distribution was also hit by the Debian openssl-bug - so they don't really take do additional security reviews or whatever for their packages - mainly, they just take what debian gives them...

So, there's not much reason to go to an enterprise distribution, but probably technical ones, if they occur. Currently, I keep being happy with Ubuntu on my Laptop, but sticking with Debian on servers, even though I have to admit, that Redhat and Suse deliver some interesting technology parts, which I like to look at.
Ubuntu for Servers still sounds strange to me, and I don't see the reasoning behind that. I'd support and help customers who insist on using it like that, but when asked, I'd always recommend Debian as the dpkg-based distribution of choice when talking servers.