Check our Weak Links on Vulnerabilities and OSS openness

Great as Debian is for stability, they don't apparently pass-up their work, at all times, upstream; like this gaff http://practical-tech.com/operating-system/linux/open-source-security-idiots/ that effectively leave all work based on it wide-open to unaccountable, un-checked, work; Debian is also one of those groups that would make, say, a business uneasy: in business school the tech-CEOs that would visit said it was the zealous rebellion of OSS that made them avoid it: and Debian is one of the examples with the sometimes religiosity that arises, (such as IceWeasel, was a fork over an ICON necessary?).

Ubuntu is pretty level-headed...and I like it for that. But its roots, its foundations...are iffy. What I'm hoping for is some kind of information work to be done to examine how to shore-up those weaknesses, as well as create more accountability, and perhaps obtain a promise from Debian to pass their work upstream rather than leaving us all guessing.

Basically, I think Debian, while a great strength, may also be Ubuntu's weak link: and the chain is no stronger than that.

Smarter people who know more, please begin. Thanks.