For the enterprise, that leaves SUSE. Personally, I think the best thing enterprise environments can look at are firms that provide support for FreeBSD, like Klara Systems. [klarasystems.com] Since they don't make a "distro" and FreeBSD is a full OS controlled by a foundation, your support guys can't pull the rug out from the open source community. Plus, since they don't own the system, their bug fixes go to the foundation, not their fork of it. Allowing the support guys to own the code is a recipe for disaster—they're incentivized to lock you in and implement Oracle-style anti-customer tactics. Unfortunately, the guys who pay the bills tend to like the IBMs and Oracles of the world.

Recently I need to care a lot of false positive vulnerabilities in scanner results on Apache version.
Example of false positive vulnerability:

Apache 2.2 < 2.2.16 Multiple Vulnerabilities
Our

r