Stuff like SELinux is an incredible tool that can help protect against most threats, and really there is no reason for not utilizing it in present day.
tl;dr: The Linux kernel team view all bugs as a possible security issue. The CVE assignment teams tries to minimize the number of Kernel CVEs because corproate policies mandate fixing CVEs in 30/90 days. There's a lot of politics.
