Why not the developers using grsecurity suite in their Pure os kernel. Currently grsecurity is in lawsuit and the developers can still use the minipli’s unofficial code. But developers can also redesign the kernel for better memory safety. And last but not least Pure os should use apparmor instead of Selinux because of it’s NSA background. Developers should also use free init system such as openrc or gnuDMD.
Purism originally planned to use grsecurity, but later decided that this wasn’t feasible.
I can only find sources that they were planning on using it. If someone can find the explanation for why they decided against it, please post here.