most of the topics.. are still in development and are not yet used by default
  .. Kicksecure has adopted a best-effort, but admittedly quite weak approach
  CFI, SafeStack, automatic stack variable init..unlikely..due to.. resourcing
  kernel security issues.. are rooted deep within its design
  upstream developers are not very focused on serious security enhancements