I used to be a security freak guy. Using the Gentoo Hardened, GRSecurity PaX/RBAC, customized ACLs, etc. IMHO is a high-quality piece of software, very polished and well-designed... I'm a Ubuntu guy today. For my small business, such level of security is too much time consuming, drawing me back. It's kinda sad.
You know, that's the problem. There is basically no reason why this is so hard.
Many security features could just be enabled by default by major distributions with hardly any downside. You don't even have to look at grsecurity. Just using pie binaries to enable proper ASLR would be a start.
I'm not well versed enough to understand whether "Just using pie binaries to enable proper ASLR" is included, but the chart does show green against various things mentioning ASLR. It looks like specific packages are built with PIE, too.
I used to make my own Linux distribution, from scratch, with Grsecurity, PaX/RBAC for everything.
Then it wasnt so usable, when I needed new packages/software, or upgrades, compiling was tiresome, and I didnt know how to make a package manager, or how to automate everything.
I assumed somebody else would do it, a big multi billion dollar company perhaps, since I was just 16 year-old doing that over a summer, they would do better, right?
Oh how sad. Nobody really cares about security.
Since, enterprises just use lawyers instead of security.