We do see it! Do you not remember the Snowden leaks?
Shit hasn't changed much. We still have monolithic kernels written in portable assembly. Linus still doesn't tag bug fixes with potential security impacts as such because he is more worried about unpatched consumer garbage (which compromise all low end phones). When your mitigation for such problems is to not make it obvious, then your OS is not safe enough in safety critical settings (which includes consumer devices).
Process isolation would downgrade the vast majority of critical Linux CVEs to availability bugs (crash a server but not compromise it).
Just because governments don't need to reach for RCE everytime doesn't mean that it is safe. Th fact that such bugs are so cheap is an indication that your safety margin is too thin.
Shit hasn't changed much. We still have monolithic kernels written in portable assembly. Linus still doesn't tag bug fixes with potential security impacts as such because he is more worried about unpatched consumer garbage (which compromise all low end phones). When your mitigation for such problems is to not make it obvious, then your OS is not safe enough in safety critical settings (which includes consumer devices).
Process isolation would downgrade the vast majority of critical Linux CVEs to availability bugs (crash a server but not compromise it).
Just because governments don't need to reach for RCE everytime doesn't mean that it is safe. Th fact that such bugs are so cheap is an indication that your safety margin is too thin.