But this is a problem of bad security people, not (only) bad kernel.
13 years ago many security people was thinking about perimeters, DMZ, etc. thinking that internal net was safe, because "in control" of security people. Only to discover that they were very wrong: people attached modems (then laptop, then USB disks) against corporate rules.
I think now we have the same problem: some people think that kernel is unbreakable (it they update quickly after announced CVE), thus tend to trust the "computer perimeter" too much.
IMHO if a system can kill a man because of a kernel bug, it means that the security responsible was very incompetent.