Grsec has been removed from many projects because of trademark dilution
   or something. Maybe grsec should revoke the license for using outdated
   grsec when compiled in future operating systems.
    More open source projects would be more likely receive money if right
   after the EULA page in the installer, it listed the amount paid to each
   open source project (to paraphrase The Simpsons, zero is an amount).
   (although the EULA text for many installers include a portion that
   people are supposed to remove)
   Despite that, projects backed by large groups aren't that secure.
   According to Zerodium price chart, the manpower cost to create a remote
   jailbreak exploit for Android and Windows is less than one manyear,
   which should be severely humiliating. Or at least there should be
   humiliating memes circulating.
   Google makes billions. Apple makes billions. Microsoft makes billions.
   Black Lives Matter receives a hundred million. There might be a
   psychological factor in paying someone to work for you who you can't
   actually boss around. This has impaired the global economy.
   Those billions go without saying, come from somewhere. Celebrities
   promoted Tor, but there hasn't been much done to improve internet
   security, particularly since they are popular victims (actually many
   were wiretapped by Anthony Pellicano). Sure, there was the Trustworthy
   Computing Initiative, and the Core Infrastructure Initiative, but
   somehow the Open Handset Alliance didn't produce a secure operating
   system. There exists the concept of consumer cooperatives, but most
   nonprofits are nearly as democratically run, and somehow we ended up
   with the great reform of moving metadata collection to the telephone
   companies in a democracy. Many non profits could stand to explain their
   large allowances for travel.
   Subgraph OS exists, but it doesn't aim to be amnesiac or allow for
   non-Tor use. Very few other operating systems seem to achieve that
   degree of hardening.
   Let's consider the math for this. You can include strong security
   features, but it would cost 50% more time or something. According to
   the pareto principle, 80% of time is spent on 20% of problems, although
   I wouldn't know the applicability to software. Some time ago,
   Cloudflare didn't realize an html parser was crashing, and when they
   improved the performance of it, it resulted in Cloudbleed. Just in time
   compilation on browsers have shown to have problems.
   Personally I think a hybrid kernel based on KVM would be best, but I
   don't know anything. At least it would allow the user to set certain
   applications as amnesiac. Obviously any application that can make
   arbitrary connections is untrustworthy.
   [1]https://en.wikipedia.org/wiki/List_of_open-source_hardware_projects

References

   1. https://en.wikipedia.org/wiki/List_of_open-source_hardware_projects