Honestly...no. I don't think so.Security is much too much of a cat and mouse game at this level, where you're specifically fixing things to deal with attacks. There will always be another vulnerability, another bad coding practice that someone comes in through. It's not provably secure (it's in C and has le five zillion config options; among other things); it's not secure by design (wasn't designed for security); it's not even secure by effort (Linus is not a religious fanatic about security).
So the sane approach until a fully redesigned system comes by is to assume that it only provides a thin layer in the defense game and partition access levels and security controls appropriately.
I don't want to sound overly hostile here, but have you actually read the post? Many (if not most) kernel bugs can be mitigated with existing technology, and there's ongoing research that will bring this down even further. There are certainly scenarios where assuming that any level of compromise may be significantly deeper than you imagined is the correct response, but that's not a supportable response in the majority of cases.
Looking at it another way - if application security is important, the game is over, the attacker has already got in via the network. We're bad at writing applications, so we shouldn't expose them to the internet.
All of the above. Do the best you can at network security, and try to get better. Do the best you can at application security, and try to get better. Do the best you can at kernel security, and try to get better. And do the best you can at intrusion detection, and try to get better.
