Android relies heavily on the Linux kernel for enforcement of its security model. To better protect the kernel, we’ve enabled a number of mechanisms within Android. At a high level these protections are grouped into two categories – memory protections and attack surface reduction.
Nice, now backport that to your user base that’s on KitKat ( 30.1% ), Lollipop (35.1%) and Marshmallow (13.3%) please. Oh, no, you’ll only push that for devices that will be sold in Q1 2017? Meh
Uh… that’s the case for most software ever written.
It’s worse for Android though where often the major Kernel version that shipped with your device is the one you’re stuck on. My phone is currently running a version of 3.4 despite the fact that the the Rom was built 5 days ago.