I’m an absolute sucker for exquisitely hardened distros. Hence, distros like Qubes OS and Kicksecure have rightfully caught my interest. However, the former’s hardware requirements are too harsh on the devices I currently own. While the latter relies on backports for security updates; which I’m not a fan of. Thankfully, there is also https://github.com/secureblue/secureblue/.
Contrary to the others, secureblue is built on top of an ‘immutable’ and/or atomic base distro; namely Fedora Atomic. By which:
It’s protected against certain attacks.
Enables it to benefit from more recent advancements and developments that benefit security without foregoing robustness.
If security is your top priority, Qubes OS is the gold standard. However, secureblue is a decent (albeit inferior) alternative if you prefer current and/or ‘immutable’/atomic distros.