Well,

Using number of applications vulnerabilities and OS market share isn't a particularly useful statistic?

I think that this is the relevant consideration:

If you look through the US-CERT List you'll see that quite a few of them are actually 3rd Party software... which (for the most part) would be OS inspecific.
The vulnerability count does not refer to the operating system per se, most of them are related to applications that happen to run on a particular operating system. I must admit that I did wonder how *nix could chalk up 2,328

Another consideration would be how many of these "vulnerabilities" have actually got exploits in the wild?

And again, how many of these vulnerable applications are you running, and are you actually exposed?

For example (crude) say there are 5,000 vulnerabilities and only one person in the whole World is running them..................who would care.

On the other hand, if there were only 5 vulnerabilities and 90% of Humanity was running them, it would be a different story?

Just a few thoughts