The counts alone are meaningless. I went to look at the 1 OpenBSD vulnerability reported in the last three months.
CVE-2011-2895 was reported in August of this year, but if I understand what it says, it applies to versions of
OpenBSD before 3.8.
OK. The most recent applicable release, therefore, would be 3.7. 3.7 was end-of-life and no longer supported as of 19 May 2005.
----
It's the same vulnerability for NetBSD, by the way. However it doesn't mention applicable releases.