Results of a 2006 statistical study done by Andy Ozment and Stuart Schechter, MIT,
Milk or Wine: Does Software Security Improve with Age? that reported an overall vulnerability density in OpenBSD distributions from version 2.3 till 3.7, presented at 15th USENIX Security Symposium in 2006:
https://www.usenix.org/legacy/event/...t/ozment_html/