The table making its way onto various websites can be found on page 40 of the report. Websites copying this table state that it lists the percentages of unpatched known vulnerabilities in each operating system (here or here) - but reading the accompanying text blob, I can't help but think that's not what the table lists. If I'm reading it correctly, the table lists the percentages per platform of the total amount of disclosed vulnerabilities. The text blurb:
That seems pretty clear to me; they are looking at the share each operating system has of the total amount of reported vulnerabilities. Still, that doesn't mean this report has any significant meaning on this specific subject. As has been said many times before - just counting vulnerabilities isn't a good measure of security.
At the end of the day, what matters is not only quantity, but also quality. Any report on security that does not take severity into account is a little hard to take seriously when it comes to making general statements about a platform's security record. The report does tell that 1% of the total amount of reported issues has the critical severity rating, but it doesn't break it down per platform.
This report by IBM sates that AIX is the most secure, but by not having any information on severity, this conclusion reeks of "We from IBM recommend IBM...", greatly reducing confidence in this report.