I frequently tell readers and audiences that the most widely used software in a particular category is successfully exploited the most. I've alluded to this theory as Roger's Hacking Popularity Corollary -- I've also seen it called the "Grimes Corollary" -- though taking singular credit for widespread commonsense may be a bit disingenuous. As the popular saying goes, bank robbers rob banks because that's where the money is.
When talking about the corollary, I stress product popularity and successful attacks over pure vulnerability or attempted exploit counts because some products with fewer vulnerabilities are still successfully exploited more. For example, this year and last, both Firefox and Chrome have had more exploit bugs than Internet Explorer, but the former, which have far smaller market shares, are successfully attacked less. (I work for Microsoft.)
Speaking of Microsoft, many people mistakenly believe that products out of Redmond are hacked the most -- not true. It's not surprising to me when I learn that instances of Apache Web Server are successfully hacked more than Internet Information Server, or that Adobe PDF files are exploited more than Microsoft's XPS. In fact, PDF exploits now account for the largest category of successful Web attacks. Along those lines, Adobe's Flash product is exploited more than Microsoft's Silverlight, and the PKZip format is exploited more than Rar files. The confirming comparisons go on and on, because that's where the money is. If hackers want to earn more illegal money, they will attack the most popular products and platforms.
It also important to stress most used software as opposed to most prevalent. Windows Media Player is probably installed on more desktops, but Apple's QuickTime is far more used (thanks to iPod market share) and has far more security exploits. The relatively small number of successful attacks that have occurred in the wild were perpetrated against QuickTime.
But I can't call this natural corollary an undeniable law, as I had the past a few times, now that I've found a few exceptions. For instance, I can't find any successful exploits against Tandy Radio Shack TRS-80 computers, which were all the rage in the late 1970s. Perhaps the lack of widespread hard drives and networking protected them. Back then, modems would run at a max of 60 baud per second and often cost $100 an hour to operate.
In the mid-1980s, when Apple, Commodore, and IBM were fighting for market share, incidents of malware tended to follow behind computer popularity six months to two years. That isn't surprising as it used to take malware programmers a few years to catch up with the latest platform changes. Heck, virus writers spent more than two years coming up with the first Windows NT virus after Microsoft released the platform.