The link above is a link to Secunia, which tracks security issues for many products.

Interpreting the data is definitely subjective, for the following reasons:

• If an application is constantly being tested and reviewed for security issues, problems will be found more quickly.
• Applications with reports of many issues may simply be tested better than others.
• Applications which are very popular will also have a greater presence, as this implies greater testing.
• Development teams that are very concientious and report issues frequently will cause a greater quantity of reports than more reserved teams.
• Development teams that refrain from reporting security issues may consider that a valid approach, by reducing the information available for malicious users.
• Some applications have fundamental issues that make them more vulnerable than others.

After reviewing the reports for an application, there are several courses of action.

• Check if the application has been compromised on your server. Immediately apply any recommended upgrades or patches.
• Review the application documentation and the site/forum for additional tips on securing the application.
• Review any appropriate server security practices.
• Determine the value of any data or content involved, with an eye toward the cost of replacement or porting to a different application. Be sure to include the cost of training, learning curve (both for users and developers), administration issues, etc.
• Consider a web application firewall such as mod_security (http://modsecurity.org).
• If you have sensitive data or ecommerce, consider a hosted solution.
• Repeat

An application that can power multiple sites can greatly reduce maintenance.