Do you know how many times Microsoft has had a supply chain attack inject a critical vulnerability into Windows? Or how many times a malicious insider at Apple has added a backdoor to iOS?

Nope, and you cant possibly know because those systems are closed.

With open source software you have the ability to audit the code for vulnerabilities. We have the ability to reasonably state that that incident was an exception to the rule because its so easy to see the available code and major security incidents tend to become major news.