I think of it more as their attention to quality in their code:

Given the 'quality' of most code, especially under commercial pressure, it's no surprise that much more effective tools will find many more vulnerabilities. Did OpenBSDs quality approach work in this respect?

A local escalation in BSD is still apparently worth a front page post here, so that seems pretty good.

I wonder why we don’t see more about local escalations in Windows. Of course, being closed source is a little bit of a barrier, but these tools can read assembly pretty well, right?

I’ve heard a couple people say that Microsoft has patched a record number of bugs internally this year so it might be the case that it’s simply more opaque because it’s initiated internally and doesn’t involve a public Git repo or a third-party researcher.

You don't hear about them because you're probably not paying attention to where all the Windows admins hang out. Nearly every single patch tuesday over the past couple of years has been an emergency race to get things patched as soon as you can, for both local and remote exploits.