The paper just came out, and we are still researching all the details at this point.
First, understand that the issue is not with PGP (or rather, an issue with OpenPGP) but is a concern that the key you've generated might be weak (e.g. have small factors) or share factors with some other key generated by someone else.
The paper says they checked 5.48 million PGP keys. Of these, about 400,000 are RSA keys, and there are only 28 RSA modulii that are shared. In one instance they could determine that the modulus was shared by keys for the same owner, while for the other 27 cases they couldn't realy tell. They perform a similar analysis for DSA and ElGamal keys.
OpenPGP has been a standard since 1998 with RFC 2440. PGP keys can be generated by quite a wide variety of software (old versions of the "original" Pretty Good Privacy, current versions of PGP Desktop from Symantec, GnuPGP, CryptoEx, BouncyCastle, etc. etc.) so it may never be known what software was actually used to generate "suspect" keys.
For our products, we take entropy collection and random number generation very seriously. We've been submitting versions of our PGP SDK for FIPS validation since 2003 and we've been publishing our source code for cryptographic peer review for even longer.
We test for small prime factors implicity for RSA by using a sieve. Our main test is a Miller-Rabin primality test that we run to assure that the resulting number is prime with error probablity of 2^-112 (as recommended by FIPS PUB 186-3). With proper random number generation, small factor rejection, and good primality testing, the likelyhood of someone sharing a factor with you is astronomically small.