Their customer base are enterprise, so the issue can be addressed in private channels. There's little to be gained from making this particular breach public, from their point view. If anything, it's F5 customers who should advise their own customers downstream about the risks, when risks apply. Disclosure: I'm affected by this breach downstream at several sites and we have not been informed of risks by anyone but have been fighting fires where F5 was involved, but not necessarily blamed for anything.

But you are right, at F5's size and moneys, incentives for public disclosure are not aligned in the public's favor. Damage control, in all its meanings, has taken priority lately over transparency.