So does Cisco. They just need to be able to say "we didn't know"...they need deniability.
Which begs the question, why did Juniper blow the whistle?
Juniper could have simply released a patch "to resolve security issues" without significantly harming the company's reputation. There is probably a very good reason they didn't do that. Perhaps someone threatened to go public with the details unless Jupiter management did so first.