OpenSSL cannot share with OpenBSD team because the OpenBSD team would not think twice about committing those fixes, making those issues public.
[A founding value of OpenBSD is about making anonymous access to their code repository: they develop the same tree that we see. Believe it or not, this was a radical stance for its time.
This is contrary to NetBSD's policy at the time of the fork: their code was only published at time of release, making contributions very difficult for outsiders, and withholding security fixes. Theo suspected people with commit access developed attacks based on these changes prior to next release.]
I can't recall any time where OpenSSH security fixes were withheld. Although OpenBSD developers do not take the time to evaluate whether a bug may always be exploitable, they do not hesitate to announce the possibility. http://www.openbsd.org/errata.html
This is contrary to the approach by Linus on the linux kernel, where security issues "are just normal bugs", placing the responsibility of downstream vendors (and attackers) to evaluate whether they are also a security issue, https://lkml.org/lkml/2008/7/15/648
