Today's OpenSSL vulnerabilities - what are best channels for updates?

Devcentral is the faster channel so far (past experience showed). Then, F5 publishes a SOL (sec advisory). Many times, a workaround is proposed (configuration of SSL profiles usually).

F5 might change the way one can update its product in the future: allowing some base (OS) components to be individually updated, without the need of a SW hotfix.

Updating OpenSSL might have some bad side-effects: I have seen that CRL imports (performed by OpenSSL on the BIGIP) is more resources intensive with the newer OpenSSL versions (such as in v11.6) than in previous ones.