How many of those companies have actually modified busybox ?
How many of those devices really require (meaning, have a real hard dependency on) busybox or any of it's replacements (or the ones replaced by busybox in the first place) ?
For a long time busybox infringements have been exposed in public, but other components (probably much more important, like kernel and some core libraries) have not had the same mediatism (most of them are LGPL, but that also has some obligations).
I agree with mjg59 on this. As an author, I give rights and I expect those rights to be not only understood, but to be fulfilled.
However, Bruce does have a point. Some companies are so complex that this obligations are lost along the path, and, perhaps due to bad technical management issues (and lack of proper configuration management) hard to comply.
I do work on a non-free (commercial) product, based on many individual licenses (GPL included). All our modifications, derivatives, or otherwise anything that we know it's based on GPL or has strict dependencies on GPL products [or other non-permissive licenses] is kept on a "public" folder, which we do indeed make public. The design of our VCS, our build system, our package management system, was since the very beginning designed to allow for a quick extraction of licences and code bellowing to 3rd parties. This eases our GPL-compliance (and other licenses compliance), and, since it's deeply embedded in our process, avoids making mistakes. Mistakes can happen, we just have to make sure we do everything to minimize them.
Again, why is busybox so important here ? [disclaimer: we do not use busybox at all :P ]