Comment by darkarmani

> Yes, that's the whole point! The real malicious actors aren't going to notify anyone that they're injecting vulnerabilities either. They may be plants at reputable companies, and they'll make it look like an "honest mistake".

This just turns the researchers into black hats. They are just making it look like "a research paper."