It is more the corporate culture on how security is treated .

Sure it is might convenient for NSA who probably use it when it is found , but is less likely that company of cisco size can intentionally do something like that coordinated and keep it secret too.

Perhaps only companies of Cisco size are useful to the NSA, otherwise they have too many errands to run in order to manage companies' PRISM hooks.

Or perhaps the researchers are just looking for vulnerabilities similar to the last one found.

Negligence as a term implies liability. But there's mostly no liability in software for some reason.

If you keep finding bedbugs in your house it doesn’t mean someone is intentionally putting them there. It just means that it’s really hard to get rid of all of them and more pop up naturally.

alternatively you just haven't found what keeps attracting these bed bugs, like easy prey.

That still doesn't make the bed bugs intentional.

Sure, but that’s two totally different situations with different contexts.