why do we believe their documentation, when they didn't list this in the first place?
they're either lying, or failed to disclose details previously.
why do you think they're doing a better job this time around? there may in fact be no serious threat, but now anything and everything is called into question.
The bluetooth HCI has a section for Vendor-specific HCI commands that are primarily used for custom hardware initialization on control as well as for debugging purposes. All manufacturers have undocumented commands. It's why the spec allows vendor specific commands.
If you're at the point where an undocumented bit of functionality in a product takes into question the entire company, you must not trust Intel or AMD or Raspberry PI, or all other chip manufacturers. There's nothing malicious here. There's no security issue. It's fully specification compliant. Why are you so concerned?
Frankly, I feel that if you are so concerned, you should work with the specifications to eliminate the vendor specific extensions if you feel their existence is so damning, rather then shitting on a company for following the defined specifications.
they're either lying, or failed to disclose details previously.
why do you think they're doing a better job this time around? there may in fact be no serious threat, but now anything and everything is called into question.