Their security team should vet all of these devices, create environments where it's safe for them to be on the network, and ensure they're kept up to date also?
The point is they shouldn’t need to test everything and someone self submitting an add on for review to be featured isn’t what triggers an additional device.