Without splashy narrative and quantifiable risk the vendors won't change and the general public won't perceive the danger of unsupported devices. Public bounties are one way to change both so this seems like a reasonable project with net benefit.
A better analogy is a product safety bulletin, if your stove has a design flaw that can burn down your house the main difference is whether you or the manufacturer knows to do something about it. The bugs exist and people exploit them, it's mostly a question of whether the general public is aware. Breaking into houses requires a lot of labor to scale, exploiting software bugs doesn't so past some point more people knowing about them doesn't increase risk in the same way.
After 25 years of this debate it's pretty clear what works.
Let's say there's a group of people living a small, old house. They have the money to move to a bigger, newer one, but there's sentimental and other value to the one they're in.
Yeah, they don't have the latest door chain and fancy security systems, but that just means they don't open the door to random people who come knocking and are more careful and wary of burglars.
Now imagine a real estate company paying people to try and break into houses like theirs in order to scare the people into spending money and moving to a bigger and newer house they don't want to move to, claiming that the people don't know any better and need to be FUD'd for their own good.
That sounds like an evil thing to me.