Deleberate Malware Insertion

Hi
This question made me sit and think for a while. I was wondering why deliberately inserting malware into code you are developing is not an example of negligence. It’s a test process isn’t it? I’m sure when developing anti-malware software, they need some sort of testing process to see how well his/her/their software copes with the real malware. And when developing a software, don’t developers or testers attempt to break and exploit software to see its weakness, and how well it performs, to evaluate its capability, attribution, and etc?