We found it by investigating the security of SSH as part of a larger research program focussing on SSH, which also resulted in our publication of the Terrapin vulnerability.
This particular bug basically fell into our hands while staring at the source code during our investigation of the security of SSH client signatures.
This particular bug basically fell into our hands while staring at the source code during our investigation of the security of SSH client signatures.