What is the story with Project Zero? What is the strategy here?
If you think about it, pointing out flaws in competitors' products is actually unusual for businesses, especially large ones. It raises questions of motives, of trust (are they drumming up business in a negative way? Can I trust what company X says about their chief rival? Are they exaggerating or spinning it?), and it looks unsavory: You don't win in the court of public opinion by insulting the competition, right or wrong; you just look like a jerk. Also, there's a liability risk, which adds legal costs to otherwise free blog posts - 'can't you guys just find Linux bugs?'.
On the other hand, it might improve security for everyone if Apple and Google started competing to publicize each other's flaws. :) (But I'd bet the noise of accusations and counter-accusations of errors in analysis, misleading statements, etc. would soon drown out the technical info, and then the lawsuits would begin ...).
I don't think Project Zero ever analyzed something that isn't used at Google (for example with the Apple stuff: somebody at Google has to build the Google iOS apps).
Wanting to know what's going on on the corporate network is the job of a corporation's IT security unit.
The publications serve to force vendors to fix their mess. Microsoft already complained that the 90 days limit by Project Zero is unfair (and got a 14 days-to-next-patchday extension). And there are other experiences from researchers adhering to "responsible disclosure" schemes where the vendor only became active once publication was a real threat.
If you think about it, pointing out flaws in competitors' products is actually unusual for businesses, especially large ones. It raises questions of motives, of trust (are they drumming up business in a negative way? Can I trust what company X says about their chief rival? Are they exaggerating or spinning it?), and it looks unsavory: You don't win in the court of public opinion by insulting the competition, right or wrong; you just look like a jerk. Also, there's a liability risk, which adds legal costs to otherwise free blog posts - 'can't you guys just find Linux bugs?'.
On the other hand, it might improve security for everyone if Apple and Google started competing to publicize each other's flaws. :) (But I'd bet the noise of accusations and counter-accusations of errors in analysis, misleading statements, etc. would soon drown out the technical info, and then the lawsuits would begin ...).