Absolutely. These articles erode trust in the competitors of Google. The fact that Apple was aware of the vulnerabilities and in the process of fixing them is lost on the public. They were apparently working on fixing these bugs for 10 days prior to Project zero.
Maybe this sensationalism furthers the public interest by turning software security into a weird zero-sum game where every company is trying to break their competitors products. But I can also see how cases like this creat a negativity that prevents companies from collaborating to fundamentally improve security.
> But I can also see how cases like this creat a negativity that prevents companies from collaborating to fundamentally improve security.
The security community works like this (public responsible disclosure), _because_ companies overwhelmingly proved that they couldn't be trusted to collaborate with security researchers.
> They were apparently working on fixing these bugs for 10 days prior to Project zero.
That’s not what the Apple press release says. It says that it took them 10 days from when they learned about the bugs until they had “resolve[d] the issue” (fix implemented? released?).
Presumably Google contacted them sometime in between when Apple first learned about the bugs and when they finished fixing them.
> Maybe this sensationalism furthers the public interest by turning software security into a weird zero-sum game where every company is trying to break their competitors products.
This isn't a Maybe. Narrowing in on the statement of fact "where every company is trying to break their competitors products," query Ben Hawkes of Project Zero for an exact quote, but this about 100% lines up with it.
Maybe this sensationalism furthers the public interest by turning software security into a weird zero-sum game where every company is trying to break their competitors products. But I can also see how cases like this creat a negativity that prevents companies from collaborating to fundamentally improve security.