[kortilla]

>they're harming the competitor's reputation by exposing a legitimate flaw in the competitor's product, I don't think that causes societal harm, no.

Well it’s not necessarily that simple. Exposing a flaw without adequate time to develop a fix could cause net societal harm. This is especially true if it’s a bug that would have been discovered and fixed internally without any public disclosure.

[Wowfunhappy]

Overall, sure, but Project Zero follows responsible disclosure.

[cptskippy]

Calling something "responsible" doesn't make it so. When Google first started this "responsible" disclosure in October of 2014 with Microsoft, Microsoft had a fix setup to be released on Patch Tuesday and asked Google if they could wait to disclose it until then. A mere two days. Google refused and released details on Sunday.

How was releasing the details 2 days early responsible or beneficial? At best it got customers worked up and made them question Microsoft's patch policies.

Do you think in the intervening 2 days anyone took any actions knowing the patch would arrive Tuesday?

Google hides behind "responsible disclosure" as an excuse for using Project Zero tactically to do PR damage to competitors.