Project Zero is a Google initiative that tries to make sense of online security and find serious flaws and exploits in the products we use every day. They folks behind the wheel do an excellent job at this difficult task and have worked with the companies that make our phones and televisions and thermostats and anything else to keep us a little bit safer from online threats. But it's also a group that shouldn't be working under the Google umbrella.
We don't need to know details to know that something looks fishy.
This is plain to see when we dissect the most recent posting from the group about a security issue — which was patched and no longer a worry — that allowed malware creators to spy on iOS users just by visiting a website. At least that's what the public announcement said, anyway. Turns out that other operating systems, including Android, were vulnerable, too, and that the websites in question were mostly China-based. Naturally, everyone started calling for blood and was sure that Project Zero was only trying to cover for Android because of the whole Google affiliation.
That's probably not the case this time, though it's easy to make that leap. What we aren't privy to is the entire discovery timeline and the agreement about disclosure between Project Zero and other smartphone vendors. I'll leave off the bit about China also being part of the world with real people who use phones that are every bit as important as their western counterparts and blame overzealousness as the reason that this being China-based was a problem. In any case, none of this matters because what we do know and what we did see makes it look like Project Zero was covering the Android ecosystem, and therefore for Google. And that sucks.
Project Zero would be just as effective on its own (with lots of money from "big tech").
Now I'm not a corporate executive and I'm not pretending to be; armchair CEO-ing sucks no matter who tries to do it. But even I can see an easy fix for this problem (and it will happen again): move Project Zero out of Google and set it up as an independent group funded by more than one company.
We need Project Zero because most people smart enough to do what it does have a full-time career keeping other companies safe and secured. But we don't need the sideshow that any sense of impropriety creates. An independent group funded by Alphabet, Apple, Microsoft and the rest of the names behind the products we buy would be just as capable and less suspect to falsifying results or being accused of it.