And if you rule out "all companies like Google", you've basically ruled out everyone with enough capital to donate to research, depending on your definition of "like Google".
And really, it absolutely is a donation. The ROI on Project Zero is likely 50x or more less than if that money went to the marketing team.
If you don't want to engage in discussion why are you even commenting here in the first place?
You are saying that this gives more power to google and someone asked if you could elaborate on why you think that. Not everyone has the same background and what may be obvious power to you may not be to others. This forum is supposed to be participated in with good faith.
Thankfully there are many ways to participate. But maybe I was a bit short. My point is that if you don't 'meet me half way' I can't do the subject justice in a forum where a significant number of the comments arguing that point is hidden. That increases my effort to make an effective argument and diminishes my returns for that effort. Especially since I don't feel that strongly about it. You are better off trying to find a blog post about it that won't disappear in a couple of hours.
But on the other hand meta isn't that interesting either. If large companies wanted to do security research that wasn't objectionable to people they could do so by consensus, standards and agreements. No one could really question that. Instead the idea is largely that "the ends justify the means". That is what people tend to disagree with. That large companies can unilaterally decide how things are done, not just for themselves but in a way that affects other companies or their users. It doesn't really matter if it is for good or best practice because it is about them, especially as large companies in the industry, having that influence.
