I don't count myself amongst your ranks in the industry, but in the 21 years I've been absorbing and passing on knowledge of the anti-malware field I've had the privilege of learning from (and even debating with) some of your pioneers and brightest minds.
When I realized that a major anti-malware vendor had a significant relationship with a malware vendor I was understandably taken aback because it goes so completely against the grain of the core ethical principle of the Anti-Malware Community (or at least what I understood it to be after all these years) and the rationale used to extend it to the various prohibitions the Anti-Malware Community and Industry are known for.
That core ethical principle is that causing people to become afflicted with malware is wrong. It should come as a surprise to no one that causing harm with malware is fundamentally incompatible with the aims of anti-malware, and one might even liken it to an anti-malware version of the Hippocratic Oath.
The prohibition against malware creation was born of the understanding of two things. First, that a malware's creator bares at least partial responsibility for the harm that malware causes (something even some malware authors themselves have come to realize over the years). Second, that even when you share such malware only with people you trust it, can be exceptionally difficult to make sure you don't trust the wrong people. There have been multiple examples over the years of malware created for no malicious reason but which fell into the wrong hands and found it's way into the wild; and that's not including the people who share their "research" malware indiscriminately.
The famous rule about not hiring malware writers is a special case of the prohibition against rewarding malware writers. That prohibition came about as a result of the understanding that rewarding someone for doing something that you aren't allowed to do yourself, while not a violation of the letter of the principle you're supposed to be upholding, definitely is a violation of the spirit of that principle. By creating a reward for something that we know can cause harm, even with the best of intentions and the most stringent of care, we would still be part of the chain of causation that lead to that harm.
The reason I bring these up is because, under this rationale, I really don't see a substantial difference between partnering with a company that employs malware writers and employing them directly oneself. I'll leave speculation for how that could have been overlooked by members of the industry for another time, but I would like to invite members of the industry, the community, and frankly even people who simply don't want to become victims of malware and who happen to agree with me to express their support for the following principle by leaving a comment:
Partnering with a company that employs malware writers does not differ substantially from employing those malware writers oneself and as such should be avoided with equal care.