After the Aurora hacks, major American tech companies took a serious interest in their security. Google expanded its security teams with idealistic recruits, and from 2010 onwards, started paying increasingly high bounties to hackers who were willing to report zero-day exploits to the company directly. Google also sponsored hacking competitions. Although brokers like the bold and unscrupulous “Wolf of Vuln Street” mocked Google’s efforts, many hackers preferred Google’s comparatively lower bounties over the higher sales through the usual zero-day market. This was because hackers were frequently exploited by brokers and buyers, and Americans were being increasingly priced out by hackers based in eastern Europe and Asia.

Two young Dutch hackers named Michael Prins and Jobert Abma made a name for themselves by hacking large companies and offering to fix the vulnerabilities for a price. They started in the Netherlands, then moved to the USA. When they contacted Facebook with this modus operandi in 2012, they were immediately hired for the job, and Facebook began its own bug bounty program. In 2014, Microsoft’s Head of Hacker Outreach, Katie Moussouris, finally managed to persuade the company to start a bounty program of its own. Also in 2014, Prins and Abma approached Silicon Valley investors and proposed establishing a trusted platform allowing hackers to report bugs on different systems to the developers of those systems. The platform, called HackerOne, was an immediate, overwhelming success. Many major corporations signed up, including the Pentagon. Although the government’s 2016 outreach program, Hack the Pentagon, was initially met with skepticism and outright hostility from hackers, its legitimacy was eventually proven. The Department of Homeland Security finally began increasing the budget of the bounty program to match its growing success, though it remained a mere fraction of the budget designated to offensive cybersecurity development.

The Snowden leaks instigated an info-war between government agencies and tech companies. Employees were furious to discover that the NSA was harvesting user information as it passed unencrypted between Google servers, since the company had hitherto thought it necessary only to encrypt data passing through the open internet. Security consultant Eric Grosse led the charge in patching cracks in Google’s security, spearheading a research group called Project Zero, which aimed to eliminate the zero-day exploits in the third-party software that Google services relied upon. Project Zero researched zero-day exploits, informed companies of the vulnerabilities, and then published their findings after a grace period of three months. This last action was taken partly to force developers to hurry and patch the vulnerabilities and partly to facilitate long-term improvements in system security.

Tim Cook, a lead developer at Apple, was committed to privacy and vowed in a meeting with the president that Apple would encrypt everything on their devices to better secure the data. In 2014, the new iPhone 6 did exactly that. The FBI, lacking the hacking acumen of the NSA and CIA, was enraged by these new encryption protocols. The FBI claimed that this “going dark” would cause a loss of the intelligence needed to combat threats from terrorist organizations such as ISIS. In 2015, a terrorist attack prompted the FBI to take Apple to court to demand that the company assist in circumventing encryption on the deceased terrorists’ phones. Apple refused, with the support of public opinion, but the FBI only abandoned the protracted legal battle when they were able to announce that they had found a hacker capable of breaking into the new iPhone without Apple’s cooperation. Despite Perlroth’s determined attempts to track down this hacker at conferences, his identity remains a mystery.