Cryptography forms the backbone of how we securely use information online, but most developers don’t have more than a surface level understanding of cryptography.
Shannon's maxim states that “one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them”. Open source makes this feasible for cryptography, with open source cryptographic libraries handling a huge proportion of information on the internet in flight and at rest.
Developers place a lot of trust in the authors of these libraries to get the cryptography engineering right.
But when basic usability issues result in developers using the libraries incorrectly, that trust and painstaking cryptography engineering can be for naught. Worse still, developers often believe they have used the libraries to build something that is secure. But that belief is often mistaken — their use of these libraries is actually insecur