> it's imperative that all code made for security purposes is carefully considered, and architected to avoid the tiniest bugs.
I agree wholeheartedly, but all you have to do is take a look at these security libraries' code, processes, and recent bugs to realize that the experts are failing at this. Their math and theory may be flawless, but their code is shit.
I think cryptography could benefit greatly from an influx of software engineering. We should be using modern testing and code review practices to bring some measure of reliability and architectural clarity to cryptographic work. The attitude toward programmers who aren't experts (yet!) doesn't exactly encourage this.
That is very true. However, the number of people who are both good software engineers and good cryptographers is very low. Personally, I can't say that I've seen experts being hostile towards those willing to learn the concepts and best practices for cryptography, though. The hostility is usually reserved for those who try to roll their own crypto with ill considered design, no matter how nice their code is (Telegram, etc). But it's possible that I could be entirely out of touch with that.
I agree wholeheartedly, but all you have to do is take a look at these security libraries' code, processes, and recent bugs to realize that the experts are failing at this. Their math and theory may be flawless, but their code is shit.
I think cryptography could benefit greatly from an influx of software engineering. We should be using modern testing and code review practices to bring some measure of reliability and architectural clarity to cryptographic work. The attitude toward programmers who aren't experts (yet!) doesn't exactly encourage this.