Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


"We make it a big deal in the company": Security Mindsets in Organizations that Develop Cryptographic Products

December 15, 2021


Julie Haney - NIST


Abstract. Prior research has revealed a multitude of errors and developer pitfalls when implementing cryptography in software and hardware. To better understand the cryptographic development practices of organizations, we conducted interviews of individuals representing companies that include cryptography in their products. Our findings revealed a strong security mindset, demonstrated by organizational security culture and the deep expertise of those performing cryptographic development. This mindset, in turn, guides the careful selection of cryptographic resources and informs formal, rigorous development and testing practices. The enhanced understanding of organizational practices may aid in transferring lessons learned from more security-mature organizations to the broader development community. We also provide additional suggestions for making cryptographic resources more accessible and usable to developers of varying skill levels.

Presented at

Crypto Reading Club talk on 2021-Dec-15

Parent Project

See: Crypto Reading Club

Related Topics

Security and Privacy: cryptography

Created June 29, 2022, Updated March 22, 2023